[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Thu Jun 9 07:58:15 BST 2022


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb1b4183 by Moritz Muehlenhoff at 2022-06-09T08:57:46+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4918,8 +4918,10 @@ CVE-2022-30793
 	RESERVED
 CVE-2022-30790 (Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2 ...)
 	- u-boot <unfixed>
+	[bullseye] - u-boot <no-dsa> (Minor issue)
+	[buster] - u-boot <no-dsa> (Minor issue)
 	NOTE: https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
-	TODO: check details
+	NOTE: https://source.denx.de/u-boot/u-boot/-/commit/b85d130ea0cac152c21ec38ac9417b31d41b5552
 CVE-2022-30789 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_ch ...)
 	- ntfs-3g 1:2022.5.17-1 (bug #1011770)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
@@ -5012,6 +5014,7 @@ CVE-2022-30767 (nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and
 	NOTE: https://lists.denx.de/pipermail/u-boot/2022-May/483952.html
 	NOTE: https://securitylab.github.com/research/uboot-rce-nfs-vulnerability/
 	NOTE: Issue exists because of an incorrect fix for CVE-2019-14196.
+	NOTE: Patch: https://source.denx.de/u-boot/u-boot/-/commit/bdbf7a05e26f3c5fd437c99e2755ffde186ddc80
 CVE-2022-30766
 	RESERVED
 CVE-2022-30765 (Calibre-Web before 0.6.18 allows user table SQL Injection. ...)
@@ -5506,8 +5509,10 @@ CVE-2022-30553
 	RESERVED
 CVE-2022-30552 (Das U-Boot 2022.01 has a Buffer Overflow. ...)
 	- u-boot <unfixed>
+	[bullseye] - u-boot <no-dsa> (Minor issue)
+	[buster] - u-boot <no-dsa> (Minor issue)
 	NOTE: https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
-	TODO: check details
+	NOTE: Patch: https://source.denx.de/u-boot/u-boot/-/commit/b85d130ea0cac152c21ec38ac9417b31d41b5552
 CVE-2022-30551 (OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause  ...)
 	TODO: check
 CVE-2022-30550



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb1b4183f73c5599b0bc16b02ad2dcd71aa5f941

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb1b4183f73c5599b0bc16b02ad2dcd71aa5f941
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220609/6bdb2d26/attachment.htm>
