[Git][security-tracker-team/security-tracker][master] bullseye/buster triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jun 22 19:36:44 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
880a9d22 by Moritz Muehlenhoff at 2022-06-22T20:36:12+02:00
bullseye/buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1062,7 +1062,9 @@ CVE-2022-33904
 CVE-2022-33903
 	RESERVED
 	- tor 0.4.7.8-1
-	[stretch] - tor <end-of-life> (Not supported in LTS)
+	[bullseye] - tor <not-affected> (Only affects 0.4.7.x)
+	[buster] - tor <not-affected> (Only affects 0.4.7.x)
+	[stretch] - tor <not-affected> (Only affects 0.4.7.x)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2099227
 	NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40626
 	NOTE: https://lists.torproject.org/pipermail/tor-announce/2022-June/000242.html
@@ -14900,18 +14902,26 @@ CVE-2022-28737
 CVE-2022-28736
 	RESERVED
 	- grub2 2.06-3
+	[bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
+	[buster] - grub2 <no-dsa> (Minor issue, fix via point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
 CVE-2022-28735
 	RESERVED
 	- grub2 2.06-3 (bug #1001057)
+	[bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
+	[buster] - grub2 <no-dsa> (Minor issue, fix via point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
 CVE-2022-28734
 	RESERVED
 	- grub2 2.06-3
+	[bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
+	[buster] - grub2 <no-dsa> (Minor issue, fix via point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
 CVE-2022-28733
 	RESERVED
 	- grub2 2.06-3
+	[bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
+	[buster] - grub2 <no-dsa> (Minor issue, fix via point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
 CVE-2022-28732
 	RESERVED
@@ -50903,11 +50913,10 @@ CVE-2021-42220 (A Cross Site Scripting (XSS) vulnerability exists in Dolibarr be
 CVE-2021-42219 (Go-Ethereum v1.10.9 was discovered to contain an issue which allows at ...)
 	- golang-github-go-ethereum <itp> (bug #890541)
 CVE-2021-42218 (OMPL v1.5.2 contains a memory leak in VFRRT.cpp ...)
-	- ompl <unfixed>
-	[bullseye] - ompl <no-dsa> (Minor issue)
-	[stretch] - ompl <not-affected> (VFRRT introduced in v1.2)
+	- ompl <unfixed> (unimportant)
 	NOTE: https://github.com/ompl/ompl/issues/839
 	NOTE: https://github.com/ompl/ompl/commit/abb4fadcb4e4fe4c9cf41e5e7706143a66948eb7
+	NOTE: Negligible security impact
 CVE-2021-42217
 	RESERVED
 CVE-2021-42216 (A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via ...)
@@ -52785,8 +52794,9 @@ CVE-2021-41492 (Multiple SQL Injection vulnerabilities exist in Sourcecodester S
 CVE-2021-41491
 	RESERVED
 CVE-2021-41490 (Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavi ...)
-	- ompl <unfixed>
+	- ompl <unfixed> (unimportant)
 	NOTE: https://github.com/ompl/ompl/issues/833
+	NOTE: Negligible security impact
 CVE-2021-41489
 	RESERVED
 CVE-2021-41488
@@ -60600,14 +60610,20 @@ CVE-2021-3698 (A flaw was found in Cockpit in versions prior to 260 in the way i
 CVE-2021-3697
 	RESERVED
 	- grub2 2.06-3
+	[bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
+	[buster] - grub2 <no-dsa> (Minor issue, fix via point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
 CVE-2021-3696
 	RESERVED
 	- grub2 2.06-3
+	[bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
+	[buster] - grub2 <no-dsa> (Minor issue, fix via point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
 CVE-2021-3695
 	RESERVED
 	- grub2 2.06-3
+	[bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
+	[buster] - grub2 <no-dsa> (Minor issue, fix via point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
 CVE-2021-40084 (opensysusers through 0.6 does not safely use eval on files in sysusers ...)
 	- opensysusers 0.6-3 (bug #992058)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/880a9d224159c8b9ab6d0441cd1f26851b584bc6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/880a9d224159c8b9ab6d0441cd1f26851b584bc6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220622/25217f72/attachment.htm>

More information about the debian-security-tracker-commits mailing list