[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri May 13 13:03:54 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
da3ade15 by Moritz Muehlenhoff at 2022-05-13T14:03:31+02:00
buster/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -958,10 +958,14 @@ CVE-2022-26041
RESERVED
CVE-2022-1623 (LibTIFF master branch has an out-of-bounds read in LZWDecode in libtif ...)
- tiff <unfixed>
+ [bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410
CVE-2022-1622 (LibTIFF master branch has an out-of-bounds read in LZWDecode in libtif ...)
- tiff <unfixed>
+ [bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410
CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub repository vim ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -56,7 +56,10 @@ trafficserver (jmm)
wait until status for CVE-2021-38161 is clarified (upstream patch got reverted)
--
unzip
- no details public yet
+ unclear information, initial report indicates writable memory corruption, but
+ some identified patch is just for a NULL deref, needs more clarification
+--
+waitress (jmm)
--
wordpress
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da3ade15d88acdb6d41bcf13653cf34c13ccbfe6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da3ade15d88acdb6d41bcf13653cf34c13ccbfe6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220513/fed76bda/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list