[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Tue Jun 21 14:46:15 BST 2022


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
31661ef1 by Moritz Muehlenhoff at 2022-06-21T15:45:53+02:00
buster/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -461,6 +461,8 @@ CVE-2022-2124 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
 	NOTE: https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f (v8.2.5120)
 CVE-2021-46823 (python-ldap before 3.4.0 is vulnerable to a denial of service when lda ...)
 	- python-ldap 3.4.0-1
+	[bullseye] - python-ldap <no-dsa> (Minor issue)
+	[buster] - python-ldap <no-dsa> (Minor issue)
 	NOTE: https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm
 CVE-2021-46822 (The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoa ...)
 	- libjpeg-turbo 1:2.1.1-1
@@ -12346,7 +12348,7 @@ CVE-2021-46784
 	- squid 5.6-1
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w
-	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch
+	NOTE: https://github.com/squid-cache/squid/commit/780c4ea1b4c9d2fb41f6962aa6ed73ae57f74b2b (v4)
 	NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch
 CVE-2022-29559
 	RESERVED
@@ -17504,6 +17506,8 @@ CVE-2022-27812
 	RESERVED
 CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS command injection via shell met ...)
 	- ocrfeeder <unfixed> (bug #1008320)
+	[bullseye] - ocrfeeder <no-dsa> (Minor issue)
+	[buster] - ocrfeeder <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/merge_requests/13
 	NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/9209bce8afaf6fde19cdac7f5eaea1b744c3e79e (0.8.5)
 	NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/afea0e722f1d14eaf14bf0e5ebb444d3271ff1ef (0.8.5)
@@ -25796,6 +25800,8 @@ CVE-2022-24860 (Databasir is a team-oriented relational database model document
 CVE-2022-24859 (PyPDF2 is an open source python PDF library capable of splitting, merg ...)
 	{DLA-3039-1}
 	- pypdf2 1.27.9-1 (bug #1009879)
+	[bullseye] - pypdf2 <no-dsa> (Minor issue)
+	[buster] - pypdf2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
 	NOTE: https://github.com/py-pdf/PyPDF2/issues/329
 	NOTE: https://github.com/py-pdf/PyPDF2/pull/740
@@ -47744,6 +47750,8 @@ CVE-2021-42837 (An issue was discovered in Talend Data Catalog before 7.3-202109
 	NOT-FOR-US: Talend Data Catalog
 CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of servic ...)
 	- golang-github-tidwall-gjson <unfixed> (bug #1000225)
+	[bullseye] - golang-github-tidwall-gjson <no-dsa> (Minor issue)
+	[buster] - golang-github-tidwall-gjson <no-dsa> (Minor issue)
 	NOTE: https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
 	NOTE: https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
 	NOTE: https://github.com/tidwall/gjson/issues/236
@@ -50514,6 +50522,8 @@ CVE-2021-42249
 	RESERVED
 CVE-2021-42248 (GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON i ...)
 	- golang-github-tidwall-gjson <unfixed> (bug #1011616)
+	[bullseye] - golang-github-tidwall-gjson <no-dsa> (Minor issue)
+	[buster] - golang-github-tidwall-gjson <no-dsa> (Minor issue)
 	NOTE: https://github.com/tidwall/gjson/issues/237
 	NOTE: https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96 (v1.9.3)
 CVE-2021-42247
@@ -104016,6 +104026,8 @@ CVE-2021-21417 (fluidsynth is a software synthesizer based on the SoundFont 2 sp
 	NOTE: https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-6fcq-pxhc-jxc9
 CVE-2021-21416 (django-registration is a user registration package for Django. The dja ...)
 	- python-django-registration <unfixed> (bug #987366)
+	[bullseye] - python-django-registration <no-dsa> (Minor issue)
+	[buster] - python-django-registration <no-dsa> (Minor issue)
 	[stretch] - python-django-registration <no-dsa> (Minor issue)
 	NOTE: https://github.com/ubernostrum/django-registration/security/advisories/GHSA-58c7-px5v-82hh
 	NOTE: https://github.com/ubernostrum/django-registration/commit/8206af081e239598cfd15d165d4d8ab9849ee23c
@@ -106991,6 +107003,7 @@ CVE-2021-20292 (There is a flaw reported in the Linux kernel in versions before
 CVE-2021-20291 (A deadlock vulnerability was found in 'github.com/containers/storage'  ...)
 	[experimental] - golang-github-containers-storage 1.29.0+ds1-1
 	- golang-github-containers-storage 1.34.1+ds1-1 (bug #988942)
+	[bullseye] - golang-github-containers-storage <no-dsa> (Minor issue)
 	NOTE: https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1
 	NOTE: golang-github-containers-buildah uses golang-github-containers-storage compression support.
 	NOTE: docker.io already uses the same library as the fix for golang-github-containers-storage.


=====================================
data/dsa-needed.txt
=====================================
@@ -57,8 +57,7 @@ slurm-llnl/oldstable
 sox
   patch needed for CVE-2021-40426, check with upstream
 --
-spi (seb)
-  2022-05-25: maintainer proposed debdiffs
+squid
 --
 unzip
   unclear information, initial report indicates writable memory corruption, but



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31661ef11f4436615e2ea54970b049b5d5762817

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31661ef11f4436615e2ea54970b049b5d5762817
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220621/2d339b0a/attachment-0001.htm>
