[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu May 19 13:32:39 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0920974 by Moritz Muehlenhoff at 2022-05-19T14:31:54+02:00
buster/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -539,9 +539,10 @@ CVE-2022-1773
 CVE-2022-1772
 	RESERVED
 CVE-2022-1771 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
-	- vim <unfixed>
+	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb
 	NOTE: https://github.com/vim/vim/commit/51f0bfb88a3554ca2dde777d78a59880d1ee37a8 (v8.2.4975)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2019-25061 (The random_password_generator (aka RandomPasswordGenerator) gem throug ...)
 	NOT-FOR-US: bvsatyaram/random_password_generator
 CVE-2022-30973
@@ -3061,10 +3062,11 @@ CVE-2022-30069
 CVE-2022-30068
 	RESERVED
 CVE-2022-30067 (GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a  ...)
-	- gimp <unfixed>
+	- gimp <unfixed> (unimportant)
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/8120
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/4f99f1fcfd892ead19831b5adcd38a99d71214b6 (master)
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/8cd6d05232795ac31076013db1c6be3dc67e8e09 (gimp-2-10)
+	NOTE: Crash in GUI application, no security impact
 CVE-2022-30066
 	RESERVED
 CVE-2022-30065 (A use-after-free in Busybox 1.35-x's awk applet leads to denial of ser ...)
@@ -32764,99 +32766,118 @@ CVE-2021-44511
 	RESERVED
 CVE-2021-44510 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44509 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44508 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44507 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44506 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44505 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44504 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
 	- fis-gtm <unfixed>
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44503 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44502 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44501 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44500 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44499 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44498 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44497 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44496 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
 	- fis-gtm <unfixed>
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44495 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS  ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44494 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS  ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44493 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS  ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44492 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS  ...)
 	- fis-gtm <unfixed> (bug #1009900)
+	[bullseye] - fis-gtm <ignored> (Minor issue)
+	[buster] - fis-gtm <ignored> (Minor issue)
 	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
-	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44491 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...)
 	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
 	TODO: check - unclear if affects only YottaDB


=====================================
data/dsa-needed.txt
=====================================
@@ -20,6 +20,8 @@ cifs-utils (carnil)
 --
 condor/oldstable (apo)
 --
+curl
+--
 epiphany-browser
 --
 freecad (aron)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a092097465fb1c8804410feb6d8811be1e84294f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a092097465fb1c8804410feb6d8811be1e84294f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220519/675f42a5/attachment.htm>

More information about the debian-security-tracker-commits mailing list