[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jun 1 19:30:29 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
92e43a19 by Moritz Muehlenhoff at 2022-06-01T20:30:00+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10,6 +10,8 @@ CVE-2022-32201 (In libjpeg 1.63, there is a NULL pointer dereference in Componen
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-32200 (libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_strin ...)
 	- dwarfutils <unfixed>
+	[bullseye] - dwarfutils <no-dsa> (Minor issue)
+	[buster] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069
 	NOTE: https://github.com/davea42/libdwarf-code/issues/116
 	NOTE: https://www.prevanders.net/dwarfbug.html#DW202205-001
@@ -50031,20 +50033,22 @@ CVE-2021-40403 (An information disclosure vulnerability exists in the pick-and-p
 	NOTE: https://github.com/gerbv/gerbv/issues/82
 	NOTE: Fixed by: https://github.com/gerbv/gerbv/commit/c32c6f9c0b5d3b0ecc33de21d8532de6c2df5878 (v2.9.1-rc.1)
 CVE-2021-40402 (An out-of-bounds read vulnerability exists in the RS-274X aperture mac ...)
-	- gerbv <unfixed>
+	- gerbv <unfixed> (unimportant)
 	NOTE: https://github.com/gerbv/gerbv/issues/80
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416
+	NOTE: Crash in GUI tool, no security impact
 CVE-2021-40401 (A use-after-free vulnerability exists in the RS-274X aperture definiti ...)
 	- gerbv <unfixed>
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415
 	NOTE: Fixed by: https://github.com/gerbv/gerbv/commit/68ee18945bcf68ff964c42f12af79c5c0e2f4069 (v2.9.0-rc.1)
 	NOTE: https://github.com/gerbv/gerbv/issues/81
 CVE-2021-40400 (An out-of-bounds read vulnerability exists in the RS-274X aperture mac ...)
-	- gerbv <unfixed>
+	- gerbv <unfixed> (unimportant)
 	NOTE: https://github.com/gerbv/gerbv/issues/79
 	NOTE: https://github.com/gerbv/gerbv/pull/124
 	NOTE: Fixed by: https://github.com/gerbv/gerbv/commit/caa6560d5d683f827c672fd5e380f89a8ef632b6
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413
+	NOTE: Crash in GUI tool, no security impact
 CVE-2021-40399 (An exploitable use-after-free vulnerability exists in WPS Spreadsheets ...)
 	NOT-FOR-US: WPS Office
 CVE-2021-40398 (An out-of-bounds write vulnerability exists in the parse_raster_data f ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92e43a19c4806603684092f0394aaffe05b14c92

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92e43a19c4806603684092f0394aaffe05b14c92
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220601/bc05c8be/attachment.htm>

More information about the debian-security-tracker-commits mailing list