[Git][security-tracker-team/security-tracker][master] rtl-433, node-terser, xorg-server fixed in sid

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
46130632 by Moritz Muehlenhoff at 2022-07-25T18:07:03+02:00
rtl-433, node-terser, xorg-server fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2990,14 +2990,14 @@ CVE-2022-35216
 	RESERVED
 CVE-2022-2320 [ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access]
 	RESERVED
-	- xorg-server <unfixed> (bug #1014903)
+	- xorg-server 2:21.1.4-1 (bug #1014903)
 	NOTE: Introduced by: https://github.com/freedesktop/xorg-xserver/commit/c06e27b2f6fd9f7b9f827623a48876a225264132 (xorg-server-1.5.99.1)
 	NOTE: Fixed by: https://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc
 	NOTE: Required for fixes: https://github.com/freedesktop/xorg-xserver/commit/f1070c01d616c5f21f939d5ebc533738779451ac
 	NOTE: https://www.openwall.com/lists/oss-security/2022/07/12/1
 CVE-2022-2319 [ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access]
 	RESERVED
-	- xorg-server <unfixed> (bug #1014903)
+	- xorg-server 2:21.1.4-1 (bug #1014903)
 	NOTE: Fixed by: https://github.com/freedesktop/xorg-xserver/commit/6907b6ea2b4ce949cb07271f5b678d5966d9df42
 	NOTE: Required for fixes: https://github.com/freedesktop/xorg-xserver/commit/f1070c01d616c5f21f939d5ebc533738779451ac
 	NOTE: https://www.openwall.com/lists/oss-security/2022/07/12/1
@@ -24791,8 +24791,8 @@ CVE-2022-27421 (Chamilo LMS v1.11.13 lacks validation on the user modification f
 CVE-2022-27420 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
 	NOT-FOR-US: Hospital Management System
 CVE-2022-27419 (rtl_433 21.12 was discovered to contain a stack overflow in the functi ...)
-	[experimental] - rtl-433 21.12+git20220718+ds-1
-	- rtl-433 <unfixed> (bug #1009788)
+	[experimental] - rtl-433 21.12+git20220718+ds-2
+	- rtl-433 21.12+git20220718+ds-2 (bug #1009788)
 	[bullseye] - rtl-433 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/merbanan/rtl_433/issues/2012
 	NOTE: Introduced by: https://github.com/merbanan/rtl_433/commit/1a9b05cb1b9af1a639fa765ee4a7939ca7d6dd32 (21.12)
@@ -29041,7 +29041,7 @@ CVE-2022-25860
 CVE-2022-25859
 	RESERVED
 CVE-2022-25858 (The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vuln ...)
-	- node-terser <unfixed>
+	- node-terser 4.8.1-1
 	NOTE: https://snyk.io/vuln/SNYK-JS-TERSER-2806366
 	NOTE: https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b
 	NOTE: https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012
@@ -31585,14 +31585,14 @@ CVE-2022-25052
 	RESERVED
 CVE-2022-25051 (An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when deco ...)
 	[experimental] - rtl-433 21.12+git20220718+ds-1
-	- rtl-433 <unfixed> (bug #1008000)
+	- rtl-433 21.12+git20220718+ds-2 (bug #1008000)
 	[bullseye] - rtl-433 <no-dsa> (Minor issue)
 	NOTE: https://github.com/merbanan/rtl_433/commit/2dad7b9fc67a1d0bfbe520fbd821678b8f8cc7a8
 	NOTE: https://github.com/merbanan/rtl_433/issues/1960
 	NOTE: https://huntr.dev/bounties/78eee103-bd61-4b4f-b054-04ad996b39e7/
 CVE-2022-25050 (rtl_433 21.12 was discovered to contain a stack overflow in the functi ...)
 	[experimental] - rtl-433 21.12+git20220718+ds-1
-	- rtl-433 <unfixed> (bug #1008000)
+	- rtl-433 21.12+git20220718+ds-2 (bug #1008000)
 	[bullseye] - rtl-433 <no-dsa> (Minor issue)
 	NOTE: https://github.com/merbanan/rtl_433/commit/2dad7b9fc67a1d0bfbe520fbd821678b8f8cc7a8
 	NOTE: https://github.com/merbanan/rtl_433/issues/1960



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46130632d1fff05f2e8aba4969bf5917e4630e76

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46130632d1fff05f2e8aba4969bf5917e4630e76
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220725/7ec004e3/attachment.htm>