[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Fri May 27 18:23:33 BST 2022


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0ffdcddf by Moritz Muehlenhoff at 2022-05-27T19:22:07+02:00
buster/bullseye triage
add one more patch needed for pcre issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2317,12 +2317,13 @@ CVE-2022-25932
 	RESERVED
 CVE-2022-1736
 	RESERVED
-	- gnome-remote-desktop 42.1.1-2
+	- gnome-remote-desktop 42.1.1-2 (unimportant)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028/comments/3
 	NOTE: The CVE is assigned based on the Ubuntu policy strongly discouraging open ports by
 	NOTE: default (https://wiki.ubuntu.com/Security/Features#ports) and the fact that the user
 	NOTE: service was enabled by default (and not automatically enabled anymore since 42.1.1-2)
-	TODO: check, if we want to threat this as unimportant severity issue
+	NOTE: Not treated as a security issue in Debian, whether to start the daemon or not is ultimately
+	NOTE: up to the local admin
 CVE-2022-1735 (Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969 ...)
 	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9
@@ -4047,6 +4048,8 @@ CVE-2022-30285
 	RESERVED
 CVE-2022-30284 (In the python-libnmap package through 0.7.2 for Python, remote command ...)
 	- python-libnmap <unfixed>
+	[bullseye] - python-libnmap <no-dsa> (Minor issue)
+	[buster] - python-libnmap <no-dsa> (Minor issue)
 	NOTE: https://www.swascan.com/security-advisory-libnmap-2/
 CVE-2022-30283
 	RESERVED
@@ -4104,6 +4107,7 @@ CVE-2022-1587 (An out-of-bounds read vulnerability was discovered in the PCRE2 l
 CVE-2022-1586 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...)
 	- pcre2 10.40-1
 	NOTE: https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a (pcre2-10.40)
+	NOTE: https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c
 CVE-2022-1585
 	RESERVED
 CVE-2022-30259
@@ -7995,6 +7999,8 @@ CVE-2022-28920 (Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scr
 	NOT-FOR-US: Baidu Tieba
 CVE-2022-28919 (HTMLCreator release_stable_2020-07-29 was discovered to contain a cros ...)
 	- dokuwiki <unfixed> (bug #1011056)
+	[bullseye] - dokuwiki <no-dsa> (Minor issue)
+	[buster] - dokuwiki <no-dsa> (Minor issue)
 	NOTE: https://github.com/splitbrain/dokuwiki/issues/3651
 	NOTE: https://github.com/splitbrain/dokuwiki/commit/d3233986baa7dfe44490b805ae2e4296fad59401
 CVE-2022-28918 (GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ffdcddf525cecac62c1e2e1b5d1d8cdf35b741f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ffdcddf525cecac62c1e2e1b5d1d8cdf35b741f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220527/2dc1bc47/attachment.htm>
