[Git][security-tracker-team/security-tracker][master] 2 commits: buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 5 11:26:16 BST 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1d561c93 by Moritz Muehlenhoff at 2022-07-05T12:23:40+02:00
buster/bullseye triage

- - - - -
7745a92b by Moritz Muehlenhoff at 2022-07-05T12:25:46+02:00
add additiona reference for older io_uring issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -613,10 +613,11 @@ CVE-2022-2303
 CVE-2022-2302
 	RESERVED
 CVE-2022-2301 (Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3. ...)
-	- chafa 1.10.3-1
+	- chafa 1.10.3-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/f6b9114b-671d-4948-b946-ffe5c9aeb816/
 	NOTE: https://github.com/hpjansson/chafa/commit/56fabfa18a6880b4cb66047fa6557920078048d9 (1.12.0)
 	NOTE: https://github.com/hpjansson/chafa/commit/a52325294cc018d4fa9a7f29668faea24362b94c (1.10.3)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2300 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
 	NOT-FOR-US: microweber
 CVE-2022-2299
@@ -740,6 +741,8 @@ CVE-2022-34894 (In JetBrains Hub before 2022.2.14799, insufficient access contro
 	NOT-FOR-US: JetBrains Hub
 CVE-2022-2285 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...)
 	- vim <unfixed>
+	[bullseye] - vim <no-dsa> (Minor issue)
+	[buster] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736/
 	NOTE: https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe (v9.0.0018)
 CVE-2022-2284 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
@@ -5260,6 +5263,8 @@ CVE-2022-33104
 	RESERVED
 CVE-2022-33103 (Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an  ...)
 	- u-boot <unfixed>
+	[bullseye] - u-boot <no-dsa> (Minor issue)
+	[buster] - u-boot <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/all/CALO=DHFB+yBoXxVr5KcsK0iFdg+e7ywko4-e+72kjbcS8JBfPw@mail.gmail.com/
 	NOTE: https://lore.kernel.org/all/20220609140206.297405-1-miquel.raynal@bootlin.com/
 CVE-2022-33102
@@ -56648,6 +56653,7 @@ CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/09/18/2
 	NOTE: https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel
+	NOTE: https://starlabs.sg/blog/2022/06/io_uring-new-code-new-bugs-and-a-new-exploit-technique/
 CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Director ...)
 	{DSA-4987-1 DLA-2789-1}
 	- squashfs-tools 1:4.5-3 (bug #994262)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5bc118256b303f338eb6cef64aa9326a51a040d8...7745a92b6e4c84cea256f49346c5b18ec0f38632

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5bc118256b303f338eb6cef64aa9326a51a040d8...7745a92b6e4c84cea256f49346c5b18ec0f38632
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220705/302ec80d/attachment.htm>


More information about the debian-security-tracker-commits mailing list