[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Mar 31 23:05:05 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0b9e2c60 by Moritz Muehlenhoff at 2022-03-31T23:55:12+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -286,6 +286,8 @@ CVE-2022-1173
 	RESERVED
 CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repositor ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <ignored> (Minor issue)
+	[buster] - gpac <ignored> (Minor issue)
 	NOTE: https://huntr.dev/bounties/a26cb79c-9257-4fbf-98c5-a5a331efa264/
 	NOTE: https://github.com/gpac/gpac/issues/2153
 	NOTE: https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8
@@ -652,6 +654,8 @@ CVE-2022-25348 (Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 a
 	NOT-FOR-US: AttacheCase
 CVE-2022-1122 (A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in  ...)
 	- openjpeg2 <unfixed>
+	[bullseye] - openjpeg2 <no-dsa> (Minor issue)
+	[buster] - openjpeg2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1368
 	NOTE: https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
 CVE-2022-1121
@@ -1840,6 +1844,8 @@ CVE-2022-1051
 	RESERVED
 CVE-2022-1050 (Guest driver might execute HW commands when shared buffers are not yet ...)
 	- qemu <unfixed>
+	[bullseye] - qemu <no-dsa> (Minor issue)
+	[buster] - qemu <no-dsa> (Minor issue)
 	[stretch] - qemu <not-affected> (rdma devices introduced in v2.12)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05197.html
 CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The pcs da ...)
@@ -5362,6 +5368,8 @@ CVE-2022-26292
 	RESERVED
 CVE-2022-26291 (lrzip v0.641 was discovered to contain a multiple concurrency use-afte ...)
 	- lrzip 0.650-1
+	[bullseye] - lrzip <no-dsa> (Minor issue)
+	[buster] - lrzip <no-dsa> (Minor issue)
 	[stretch] - lrzip <postponed> (Minor issue, use-after-free with no known impact)
 	NOTE: https://github.com/ckolivas/lrzip/issues/206
 	NOTE: https://github.com/ckolivas/lrzip/commit/4b3942103b57c639c8e0f31d6d5fd7bac53bbdf4 (v0.650)
@@ -5387,6 +5395,7 @@ CVE-2022-26281
 	RESERVED
 CVE-2022-26280 (Libarchive v3.6.0 was discovered to contain an out-of-bounds read via  ...)
 	- libarchive <unfixed>
+	[bullseye] - libarchive <no-dsa> (Minor issue)
 	[buster] - libarchive <not-affected> (Vulnerable code not present)
 	[stretch] - libarchive <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/libarchive/libarchive/issues/1672



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b9e2c60f9c1717df2d3a30942b094ff4cc97fd7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b9e2c60f9c1717df2d3a30942b094ff4cc97fd7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220331/9b1608a7/attachment.htm>

More information about the debian-security-tracker-commits mailing list