[Git][security-tracker-team/security-tracker][master] bullseye triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
72eca0ba by Moritz Muehlenhoff at 2022-11-07T17:40:29+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7908,6 +7908,7 @@ CVE-2022-3552 (Unrestricted Upload of File with Dangerous Type in GitHub reposit
 	NOT-FOR-US: boxbilling
 CVE-2022-3551 (A vulnerability, which was classified as problematic, has been found i ...)
 	- xorg-server <unfixed>
+	[bullseye] - xorg-server <no-dsa> (Minor issue)
 	- xwayland <unfixed>
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/18f91b950e22c2a342a4fbc55e9ddf7534a707d2
 CVE-2022-3550 (A vulnerability classified as critical was found in X.org Server. Affe ...)
@@ -12258,7 +12259,9 @@ CVE-2022-3276 (Command injection is possible in the puppetlabs-mysql module prio
 	NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/e70e7fd130aaa2fe1cefe4ccb628b304ad3c180a (v13.0.0)
 CVE-2022-3275 (Command injection is possible in the puppetlabs-apt module prior to ve ...)
 	- puppet-module-puppetlabs-apt <unfixed>
+	[bullseye] - puppet-module-puppetlabs-apt <no-dsa> (Minor issue)
 	NOTE: https://puppet.com/security/cve/CVE-2022-3275
+	NOTE: https://github.com/puppetlabs/puppetlabs-apt/commit/c26ad2a54f318b4d6fbe55f837b00cd6afd9f1eb
 CVE-2022-3274 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-3273 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
@@ -20310,9 +20313,10 @@ CVE-2022-38219
 CVE-2022-38218
 	RESERVED
 CVE-2022-2817 (Use After Free in GitHub repository vim/vim prior to 9.0.0213. ...)
-	- vim 2:9.0.0229-1
+	- vim 2:9.0.0229-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f
 	NOTE: https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20 (v9.0.0213)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2816 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. ...)
 	- vim 2:9.0.0229-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58
@@ -22822,9 +22826,10 @@ CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not s
 CVE-2022-2599 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository vim/vim prior ...)
-	- vim 2:9.0.0135-1
+	- vim 2:9.0.0135-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/
 	NOTE: https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d (v9.0.0101)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2597 (The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin b ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2596 (Denial of Service in GitHub repository node-fetch/node-fetch prior to  ...)
@@ -23554,9 +23559,10 @@ CVE-2022-37014
 CVE-2022-2572 (In affected versions of Octopus Server where access is managed by an e ...)
 	NOT-FOR-US: Octopus Server
 CVE-2022-2571 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
-	- vim 2:9.0.0135-1
+	- vim 2:9.0.0135-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571/
 	NOTE: https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614 (v9.0.0102)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2570
 	RESERVED
 CVE-2022-37013
@@ -24941,9 +24947,10 @@ CVE-2022-34147
 CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
 	NOT-FOR-US: Roxy-WI
 CVE-2022-2522 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
-	- vim 2:9.0.0135-1 (bug #1016068)
+	- vim 2:9.0.0135-1 (unimportant; bug #1016068)
 	NOTE: https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22
 	NOTE: https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089 (v9.0.0061)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2521 (It was found in libtiff 4.4.0rc1 that there is an invalid pointer free ...)
 	- tiff <unfixed> (unimportant)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/422
@@ -88172,8 +88179,9 @@ CVE-2021-40243
 CVE-2021-40242
 	RESERVED
 CVE-2021-40241 (xfig 3.2.7 is vulnerable to Buffer Overflow. ...)
-	- xfig 1:3.2.8a-1 (bug #992395)
+	- xfig 1:3.2.8a-1 (unimportant; bug #992395)
 	NOTE: https://sourceforge.net/p/mcj/tickets/136/
+	NOTE: No security impact
 CVE-2021-40240
 	RESERVED
 CVE-2021-40239 (A Buffer Overflow vulnerability exists in the latest version of Minift ...)
@@ -94463,6 +94471,7 @@ CVE-2021-37790
 	RESERVED
 CVE-2021-37789 (stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, lead ...)
 	- libstb <unfixed>
+	[bullseye] - libstb <no-dsa> (Minor issue)
 	NOTE: https://github.com/nothings/stb/issues/1178
 CVE-2021-37788 (A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could all ...)
 	NOT-FOR-US: Gurock TestRail



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72eca0ba17291157d7b144079218f99fa96ccf44

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72eca0ba17291157d7b144079218f99fa96ccf44
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221107/1813459f/attachment.htm>