[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Mar 16 08:50:49 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0980c6ec by Moritz Muehlenhoff at 2022-03-16T09:50:28+01:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -694,6 +694,8 @@ CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim in GitHub repository vim
 	NOTE: https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3 (v8.2.4563)
 CVE-2022-26981 (Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in  ...)
 	- liblouis <unfixed>
+	[bullseye] - liblouis <no-dsa> (Minor issue)
+	[buster] - liblouis <no-dsa> (Minor issue)
 	NOTE: https://github.com/liblouis/liblouis/issues/1171
 CVE-2022-26980
 	RESERVED
@@ -1831,6 +1833,8 @@ CVE-2022-26506
 	RESERVED
 CVE-2022-26505 (A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 a ...)
 	- minidlna <unfixed> (bug #1006798)
+	[bullseye] - minidlna <no-dsa> (Minor issue)
+	[buster] - minidlna <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/minidlna/git/ci/c21208508dbc131712281ec5340687e5ae89e940/
 	NOTE: https://www.openwall.com/lists/oss-security/2022/03/03/1
 CVE-2022-26504
@@ -6542,6 +6546,8 @@ CVE-2022-24757
 	RESERVED
 CVE-2022-24756 (Bareos is open source software for backup, archiving, and recovery of  ...)
 	- bareos <removed>
+	[buster] - bareos <not-affected> (PAM support not yet present)
+	[stretch] - bareos <not-affected> (PAM support not yet present)
 	NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j
 	NOTE: https://github.com/bareos/bareos/pull/1115
 	NOTE: https://github.com/bareos/bareos/pull/1119
@@ -6549,6 +6555,8 @@ CVE-2022-24756 (Bareos is open source software for backup, archiving, and recove
 	NOTE: https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/
 CVE-2022-24755 (Bareos is open source software for backup, archiving, and recovery of  ...)
 	- bareos <removed>
+	[buster] - bareos <not-affected> (PAM support not yet present)
+	[stretch] - bareos <not-affected> (PAM support not yet present)
 	NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26
 	NOTE: https://github.com/bareos/bareos/pull/1115
 	NOTE: https://github.com/bareos/bareos/pull/1119
@@ -6593,6 +6601,8 @@ CVE-2022-24738 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Ne
 	NOT-FOR-US: Evmos
 CVE-2022-24737 (HTTPie is a command-line HTTP client. HTTPie has the practical concept ...)
 	- httpie <unfixed>
+	[bullseye] - httpie <no-dsa> (Minor issue)
+	[buster] - httpie <no-dsa> (Minor issue)
 	NOTE: https://github.com/httpie/httpie/security/advisories/GHSA-9w4w-cpc8-h2fq
 	NOTE: Fixed by: https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b (3.1.0)
 CVE-2022-24736
@@ -8180,6 +8190,8 @@ CVE-2022-0431
 	RESERVED
 CVE-2022-0430 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
 	- httpie <unfixed>
+	[bullseye] - httpie <no-dsa> (Minor issue)
+	[buster] - httpie <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/dafb2e4f-c6b6-4768-8ef5-b396cd6a801f
 	NOTE: Fixed by: https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b (3.1.0)
 CVE-2022-0429 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin  ...)
@@ -44782,7 +44794,7 @@ CVE-2021-36370 (An issue was discovered in Midnight Commander through 4.8.26. Wh
 CVE-2021-36369
 	RESERVED
 CVE-2021-36368 (** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a cli ...)
-	- openssh 1:8.9p1-1
+	- openssh 1:8.9p1-1 (unimportant)
 	NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=3316
 	NOTE: https://docs.ssh-mitm.at/trivialauth.html
 CVE-2021-36367 (PuTTY through 0.75 proceeds with establishing an SSH session even if i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0980c6ec2cdc73108891cda6ad02e303d35615e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0980c6ec2cdc73108891cda6ad02e303d35615e3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220316/293d8127/attachment.htm>

More information about the debian-security-tracker-commits mailing list