[Git][security-tracker-team/security-tracker][master] 2 commits: buster/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Jul 5 11:26:16 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1d561c93 by Moritz Muehlenhoff at 2022-07-05T12:23:40+02:00
buster/bullseye triage
- - - - -
7745a92b by Moritz Muehlenhoff at 2022-07-05T12:25:46+02:00
add additiona reference for older io_uring issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -613,10 +613,11 @@ CVE-2022-2303
CVE-2022-2302
RESERVED
CVE-2022-2301 (Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3. ...)
- - chafa 1.10.3-1
+ - chafa 1.10.3-1 (unimportant)
NOTE: https://huntr.dev/bounties/f6b9114b-671d-4948-b946-ffe5c9aeb816/
NOTE: https://github.com/hpjansson/chafa/commit/56fabfa18a6880b4cb66047fa6557920078048d9 (1.12.0)
NOTE: https://github.com/hpjansson/chafa/commit/a52325294cc018d4fa9a7f29668faea24362b94c (1.10.3)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-2300 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
NOT-FOR-US: microweber
CVE-2022-2299
@@ -740,6 +741,8 @@ CVE-2022-34894 (In JetBrains Hub before 2022.2.14799, insufficient access contro
NOT-FOR-US: JetBrains Hub
CVE-2022-2285 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...)
- vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736/
NOTE: https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe (v9.0.0018)
CVE-2022-2284 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
@@ -5260,6 +5263,8 @@ CVE-2022-33104
RESERVED
CVE-2022-33103 (Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an ...)
- u-boot <unfixed>
+ [bullseye] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <no-dsa> (Minor issue)
NOTE: https://lore.kernel.org/all/CALO=DHFB+yBoXxVr5KcsK0iFdg+e7ywko4-e+72kjbcS8JBfPw@mail.gmail.com/
NOTE: https://lore.kernel.org/all/20220609140206.297405-1-miquel.raynal@bootlin.com/
CVE-2022-33102
@@ -56648,6 +56653,7 @@ CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/09/18/2
NOTE: https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel
+ NOTE: https://starlabs.sg/blog/2022/06/io_uring-new-code-new-bugs-and-a-new-exploit-technique/
CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Director ...)
{DSA-4987-1 DLA-2789-1}
- squashfs-tools 1:4.5-3 (bug #994262)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5bc118256b303f338eb6cef64aa9326a51a040d8...7745a92b6e4c84cea256f49346c5b18ec0f38632
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5bc118256b303f338eb6cef64aa9326a51a040d8...7745a92b6e4c84cea256f49346c5b18ec0f38632
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220705/302ec80d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list