[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Jul 10 18:40:54 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5f8de934 by Moritz Muehlenhoff at 2022-07-10T19:40:29+02:00
bugnums
one podofo non issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -40732,7 +40732,7 @@ CVE-2021-4157 (An out of memory bounds write flaw (1 or 2 bytes of memory) in th
NOTE: https://git.kernel.org/linus/ed34695e15aba74f45247f1ee2cf7e09d449f925 (5.13-rc1)
CVE-2021-4156 (An out-of-bounds read flaw was found in libsndfile's FLAC codec functi ...)
{DLA-3058-1}
- - libsndfile <unfixed>
+ - libsndfile <unfixed> (bug #1014713)
[bullseye] - libsndfile <no-dsa> (Minor issue)
[buster] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/libsndfile/libsndfile/issues/731
@@ -56753,7 +56753,7 @@ CVE-2021-41261 (Galette is a membership management web application built for non
CVE-2021-41260 (Galette is a membership management web application built for non profi ...)
- galette <removed>
CVE-2021-41259 (Nim is a systems programming language with a focus on efficiency, expr ...)
- - nim <unfixed>
+ - nim <unfixed> (bug #1014714)
[bullseye] - nim <no-dsa> (Minor issue)
[buster] - nim <no-dsa> (Minor issue)
[stretch] - nim <no-dsa> (Minor issue)
@@ -142753,11 +142753,9 @@ CVE-2020-18974 (Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows atta
CVE-2020-18973
RESERVED
CVE-2020-18972 (Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v ...)
- - libpodofo <unfixed>
- [bullseye] - libpodofo <no-dsa> (Minor issue)
- [buster] - libpodofo <no-dsa> (Minor issue)
- [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
+ - libpodofo <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/podofo/tickets/49/
+ NOTE: Negligible security impact
CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause ...)
- libpodofo <unfixed>
[bullseye] - libpodofo <no-dsa> (Minor issue)
@@ -182367,7 +182365,7 @@ CVE-2019-20056 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
- - libstb <unfixed> (low)
+ - libstb <unfixed> (low; bug #1014711)
[bullseye] - libstb <no-dsa> (Minor issue)
[buster] - libstb <no-dsa> (Minor issue)
NOTE: libsixel PR: https://github.com/saitoha/libsixel/issues/126
@@ -250253,7 +250251,7 @@ CVE-2019-0189 (The java.io.ObjectInputStream is known to cause Java serialisatio
CVE-2019-0188 (Apache Camel prior to 2.24.0 contains an XML external entity injection ...)
NOT-FOR-US: Apache Camel
CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in distributed mod ...)
- - jakarta-jmeter <unfixed>
+ - jakarta-jmeter <unfixed> (bug #1014709)
[bullseye] - jakarta-jmeter <no-dsa> (Minor issue)
[buster] - jakarta-jmeter <no-dsa> (Minor issue)
[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
@@ -275173,7 +275171,7 @@ CVE-2018-10113 (An issue was discovered in GEGL through 0.3.32. The process func
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795248
NOTE: https://gitlab.gnome.org/GNOME/gegl/commit/c83b05d565a1e3392c9606a4ecaa560eb9a4ee29
CVE-2018-10112 (An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_ ...)
- - gegl <unfixed> (low)
+ - gegl <unfixed> (low; bug #1014710)
[bullseye] - gegl <ignored> (Minor issue, architectual limitation)
[buster] - gegl <ignored> (Minor issue, architectual limitation)
[stretch] - gegl <ignored> (Minor issue, architectual limitation)
@@ -275183,7 +275181,7 @@ CVE-2018-10112 (An issue was discovered in GEGL through 0.3.32. The gegl_tile_ba
NOTE: https://gitlab.gnome.org/GNOME/gegl/issues/65
NOTE: https://github.com/xiaoqx/pocs/tree/master/gegl#4-gegl-outbound-write-2
CVE-2018-10111 (An issue was discovered in GEGL through 0.3.32. The render_rectangle f ...)
- - gegl <unfixed> (low)
+ - gegl <unfixed> (low; bug #1014710)
[bullseye] - gegl <ignored> (Minor issue, architectual limitation)
[buster] - gegl <ignored> (Minor issue, architectual limitation)
[stretch] - gegl <ignored> (Minor issue, architectual limitation)
@@ -300461,7 +300459,7 @@ CVE-2018-1289 (In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incuba
CVE-2018-1288 (In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to ...)
- kafka <itp> (bug #786460)
CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI ba ...)
- - jakarta-jmeter <unfixed> (low)
+ - jakarta-jmeter <unfixed> (low; bug #1014709)
[bullseye] - jakarta-jmeter <no-dsa> (Minor issue)
[buster] - jakarta-jmeter <no-dsa> (Minor issue)
[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f8de93482218a7036b3f42bcbfdbd60c3021114
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f8de93482218a7036b3f42bcbfdbd60c3021114
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220710/b308655c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list