[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jun 30 15:54:21 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fdb2437a by Moritz Muehlenhoff at 2022-06-30T16:53:55+02:00
buster/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4382,6 +4382,8 @@ CVE-2022-33071
RESERVED
CVE-2022-33070 (Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shif ...)
- protobuf-c <unfixed>
+ [bullseye] - protobuf-c <no-dsa> (Minor issue)
+ [buster] - protobuf-c <no-dsa> (Minor issue)
NOTE: https://github.com/protobuf-c/protobuf-c/issues/506
NOTE: https://github.com/protobuf-c/protobuf-c/pull/508
CVE-2022-33069 (Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder ...)
@@ -44708,6 +44710,8 @@ CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive
NOTE: https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
CVE-2022-21698 (client_golang is the instrumentation library for Go applications in Pr ...)
- golang-github-prometheus-client-golang 1.11.1-1 (bug #1008008)
+ [bullseye] - golang-github-prometheus-client-golang <no-dsa> (Minor issue)
+ [buster] - golang-github-prometheus-client-golang <no-dsa> (Minor issue)
[stretch] - golang-github-prometheus-client-golang <postponed> (Minor issue, DoS in specific conditions, requires rebuilding reverse-dependencies; Limited support in stretch)
NOTE: https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p
NOTE: https://github.com/prometheus/client_golang/pull/962
@@ -130529,11 +130533,7 @@ CVE-2020-23906 (FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of
CVE-2020-23905
RESERVED
CVE-2020-23904 (** DISPUTED ** A stack buffer overflow in speexenc.c of Speex v1.2 all ...)
- - speex <unfixed>
- [bullseye] - speex <no-dsa> (Minor issue)
- [buster] - speex <no-dsa> (Minor issue)
- [stretch] - speex <no-dsa> (Minor issue)
- NOTE: https://github.com/xiph/speex/issues/14
+ NOTE: Disputed speex issue
CVE-2020-23903 (A Divide by Zero vulnerability in the function static int read_samples ...)
- speex 1.2~rc1.2-2
[bullseye] - speex <no-dsa> (Minor issue)
=====================================
data/dsa-needed.txt
=====================================
@@ -14,7 +14,7 @@ If needed, specify the release by adding a slash after the name of the source pa
--
asterisk/oldstable
--
-cacti
+blender (jmm)
--
curl
--
@@ -24,6 +24,8 @@ freecad (aron)
--
kicad (jmm)
--
+ldap-account-manager
+--
librecad
--
libpgjava (apo)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdb2437a55973d996f4af95c0efcd1f2b683e4c0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdb2437a55973d996f4af95c0efcd1f2b683e4c0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220630/1dbe9f6c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list