[Git][security-tracker-team/security-tracker][master] golang-github-containers-buildah, golang-golang-x-text, aom fixed in sid

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b49693b6 by Moritz Muehlenhoff at 2022-07-12T13:13:30+02:00
golang-github-containers-buildah, golang-golang-x-text, aom fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22084,6 +22084,7 @@ CVE-2022-27652 (A flaw was found in cri-o, where containers were incorrectly sta
 CVE-2022-27651 (A flaw was found in buildah where containers were incorrectly started  ...)
 	- golang-github-containers-buildah <unfixed> (bug #1009882)
 	NOTE: https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b (v1.25.1)
+	NOTE: https://github.com/containers/buildah/security/advisories/GHSA-c3g4-w6cv-6v7h
 CVE-2022-27650 (A flaw was found in crun where containers were incorrectly started wit ...)
 	- crun <unfixed> (bug #1009881)
 	NOTE: https://github.com/containers/crun/commit/b847d146d496c9d7beba166fd595488e85488562 (1.4.4)
@@ -64057,10 +64058,9 @@ CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 befor
 	NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.2.17)
 CVE-2021-38561
 	RESERVED
-	- golang-golang-x-text <unfixed>
+	- golang-golang-x-text 0.3.7-1
 	- golang-x-text <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100495
-	TODO: check details
 CVE-2021-38560 (Ivanti Service Manager 2021.1 allows reflected XSS via the appName par ...)
 	NOT-FOR-US: Ivanti
 CVE-2021-38559 (DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php  ...)
@@ -73678,7 +73678,7 @@ CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a vulnerability that can resu
 	NOTE: https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/
 	NOTE: https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3 (v6.5.0)
 CVE-2021-3602 (An information disclosure flaw was found in Buildah, when building con ...)
-	- golang-github-containers-buildah <unfixed>
+	- golang-github-containers-buildah 1.22.3+ds1-1
 	[bullseye] - golang-github-containers-buildah <no-dsa> (Minor issue)
 	NOTE: https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj
 	NOTE: https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0 (main)
@@ -195629,11 +195629,10 @@ CVE-2020-0480 (In callUnchecked of DocumentsProvider.java, there is a possible p
 CVE-2020-0479 (In callUnchecked of DocumentsProvider.java, there is a possible permis ...)
 	NOT-FOR-US: Android
 CVE-2020-0478 (In extend_frame_lowbd of restoration.c, there is a possible out of bou ...)
-	- aom <undetermined>
+	- aom 1.0.0.errata1.avif-1
 	NOTE: https://android.googlesource.com/platform/external/libaom/+/816f15265cb89a02d7ce4b657de277828e71a4b1
 	NOTE: https://source.android.com/security/bulletin/pixel/2020-12-01
 	NOTE: https://aomedia.googlesource.com/aom/+/ebba9c769be2c99d5396d0018901e9a4af5e2d2c (v1.0.0-errata1-avif)
-	TODO: check if ebba9c769be2c99d5396d0018901e9a4af5e2d2c is the needed commit
 CVE-2020-0477 (In sendLinkConfigurationChangedBroadcast of ClientModeImpl.java, there ...)
 	NOT-FOR-US: Android
 CVE-2020-0476 (In onNotificationRemoved of Assistant.java, there is a possible leak o ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b49693b64c530c29e309d606de5bc67f02d7ffe1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b49693b64c530c29e309d606de5bc67f02d7ffe1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220712/347abc73/attachment.htm>