[Git][security-tracker-team/security-tracker][master] 3 commits: Added 386-ds-base to DLA needed. The install base is small so the priority is...

[Ola Lundqvist (@opal)]

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce772c69 by Ola Lundqvist at 2022-05-17T08:51:02+02:00
Added 386-ds-base to DLA needed. The install base is small so the priority is probably low. Also the vulnerability is not the most important one but still worth fixing.

- - - - -
0bf07a63 by Ola Lundqvist at 2022-05-17T08:51:03+02:00
Marked CVE-2022-30767 for u-boot as not affected in stretch, following buster. The same applies to stretch.

- - - - -
ba19ac7e by Ola Lundqvist at 2022-05-17T08:55:08+02:00
Marked CVE-2022-1720 for vim as no-dsa in strech following buster. Cannot find any obvious reason why not to follow the buster decision.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -165,6 +165,7 @@ CVE-2022-1720 (Buffer Over-read in function grab_file_name in GitHub repository
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
+	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8
 	NOTE: https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c (v8.2.4956)
 CVE-2022-1719 (Reflected XSS on ticket filter function in GitHub repository polonel/t ...)
@@ -509,6 +510,7 @@ CVE-2022-30767 (nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and
 	- u-boot <unfixed>
 	[bullseye] - u-boot <ignored> (Minor issue)
 	[buster] - u-boot <not-affected> (Incorrect fix for CVE-2019-14196 not applied)
+	[stretch] - u-boot <not-affected> (Incorrect fix for CVE-2019-14196 not applied)
 	NOTE: Introduced by: https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96 (v2019.10-rc4)
 	NOTE: https://lists.denx.de/pipermail/u-boot/2022-May/483952.html
 	NOTE: https://securitylab.github.com/research/uboot-rce-nfs-vulnerability/


=====================================
data/dla-needed.txt
=====================================
@@ -12,6 +12,10 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 To make it easier to see the entire history of an update, please append notes
 rather than remove/replace existing ones.
 
+--
+386-ds-base
+  NOTE: 20220516: Source code is vulnerable to CVE-2022-0996. The package do not have a large install base so the
+  NOTE: 20220516: priority of fixing is probably low.
 --
 admesh (Anton Gladky)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/442a561defef6f064965ba7ba6a06991a7700d19...ba19ac7e110bba5dcbda691ad8d0714c56dbfaa4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/442a561defef6f064965ba7ba6a06991a7700d19...ba19ac7e110bba5dcbda691ad8d0714c56dbfaa4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220517/5abf230a/attachment.htm>