[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jul 11 13:32:47 BST 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
95af1295 by Moritz Muehlenhoff at 2022-07-11T14:31:35+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -698,9 +698,10 @@ CVE-2022-33939
 CVE-2022-2346
 	RESERVED
 CVE-2022-2345 (Use After Free in GitHub repository vim/vim prior to 9.0.0046. ...)
-	- vim <unfixed>
+	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/1eed7009-db6d-487b-bc41-8f2fd260483f
 	NOTE: https://github.com/vim/vim/commit/32acf1f1a72ebb9d8942b9c9d80023bf1bb668ea (v9.0.0047)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2344 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
 	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/4a095ed9-3125-464a-b656-c31b437e1996
@@ -17369,6 +17370,8 @@ CVE-2022-29218 (RubyGems is a package registry used to supply software for the R
 	NOT-FOR-US: rubygems/rubygems.org
 CVE-2022-29217 (PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple  ...)
 	- pyjwt <unfixed> (bug #1011747)
+	[bullseye] - pyjwt <not-affected> (Vulnerable code not present)
+	[buster] - pyjwt <not-affected> (Vulnerable code not present)
 	[stretch] - pyjwt <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
 	NOTE: https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc (2.4.0)
@@ -51853,6 +51856,7 @@ CVE-2021-42864
 	RESERVED
 CVE-2021-42863 (A buffer overflow in ecma_builtin_typedarray_prototype_filter() in Jer ...)
 	- iotjs <unfixed>
+	[bullseye] - iotjs <no-dsa> (Minor issue)
 	[buster] - iotjs <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4793
 	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4794
@@ -89411,6 +89415,8 @@ CVE-2021-3448 (A flaw was found in dnsmasq in versions before 2.85. When configu
 	NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
 CVE-2021-3447 (A flaw was found in several ansible modules, where parameters containi ...)
 	- ansible <unfixed> (bug #1014721)
+	[bullseye] - ansible <no-dsa> (Minor issue)
+	[buster] - ansible <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939349
 CVE-2021-3446 (A flaw was found in libtpms in versions before 0.8.2. The commonly use ...)
 	- libtpms 0.8.2-1 (bug #986799)
@@ -223002,6 +223008,8 @@ CVE-2019-9837 (Doorkeeper::OpenidConnect (aka the OpenID Connect extension for D
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper-openid_connect/pull/66
 CVE-2019-9836 (Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD)  ...)
 	- amd64-microcode 3.20220411.1 (bug #970395)
+	[bullseye] - amd64-microcode <no-dsa> (Minor issue)
+	[buster] - amd64-microcode <no-dsa> (Minor issue)
 	NOTE: https://seclists.org/fulldisclosure/2019/Jun/46
 CVE-2019-9835 (The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set L ...)
 	NOT-FOR-US: Fujitsu Wireless Keyboard Set LX901 GK900 devices



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95af129517bafdc93b341e034302398063884e67

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95af129517bafdc93b341e034302398063884e67
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220711/9b94f1d5/attachment.htm>


More information about the debian-security-tracker-commits mailing list