[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Jul 10 18:40:54 BST 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5f8de934 by Moritz Muehlenhoff at 2022-07-10T19:40:29+02:00
bugnums
one podofo non issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40732,7 +40732,7 @@ CVE-2021-4157 (An out of memory bounds write flaw (1 or 2 bytes of memory) in th
 	NOTE: https://git.kernel.org/linus/ed34695e15aba74f45247f1ee2cf7e09d449f925 (5.13-rc1)
 CVE-2021-4156 (An out-of-bounds read flaw was found in libsndfile's FLAC codec functi ...)
 	{DLA-3058-1}
-	- libsndfile <unfixed>
+	- libsndfile <unfixed> (bug #1014713)
 	[bullseye] - libsndfile <no-dsa> (Minor issue)
 	[buster] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/libsndfile/libsndfile/issues/731
@@ -56753,7 +56753,7 @@ CVE-2021-41261 (Galette is a membership management web application built for non
 CVE-2021-41260 (Galette is a membership management web application built for non profi ...)
 	- galette <removed>
 CVE-2021-41259 (Nim is a systems programming language with a focus on efficiency, expr ...)
-	- nim <unfixed>
+	- nim <unfixed> (bug #1014714)
 	[bullseye] - nim <no-dsa> (Minor issue)
 	[buster] - nim <no-dsa> (Minor issue)
 	[stretch] - nim <no-dsa> (Minor issue)
@@ -142753,11 +142753,9 @@ CVE-2020-18974 (Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows atta
 CVE-2020-18973
 	RESERVED
 CVE-2020-18972 (Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v ...)
-	- libpodofo <unfixed>
-	[bullseye] - libpodofo <no-dsa> (Minor issue)
-	[buster] - libpodofo <no-dsa> (Minor issue)
-	[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
+	- libpodofo <unfixed> (unimportant)
 	NOTE: https://sourceforge.net/p/podofo/tickets/49/
+	NOTE: Negligible security impact
 CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause ...)
 	- libpodofo <unfixed>
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
@@ -182367,7 +182365,7 @@ CVE-2019-20056 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
 	[jessie] - libsixel <no-dsa> (Minor issue)
-	- libstb <unfixed> (low)
+	- libstb <unfixed> (low; bug #1014711)
 	[bullseye] - libstb <no-dsa> (Minor issue)
 	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: libsixel PR: https://github.com/saitoha/libsixel/issues/126
@@ -250253,7 +250251,7 @@ CVE-2019-0189 (The java.io.ObjectInputStream is known to cause Java serialisatio
 CVE-2019-0188 (Apache Camel prior to 2.24.0 contains an XML external entity injection ...)
 	NOT-FOR-US: Apache Camel
 CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in distributed mod ...)
-	- jakarta-jmeter <unfixed>
+	- jakarta-jmeter <unfixed> (bug #1014709)
 	[bullseye] - jakarta-jmeter <no-dsa> (Minor issue)
 	[buster] - jakarta-jmeter <no-dsa> (Minor issue)
 	[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
@@ -275173,7 +275171,7 @@ CVE-2018-10113 (An issue was discovered in GEGL through 0.3.32. The process func
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795248
 	NOTE: https://gitlab.gnome.org/GNOME/gegl/commit/c83b05d565a1e3392c9606a4ecaa560eb9a4ee29
 CVE-2018-10112 (An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_ ...)
-	- gegl <unfixed> (low)
+	- gegl <unfixed> (low; bug #1014710)
 	[bullseye] - gegl <ignored> (Minor issue, architectual limitation)
 	[buster] - gegl <ignored> (Minor issue, architectual limitation)
 	[stretch] - gegl <ignored> (Minor issue, architectual limitation)
@@ -275183,7 +275181,7 @@ CVE-2018-10112 (An issue was discovered in GEGL through 0.3.32. The gegl_tile_ba
 	NOTE: https://gitlab.gnome.org/GNOME/gegl/issues/65
 	NOTE: https://github.com/xiaoqx/pocs/tree/master/gegl#4-gegl-outbound-write-2
 CVE-2018-10111 (An issue was discovered in GEGL through 0.3.32. The render_rectangle f ...)
-	- gegl <unfixed> (low)
+	- gegl <unfixed> (low; bug #1014710)
 	[bullseye] - gegl <ignored> (Minor issue, architectual limitation)
 	[buster] - gegl <ignored> (Minor issue, architectual limitation)
 	[stretch] - gegl <ignored> (Minor issue, architectual limitation)
@@ -300461,7 +300459,7 @@ CVE-2018-1289 (In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incuba
 CVE-2018-1288 (In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to  ...)
 	- kafka <itp> (bug #786460)
 CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI ba ...)
-	- jakarta-jmeter <unfixed> (low)
+	- jakarta-jmeter <unfixed> (low; bug #1014709)
 	[bullseye] - jakarta-jmeter <no-dsa> (Minor issue)
 	[buster] - jakarta-jmeter <no-dsa> (Minor issue)
 	[stretch] - jakarta-jmeter <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f8de93482218a7036b3f42bcbfdbd60c3021114

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f8de93482218a7036b3f42bcbfdbd60c3021114
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220710/b308655c/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list