[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jun 30 10:05:30 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f2e90cf by Moritz Muehlenhoff at 2022-06-30T11:05:05+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,7 @@
 CVE-2022-34835 (In Das U-Boot through 2022.07-rc5, an integer signedness error and res ...)
 	- u-boot <unfixed>
+	[bullseye] - u-boot <no-dsa> (Minor issue)
+	[buster] - u-boot <no-dsa> (Minor issue)
 	NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/486113.html
 	NOTE: https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409
 CVE-2022-34834
@@ -13445,9 +13447,10 @@ CVE-2022-1508
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/89c2b3b74918200e46699338d7bcc19b1ea12110 (5.15-rc1)
 CVE-2022-1507 (chafa: NULL Pointer Dereference in function gif_internal_decode_frame  ...)
-	- chafa 1.10.2-1
+	- chafa 1.10.2-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac9-291ea0bcab95/
 	NOTE: https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9 (1.10.2)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-1506 (The WP Born Babies WordPress plugin through 1.0 does not sanitise and  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1505 (The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQ ...)
@@ -56522,6 +56525,7 @@ CVE-2021-40682
 	RESERVED
 CVE-2021-3779 (A malicious MySQL server can request local file content from a client  ...)
 	- ruby-mysql <removed>
+	[buster] - ruby-mysql <no-dsa> (Minor issue)
 CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	{DLA-2876-1}
 	- vim 2:8.2.3455-1 (bug #994498)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2e90cf8293a02afe31a0781fb1822341c3bf5c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2e90cf8293a02afe31a0781fb1822341c3bf5c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220630/0e23740a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list