[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon May 30 17:44:54 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5d6d0eff by Moritz Muehlenhoff at 2022-05-30T18:44:40+02:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30,11 +30,10 @@ CVE-2022-1929
CVE-2022-1928 (Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gite ...)
- gitea <removed>
CVE-2022-1927 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
- [bullseye] - vim <no-dsa> (Minor issue)
- [buster] - vim <no-dsa> (Minor issue)
+ - vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777
NOTE: https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 (v8.2.5037)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-1926
RESERVED
CVE-2022-31793
@@ -19670,12 +19669,16 @@ CVE-2022-24884 (ecdsautils is a tiny collection of programs used for ECDSA (keyg
NOTE: https://github.com/freifunk-gluon/ecdsautils/commit/1d4b091abdf15ad7b2312535b5b95ad70f6dbd08 (v0.4.1)
CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...)
- freerdp2 2.7.0+dfsg1-1
+ [bullseye] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc
NOTE: Fixed by (backport): https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144
CVE-2022-24882 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...)
- freerdp2 2.7.0+dfsg1-1
+ [bullseye] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh
NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95
@@ -95178,6 +95181,8 @@ CVE-2021-21898 (A code execution vulnerability exists in the dwgCompressor::deco
NOTE: https://github.com/LibreCAD/libdxfrw/commit/ba3fa95648bef948e008dfbdd31a4d21badd71f0
CVE-2021-21897 (A code execution vulnerability exists in the DL_Dxf::handleLWPolylineD ...)
- cloudcompare <unfixed> (bug #1010347)
+ [bullseye] - cloudcompare <no-dsa> (Minor issue)
+ [buster] - cloudcompare <no-dsa> (Minor issue)
- dxflib 3.26.4-1
[bullseye] - dxflib <no-dsa> (Minor issue)
[buster] - dxflib <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d6d0eff00ebc259a6317ecc29020dc2a760ac5d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d6d0eff00ebc259a6317ecc29020dc2a760ac5d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220530/af4136dd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list