[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jul 8 23:09:01 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a3e800df by Moritz Muehlenhoff at 2022-07-09T00:03:00+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19228,10 +19228,11 @@ CVE-2022-28354
 CVE-2022-28353
 	RESERVED
 CVE-2022-1210 (A vulnerability classified as problematic was found in LibTIFF 4.3.0.  ...)
-	- tiff <unfixed>
+	- tiff <unfixed> (unimportant)
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	[buster] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/402
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-46782 (The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-46781 (The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sa ...)
@@ -22735,11 +22736,9 @@ CVE-2022-0989 (An unprivileged user could use the functionality of the NS WooCom
 CVE-2022-0988 (Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable t ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2022-0987 (A flaw was found in PackageKit in the way some of the methods exposed  ...)
-	- packagekit <unfixed>
-	[bullseye] - packagekit <no-dsa> (Minor issue)
-	[buster] - packagekit <no-dsa> (Minor issue)
-	[stretch] - packagekit <no-dsa> (Minor issue)
+	- packagekit <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064315
+	NOTE: Negligible security impact
 CVE-2022-0986 (Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repositor ...)
 	NOT-FOR-US: Hestia Control Panel
 CVE-2022-0985 (Insufficient capability checks could allow users with the moodle/site: ...)
@@ -39230,13 +39229,11 @@ CVE-2021-45928 (libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other
 	NOTE: Introduced by: https://github.com/libjxl/libjxl/pull/205 (v0.6)
 	NOTE: Fixed by: https://github.com/libjxl/libjxl/commit/1c05e110d69b457696366fb4e762057b6855349b (v0.6)
 CVE-2021-45927 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...)
-	- mdbtools <undetermined>
+	NOTE: Apparently an ozz-fuzz false positive
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36187
-	TODO: check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
 CVE-2021-45926 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...)
-	- mdbtools <undetermined>
+	NOTE: Apparently an ozz-fuzz false positive
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972
-	TODO: check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
 CVE-2021-4196
 	RESERVED
 CVE-2021-4195
@@ -267533,11 +267530,13 @@ CVE-2018-12689 (phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id
 	NOTE: Non-security issue as demostrated in https://bugs.debian.org/902186
 	NOTE: and disputed as security issue. Should be properly rejected by MITRE.
 CVE-2018-12688 (tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. ...)
-	- tinyexr <undetermined>
+	- tinyexr <unfixed>
+	[bullseye] - tinyexr <no-dsa> (Minor issue)
 	NOTE: https://github.com/syoyo/tinyexr/issues/83
 CVE-2018-12687 (tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h ...)
-	- tinyexr <undetermined>
+	- tinyexr <unfixed> (unimportant)
 	NOTE: https://github.com/syoyo/tinyexr/issues/84
+	NOTE: Negligible security impact
 CVE-2018-12686
 	RESERVED
 CVE-2018-12685



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3e800df0374c72f3e01148fa91b1935474be74a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3e800df0374c72f3e01148fa91b1935474be74a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220708/d70dbd1b/attachment.htm>

More information about the debian-security-tracker-commits mailing list