[Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2022-0890,mruby: Stretch/no-dsa

Markus Koschany (@apo) apo at debian.org
Sun Mar 20 13:41:44 GMT 2022 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b831213e by Markus Koschany at 2022-03-20T14:31:33+01:00
CVE-2022-0890,mruby: Stretch/no-dsa

Minor issue

- - - - -
b4de42c9 by Markus Koschany at 2022-03-20T14:33:47+01:00
Triage otrs2 CVE for Stretch

Non-free is not supported

- - - - -
c6c92b78 by Markus Koschany at 2022-03-20T14:35:33+01:00
CVE-2022-0987,packagekit: Stretch/no-dsa

Minor issue

- - - - -
f1858fc7 by Markus Koschany at 2022-03-20T14:39:55+01:00
CVE-2021-45346,sqlite3: Stretch/no-dsa

Minor issue.

In fact upstream does not consider this a vulnerability. Link to forum
disscussion.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -184,6 +184,7 @@ CVE-2022-0987 [PackageKit: Information Disclosure in Transaction Interface via t
 	- packagekit <unfixed>
 	[bullseye] - packagekit <no-dsa> (Minor issue)
 	[buster] - packagekit <no-dsa> (Minor issue)
+	[stretch] - packagekit <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064315
 CVE-2022-0986 (Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repositor ...)
 	TODO: check
@@ -1415,6 +1416,7 @@ CVE-2022-0890 (NULL Pointer Dereference in GitHub repository mruby/mruby prior t
 	- mruby <unfixed>
 	[bullseye] - mruby <no-dsa> (Minor issue)
 	[buster] - mruby <no-dsa> (Minor issue)
+	[stretch] - mruby <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276/
 	NOTE: https://github.com/mruby/mruby/commit/da48e7dbb20024c198493b8724adae1b842083aa
 CVE-2022-26776
@@ -18100,8 +18102,10 @@ CVE-2021-45346 (A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35
 	- sqlite3 <unfixed> (bug #1005974)
 	[bullseye] - sqlite3 <no-dsa> (Minor issue)
 	[buster] - sqlite3 <no-dsa> (Minor issue)
+	[stretch] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/guyinatuxedo/sqlite3_record_leaking
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2054793
+	NOTE: https://sqlite.org/forum/forumpost/056d557c2f8c452ed5bb9c215414c802b215ce437be82be047726e521342161e
 CVE-2021-45345
 	RESERVED
 CVE-2021-45344
@@ -33027,6 +33031,7 @@ CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior t
 	- otrs2 6.3.1-1
 	[bullseye] - otrs2 <no-dsa> (Non-free not supported)
 	[buster] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
 	NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
 	NOTE: https://www.znuny.org/en/advisories/zsa-2022-01
@@ -33039,6 +33044,7 @@ CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior t
 	- otrs2 6.3.1-1
 	[bullseye] - otrs2 <no-dsa> (Non-free not supported)
 	[buster] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
 	NOTE: https://bugs.jqueryui.com/ticket/15284
 	NOTE: https://github.com/jquery/jquery-ui/pull/1953
@@ -33053,6 +33059,7 @@ CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior t
 	- otrs2 6.3.1-1
 	[bullseye] - otrs2 <no-dsa> (Non-free not supported)
 	[buster] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
 	NOTE: https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce
 	NOTE: https://www.drupal.org/sa-core-2022-002



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d5d03b7f26c7bf97384944e97fbaaeda5a4ef39...f1858fc71917810f512e6a5095339e173f798ffe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5d5d03b7f26c7bf97384944e97fbaaeda5a4ef39...f1858fc71917810f512e6a5095339e173f798ffe
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220320/83229c55/attachment.htm>

More information about the debian-security-tracker-commits mailing list