[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jul 4 09:28:59 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
67a08c8b by Moritz Muehlenhoff at 2022-07-04T10:28:41+02:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,9 +27,10 @@ CVE-2022-34911 (An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1
CVE-2022-2290 (Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/tril ...)
TODO: check
CVE-2022-2289 (Use After Free in GitHub repository vim/vim prior to 9.0. ...)
- - vim <unfixed>
+ - vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/7447d2ea-db5b-4883-adf4-1eaf7deace64/
NOTE: https://github.com/vim/vim/commit/c5274dd12224421f2430b30c53b881b9403d649e (v9.0.0026)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-2288 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. ...)
- vim <unfixed>
NOTE: https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad/
@@ -28580,12 +28581,16 @@ CVE-2022-24737 (HTTPie is a command-line HTTP client. HTTPie has the practical c
CVE-2022-24736 (Redis is an in-memory database that persists on disk. Prior to version ...)
[experimental] - redis 5:7.0.0-1
- redis 5:7.0.1-4
+ [bullseye] - redis <no-dsa> (Minor issue)
+ [buster] - redis <no-dsa> (Minor issue)
[stretch] - redis <no-dsa> (Minor issue, problematic to backport patch to embedded Lua engine)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984
NOTE: https://github.com/redis/redis/pull/10651
CVE-2022-24735 (Redis is an in-memory database that persists on disk. By exploiting we ...)
[experimental] - redis 5:7.0.0-1
- redis 5:7.0.1-4
+ [bullseye] - redis <no-dsa> (Minor issue)
+ [buster] - redis <no-dsa> (Minor issue)
[stretch] - redis <no-dsa> (Minor issue, problematic to backport patch to embedded Lua engine)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq
NOTE: https://github.com/redis/redis/pull/10651
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67a08c8b7180bd8df0d1998dd1d4000be48645cf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67a08c8b7180bd8df0d1998dd1d4000be48645cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220704/390023a6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list