[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2022-45198 as no-dsa for Buster
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Sun Nov 20 01:05:42 GMT 2022
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f323fc97 by Thorsten Alteholz at 2022-11-20T01:42:36+01:00
mark CVE-2022-45198 as no-dsa for Buster
- - - - -
53093990 by Thorsten Alteholz at 2022-11-20T02:00:05+01:00
mark CVEs for non-free bluez-firmware as no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1067,6 +1067,7 @@ CVE-2022-45199 (Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL
CVE-2022-45198 (Pillow before 9.2.0 performs Improper Handling of Highly Compressed GI ...)
- pillow 9.2.0-1
[bullseye] - pillow <no-dsa> (Minor issue)
+ [buster] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4 (9.2.0)
NOTE: https://github.com/python-pillow/Pillow/pull/6402
CVE-2022-3979 (A vulnerability was found in NagVis up to 1.9.33 and classified as pro ...)
@@ -104962,18 +104963,22 @@ CVE-2021-34149 (The Bluetooth Classic implementation on the Texas Instruments CC
CVE-2021-34148 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...)
- bluez-firmware <unfixed> (bug #1024356)
[bullseye] - bluez-firmware <no-dsa> (Non-free not supported)
+ [buster] - bluez-firmware <no-dsa> (Non-free not supported)
NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/31ad68831357d2019624004f1f0846475671088f
CVE-2021-34147 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...)
- bluez-firmware <unfixed> (bug #1024356)
[bullseye] - bluez-firmware <no-dsa> (Non-free not supported)
+ [buster] - bluez-firmware <no-dsa> (Non-free not supported)
NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/31ad68831357d2019624004f1f0846475671088f
CVE-2021-34146 (The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB do ...)
- bluez-firmware <unfixed> (bug #1024356)
[bullseye] - bluez-firmware <no-dsa> (Non-free not supported)
+ [buster] - bluez-firmware <no-dsa> (Non-free not supported)
NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/31ad68831357d2019624004f1f0846475671088f
CVE-2021-34145 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...)
- bluez-firmware <unfixed> (bug #1024356)
[bullseye] - bluez-firmware <no-dsa> (Non-free not supported)
+ [buster] - bluez-firmware <no-dsa> (Non-free not supported)
NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/31ad68831357d2019624004f1f0846475671088f
CVE-2021-34144 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SD ...)
NOT-FOR-US: Zhuhai Jieli
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4db1e46eef36397a75820b07a25fadc6fef5d3bf...53093990d5f68db8a1447008d28351ddd0fda408
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4db1e46eef36397a75820b07a25fadc6fef5d3bf...53093990d5f68db8a1447008d28351ddd0fda408
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221120/8ced707d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list