[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Jun 4 18:49:11 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9835c586 by Moritz Mühlenhoff at 2022-06-04T19:48:50+02:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6572,6 +6572,8 @@ CVE-2022-1538
RESERVED
CVE-2022-1537 (file.copy operations in GruntJS are vulnerable to a TOCTOU race condit ...)
- grunt 1.5.3-1
+ [bullseye] - grunt <no-dsa> (Minor issue)
+ [buster] - grunt <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d/
NOTE: https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae (v1.5.3)
CVE-2022-1536 (A vulnerability has been found in automad up to 1.10.9 and classified ...)
@@ -31512,6 +31514,8 @@ CVE-2021-45768
RESERVED
CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1982
NOTE: https://github.com/gpac/gpac/commit/830548acd030467e857f4cf0b79af8ebf1e04dde (v2.0.0)
@@ -31521,16 +31525,22 @@ CVE-2021-45765
RESERVED
CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1971
NOTE: https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb (v2.0.0)
CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1974
NOTE: https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec (v2.0.0)
CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1978
NOTE: https://github.com/gpac/gpac/commit/6d647f6e458c9b727eae1a8077d27fa433ced788 (v2.0.0)
@@ -31538,6 +31548,8 @@ CVE-2021-45761 (ROPium v3.1 was discovered to contain an invalid memory address
NOT-FOR-US: ROPium
CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1966
NOTE: https://github.com/gpac/gpac/commit/5041fcbaa904a89d280561905a163171b3828cea (v2.0.0)
@@ -33150,6 +33162,8 @@ CVE-2021-45298
RESERVED
CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1973
NOTE: https://github.com/gpac/gpac/commit/fb13af36286b9d898e332e8762a286eb83bd1770 (v2.0.0)
@@ -43575,18 +43589,24 @@ CVE-2021-42615
RESERVED
CVE-2021-42614 (A use after free in info_width_internal in bk_info.c in Halibut 1.2 al ...)
- halibut 1.3-1
+ [bullseye] - halibut <no-dsa> (Minor issue)
+ [buster] - halibut <no-dsa> (Minor issue)
NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-info-uaf
NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors:
NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3)
NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=edaf724febe2f9c890ef1cfdf24a78d5c1da2b32 (1.3)
CVE-2021-42613 (A double free in cleanup_index in index.c in Halibut 1.2 allows an att ...)
- halibut 1.3-1
+ [bullseye] - halibut <no-dsa> (Minor issue)
+ [buster] - halibut <no-dsa> (Minor issue)
NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-winhelp-df
NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors:
NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3)
NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=edaf724febe2f9c890ef1cfdf24a78d5c1da2b32 (1.3)
CVE-2021-42612 (A use after free in cleanup_index in index.c in Halibut 1.2 allows an ...)
- halibut 1.3-1
+ [bullseye] - halibut <no-dsa> (Minor issue)
+ [buster] - halibut <no-dsa> (Minor issue)
NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-text-uaf
NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors:
NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9835c58682ec675fa64c3755c2f8f8caa3f8dbb9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9835c58682ec675fa64c3755c2f8f8caa3f8dbb9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220604/e367b2b9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list