[Git][security-tracker-team/security-tracker][master] bullseye triage

Wed Nov 9 13:15:35 GMT 2022


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
237bccab by Moritz Muehlenhoff at 2022-11-09T14:13:56+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,6 +9,7 @@ CVE-2022-45061 (An issue was discovered in Python before 3.11.1. An unnecessary
 	- python3.11 <unfixed>
 	- python3.10 <unfixed>
 	- python3.9 <unfixed>
+	[bullseye] - python3.9 <no-dsa> (Minor issue)
 	- python3.7 <removed>
 	NOTE: https://github.com/python/cpython/issues/98433
 	NOTE: https://github.com/python/cpython/pull/99092
@@ -70366,6 +70367,7 @@ CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gp
 	NOTE: https://github.com/gpac/gpac/commit/29f31f431b18278b94c659452562e8a027436487 (v2.0.0)
 CVE-2021-45266 (A null pointer dereference vulnerability exists in gpac 1.1.0 via the  ...)
 	- gpac 2.0.0+dfsg1-2
+	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1985
@@ -70376,12 +70378,14 @@ CVE-2021-45264
 	RESERVED
 CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_dele ...)
 	- gpac 2.0.0+dfsg1-2
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1975
 	NOTE: https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9 (v2.0.0)
 CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_comma ...)
 	- gpac 2.0.0+dfsg1-2
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1980
@@ -75022,12 +75026,12 @@ CVE-2021-3970 (A potential vulnerability in LenovoVariable SMI Handler due to in
 CVE-2021-3969 (A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMC ...)
 	NOT-FOR-US: Lenovo
 CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
-	- vim 2:8.2.3995-1 (bug #1001900)
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.3995-1 (unimportant; bug #1001900)
 	[buster] - vim <not-affected> (The vulnerable code is not present)
 	[stretch] - vim <not-affected> (The vulnerable code is not present)
 	NOTE: https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528/
 	NOTE: https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69 (v8.2.3610)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-21741 (Tensorflow is an Open Source Machine Learning Framework. ### Impact An ...)
 	- tensorflow <itp> (bug #804612)
 CVE-2022-21740 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
@@ -77963,16 +77967,16 @@ CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in U
 	NOT-FOR-US: Sunnet eHRD
 CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable ...)
 	{DLA-3182-1 DLA-2947-1}
-	- vim 2:8.2.3995-1
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.3995-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
 	NOTE: Fixed by: https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 (v8.2.3582)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	{DLA-3182-1 DLA-2947-1}
-	- vim 2:8.2.3995-1
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.3995-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0
 	NOTE: Fixed by: https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e (v8.2.3581)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-43357
 	RESERVED
 CVE-2021-43350 (An unauthenticated Apache Traffic Control Traffic Ops user can send a  ...)
@@ -79915,12 +79919,11 @@ CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During Web
 	NOT-FOR-US: Grav CMS
 CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	{DLA-3053-1}
-	- vim 2:8.2.3565-1
-	[bullseye] - vim <no-dsa> (Minor issue)
-	[buster] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.3565-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
 	NOTE: https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
 	NOTE: PoC crashes starting with https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8 (v8.2.0149)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2020-36503 (The Connections Business Directory WordPress plugin before 9.7 does no ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-43010 (In Safedog Apache v4.0.30255, attackers can bypass this product for SQ ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/237bccabc56a947264a896c3149525543048dd75

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/237bccabc56a947264a896c3149525543048dd75
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221109/58d5bac8/attachment-0001.htm>
