[Git][security-tracker-team/security-tracker][master] 4 commits: add ring

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sun Nov 20 23:29:47 GMT 2022 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b6886286 by Thorsten Alteholz at 2022-11-21T00:27:41+01:00
add ring

- - - - -
b7029f21 by Thorsten Alteholz at 2022-11-21T00:27:41+01:00
mark CVE-2021-46849 as no-dsa for Buster

- - - - -
025d30b6 by Thorsten Alteholz at 2022-11-21T00:29:21+01:00
add exiv2

- - - - -
22eec36a by Thorsten Alteholz at 2022-11-21T00:29:23+01:00
mark CVEs for freerdp2 as no-dsa for Buster

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7885,6 +7885,7 @@ CVE-2021-46850 (myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel
 	NOT-FOR-US: myVesta Control Panel
 CVE-2021-46849 (pikepdf before 2.10.0 allows an XXE attack against PDF XMP metadata pa ...)
 	- pikepdf 3.2.0+dfsg-1
+	[buster] - pikepdf <no-dsa> (Minor issue)
 	NOTE: https://github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100
 CVE-2021-46848 (GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check ...)
 	- libtasn1-6 4.19.0-2
@@ -12523,6 +12524,7 @@ CVE-2022-41878 (Parse Server is an open source backend that can be deployed to a
 	NOT-FOR-US: Node parse-server
 CVE-2022-41877 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
 	- freerdp2 <unfixed> (bug #1024511)
+	[buster] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pmv3-wpw4-pw5h
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/6655841cf2a00b764f855040aecb8803cfc5eaba
 CVE-2022-41876 (ezplatform-graphql is a GraphQL server implementation for Ibexa DXP an ...)
@@ -18690,6 +18692,7 @@ CVE-2022-39348 (Twisted is an event-based framework for internet applications. S
 	NOTE: Fixed by: https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b (twisted-22.10.0rc1)
 CVE-2022-39347 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
 	- freerdp2 <unfixed> (bug #1024511)
+	[buster] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d
 CVE-2022-39346
@@ -18751,20 +18754,25 @@ CVE-2022-39321 (GitHub Actions Runner is the application that runs a job from a
 	NOT-FOR-US: GitHub Actions Runner
 CVE-2022-39320 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
 	- freerdp2 <unfixed> (bug #1024511)
+	[buster] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j
 CVE-2022-39319 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
 	- freerdp2 <unfixed> (bug #1024511)
+	[buster] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvxm-wfj2-5fvh
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/11555828d2cf289b350baba5ad1f462f10b80b76
 CVE-2022-39318 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
 	- freerdp2 <unfixed> (bug #1024511)
+	[buster] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-387j-8j96-7q35
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea
 CVE-2022-39317 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
 	- freerdp2 <unfixed> (bug #1024511)
+	[buster] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh
 CVE-2022-39316 (FreeRDP is a free remote desktop protocol library and clients. In affe ...)
 	- freerdp2 <unfixed> (bug #1024511)
+	[buster] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0
 CVE-2022-39315 (Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6 ...)


=====================================
data/dla-needed.txt
=====================================
@@ -38,7 +38,10 @@ erlang
   NOTE: 20221119: Programming language: C.
   NOTE: 20221119: at least CVE-2022-37026 needs to be fixed (original request has been for Stretch)
 --
-firmware-nonfree (Markus Koschany)
+exiv2
+  NOTE: 20221119: Programming language: C.
+--
+firmware-nonfree
   NOTE: 20220906: Consider to check the severity of the issues again and judge whether a correction is worth it.
 --
 frr (Chris Lamb)
@@ -305,6 +308,9 @@ rainloop
   NOTE: 20220913: also there's an unofficial one for CVE-2022-29360;
   NOTE: 20220913: Evaluate the situation and decide whether we should support or EOL this package (Beuc/front-desk)
 --
+ring (Thorsten Alteholz)
+  NOTE: 20221120: Programming language: C.
+--
 ruby-rails-html-sanitizer
   NOTE: 20221102: Programming language: Ruby.
   NOTE: 20221102: VCS: https://salsa.debian.org/lts-team/packages/ruby-rails-html-sanitizer.git



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/99dd5d08083059eae5612451d5f6264c2c2136f0...22eec36af8d5452a906a7363c448fcb8619c5988

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/99dd5d08083059eae5612451d5f6264c2c2136f0...22eec36af8d5452a906a7363c448fcb8619c5988
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221120/73b6a91d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list