[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2022-31001, CVE-2022-31002 and CVE-2022-31003 as postponed for Stretch

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sat Jun 4 23:50:20 BST 2022 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a191a12 by Thorsten Alteholz at 2022-06-05T00:41:24+02:00
mark CVE-2022-31001, CVE-2022-31002 and CVE-2022-31003 as postponed for Stretch

- - - - -
e460a70e by Thorsten Alteholz at 2022-06-05T00:44:25+02:00
mark CVEs of swdtools as no-dsa

- - - - -
be7d2238 by Thorsten Alteholz at 2022-06-05T00:50:04+02:00
add librecad

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3436,14 +3436,17 @@ CVE-2022-31004 (CVEProject/cve-services is an open source project used to operat
 	NOT-FOR-US: CVEProject/cve-services
 CVE-2022-31003 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
 	- sofia-sip <unfixed>
+	[stretch] - sofia-sip <postponed> (Minor issue)
 	NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp
 	NOTE: https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9 (v1.13.8)
 CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
 	- sofia-sip <unfixed>
+	[stretch] - sofia-sip <postponed> (Minor issue)
 	NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm
 	NOTE: https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba (v1.13.8)
 CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
 	- sofia-sip <unfixed>
+	[stretch] - sofia-sip <postponed> (Minor issue)
 	NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g
 	NOTE: https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36 (v1.13.8)
 CVE-2022-31000 (solidus_backend is the admin interface for the Solidus e-commerce fram ...)
@@ -45889,33 +45892,43 @@ CVE-2021-42205
 	RESERVED
 CVE-2021-42204 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...)
 	- swftools <removed>
+	[stretch] - swftools <no-dsa> (Minor issue)
 	NOTE: https://github.com/matthiaskramm/swftools/issues/169
 CVE-2021-42203 (An issue was discovered in swftools through 20201222. A heap-use-after ...)
 	- swftools <removed>
+	[stretch] - swftools <no-dsa> (Minor issue)
 	NOTE: https://github.com/matthiaskramm/swftools/issues/176
 CVE-2021-42202 (An issue was discovered in swftools through 20201222. A NULL pointer d ...)
 	- swftools <removed>
+	[stretch] - swftools <no-dsa> (Minor issue)
 	NOTE: https://github.com/matthiaskramm/swftools/issues/171
 CVE-2021-42201 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...)
 	- swftools <removed>
+	[stretch] - swftools <no-dsa> (Minor issue)
 	NOTE: https://github.com/matthiaskramm/swftools/issues/175
 CVE-2021-42200 (An issue was discovered in swftools through 20201222. A NULL pointer d ...)
 	- swftools <removed>
+	[stretch] - swftools <no-dsa> (Minor issue)
 	NOTE: https://github.com/matthiaskramm/swftools/issues/170
 CVE-2021-42199 (An issue was discovered in swftools through 20201222. A heap buffer ov ...)
 	- swftools <removed>
+	[stretch] - swftools <no-dsa> (Minor issue)
 	NOTE: https://github.com/matthiaskramm/swftools/issues/173
 CVE-2021-42198 (An issue was discovered in swftools through 20201222. A NULL pointer d ...)
 	- swftools <removed>
+	[stretch] - swftools <no-dsa> (Minor issue)
 	NOTE: https://github.com/matthiaskramm/swftools/issues/168
 CVE-2021-42197 (An issue was discovered in swftools through 20201222 through a memory  ...)
 	- swftools <removed>
+	[stretch] - swftools <no-dsa> (Minor issue)
 	NOTE: https://github.com/matthiaskramm/swftools/issues/177
 CVE-2021-42196 (An issue was discovered in swftools through 20201222. A NULL pointer d ...)
 	- swftools <removed>
+	[stretch] - swftools <no-dsa> (Minor issue)
 	NOTE: https://github.com/matthiaskramm/swftools/issues/172
 CVE-2021-42195 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...)
 	- swftools <removed>
+	[stretch] - swftools <no-dsa> (Minor issue)
 	NOTE: https://github.com/matthiaskramm/swftools/issues/174
 CVE-2021-42194 (The wechat_return function in /controller/Index.php of EyouCms V1.5.4- ...)
 	NOT-FOR-US: Eyoucms


=====================================
data/dla-needed.txt
=====================================
@@ -138,6 +138,9 @@ liblouis (Andreas Rönnquist)
   NOTE: 20220503: CVE-2022-26981 patch applied in salsa lts-team repo,
   NOTE: 20220503: Patch not applied upstream yet.
 --
+librecad
+  NOTE: 20220605: Programming language: C++.
+--
 libmatio (Abhijith PA)
   NOTE: 20220529: Programming language: C.
   NOTE: 20220528: lots of postponed minor vulnerabilities, no past stretch security upload, supported package (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/37d8581cb8a79e74202e5a5a1b00f9aff824735d...be7d2238822f4f916f5fc95da674897b4439eccc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/37d8581cb8a79e74202e5a5a1b00f9aff824735d...be7d2238822f4f916f5fc95da674897b4439eccc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220604/a1faf439/attachment.htm>

More information about the debian-security-tracker-commits mailing list