[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jul 1 13:36:14 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cfbf4d8b by Moritz Muehlenhoff at 2022-07-01T14:35:53+02:00
buster/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -5864,6 +5864,8 @@ CVE-2022-32533
RESERVED
CVE-2022-32532 (Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured ...)
- shiro <unfixed>
+ [bullseye] - shiro <no-dsa> (Minor issue)
+ [buster] - shiro <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/28/2
CVE-2022-32531
RESERVED
@@ -11315,6 +11317,8 @@ CVE-2022-XXXX [RUSTSEC-2022-0019]
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0019.html
CVE-2022-XXXX [RUSTSEC-2022-0020]
- rust-crossbeam <unfixed>
+ [bullseye] - rust-crossbeam <no-dsa> (Minor issue)
+ [buster] - rust-crossbeam <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0020.html
CVE-2022-30600 (A flaw was found in moodle where logic used to count failed login atte ...)
- moodle <removed>
@@ -28322,6 +28326,8 @@ CVE-2022-24759 (`@chainsafe/libp2p-noise` contains TypeScript implementation of
NOT-FOR-US: chainsafe/libp2p-noise
CVE-2022-24758 (The Jupyter notebook is a web-based notebook environment for interacti ...)
- jupyter-notebook <unfixed>
+ [bullseye] - jupyter-notebook <no-dsa> (Minor issue)
+ [buster] - jupyter-notebook <no-dsa> (Minor issue)
NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-m87f-39q9-6f55
NOTE: https://github.com/jupyter/notebook/commit/c219ce43c1ea25123fa70d264e7735bdf4585b1e (6.4.10)
CVE-2022-24757 (The Jupyter Server provides the backend (i.e. the core services, APIs, ...)
@@ -32468,6 +32474,8 @@ CVE-2022-23640 (Excel-Streaming-Reader is an easy-to-use implementation of a str
NOT-FOR-US: Excel-Streaming-Reader
CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, scoped t ...)
- rust-crossbeam-utils 0.8.8-1
+ [bullseye] - rust-crossbeam-utils <no-dsa> (Minor issue)
+ [buster] - rust-crossbeam-utils <no-dsa> (Minor issue)
- rust-crossbeam-utils-0.7 <unfixed>
NOTE: https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926
NOTE: https://github.com/crossbeam-rs/crossbeam/pull/781
=====================================
data/dsa-needed.txt
=====================================
@@ -12,7 +12,7 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source package.
--
-asterisk/oldstable
+asterisk
--
blender (jmm)
--
@@ -34,6 +34,8 @@ linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v4.19.y versions.
--
+logrotate
+--
ndpi/oldstable
--
netatalk
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfbf4d8b1b0cdc87216552c0e02165d0cdb8a460
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfbf4d8b1b0cdc87216552c0e02165d0cdb8a460
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220701/4d7590da/attachment.htm>
More information about the debian-security-tracker-commits
mailing list