[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Nov 21 11:31:28 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a2d84d6d by Moritz Muehlenhoff at 2022-11-21T11:57:04+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12536,6 +12536,7 @@ CVE-2022-41878 (Parse Server is an open source backend that can be deployed to a
 	NOT-FOR-US: Node parse-server
 CVE-2022-41877 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
 	- freerdp2 <unfixed> (bug #1024511)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pmv3-wpw4-pw5h
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/6655841cf2a00b764f855040aecb8803cfc5eaba
@@ -18704,6 +18705,7 @@ CVE-2022-39348 (Twisted is an event-based framework for internet applications. S
 	NOTE: Fixed by: https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b (twisted-22.10.0rc1)
 CVE-2022-39347 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
 	- freerdp2 <unfixed> (bug #1024511)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d
@@ -18766,24 +18768,29 @@ CVE-2022-39321 (GitHub Actions Runner is the application that runs a job from a
 	NOT-FOR-US: GitHub Actions Runner
 CVE-2022-39320 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
 	- freerdp2 <unfixed> (bug #1024511)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j
 CVE-2022-39319 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
 	- freerdp2 <unfixed> (bug #1024511)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvxm-wfj2-5fvh
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/11555828d2cf289b350baba5ad1f462f10b80b76
 CVE-2022-39318 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
 	- freerdp2 <unfixed> (bug #1024511)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-387j-8j96-7q35
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea
 CVE-2022-39317 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
 	- freerdp2 <unfixed> (bug #1024511)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh
 CVE-2022-39316 (FreeRDP is a free remote desktop protocol library and clients. In affe ...)
 	- freerdp2 <unfixed> (bug #1024511)
+	[bullseye] - freerdp2 <no-dsa> (Minor issue)
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0
@@ -53747,10 +53754,10 @@ CVE-2022-0944 (Template injection in connection test endpoint leads to RCE in Gi
 	NOT-FOR-US: sqlpad
 CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim  ...)
 	{DLA-3182-1 DLA-3053-1}
-	- vim 2:8.2.4659-1
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.4659-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1
 	NOTE: https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3 (v8.2.4563)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-26981 (Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in  ...)
 	- liblouis 3.22.0-1 (bug #1008009)
 	[bullseye] - liblouis <no-dsa> (Minor issue)
@@ -57409,10 +57416,10 @@ CVE-2022-0730 (Under certain ldap conditions, Cacti authentication can be bypass
 	NOTE: https://github.com/Cacti/cacti/commit/0bb77ee9b4d1c7a99e0140b88789e050e523e628 (1.2.x)
 CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior  ...)
 	{DLA-3182-1 DLA-2947-1}
-	- vim 2:8.2.4659-1
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.4659-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea
 	NOTE: https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30 (v8.2.4440)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-0728 (The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not s ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0727 (Improper Access Control in GitHub repository chocobozzz/peertube prior ...)
@@ -57518,10 +57525,10 @@ CVE-2022-0715 (A CWE-287: Improper Authentication vulnerability exists that coul
 	NOT-FOR-US: Schneider Electric
 CVE-2022-0714 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4 ...)
 	{DLA-3182-1 DLA-2947-1}
-	- vim 2:8.2.4659-1
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.4659-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/db70e8db-f309-4f3c-986c-e69d2415c3b3
 	NOTE: https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa (v8.2.4436)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-0713 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
 	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/d35b3dff-768d-4a09-a742-c18ca8f56d3c
@@ -58152,10 +58159,10 @@ CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM url-parse
 	NOTE: https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5 (1.5.8)
 CVE-2022-0685 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior  ...)
 	{DLA-3182-1 DLA-2947-1}
-	- vim 2:8.2.4659-1
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.4659-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782
 	NOTE: https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87 (v8.2.4418)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-0684 (The WP Home Page Menu WordPress plugin before 3.1 does not sanitise an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called from six ...)
@@ -58642,12 +58649,10 @@ CVE-2022-0630 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
 	NOTE: https://huntr.dev/bounties/f7cdd680-1a7f-4992-b4b8-44b5e4ba3e32
 	NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad
 CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
-	- vim 2:8.2.4659-1
-	[bullseye] - vim <no-dsa> (Minor issue)
-	[buster] - vim <no-dsa> (Minor issue)
-	[stretch] - vim <postponed> (Minor issue)
+	- vim 2:8.2.4659-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877/
 	NOTE: https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc (v8.2.4397)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-0628 (The Mega Menu WordPress plugin before 3.0.8 does not sanitize and esca ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0627 (The Amelia WordPress plugin before 1.0.47 does not sanitize and escape ...)
@@ -60394,10 +60399,10 @@ CVE-2022-0555
 	RESERVED
 CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior  ...)
 	{DLA-3182-1 DLA-2947-1}
-	- vim 2:8.2.4659-1
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.4659-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71/
 	NOTE: https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8 (v8.2.4327)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-0553
 	RESERVED
 CVE-2022-0552 (A flaw was found in the original fix for the netty-codec-http CVE-2021 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2d84d6dbe6b36d4ee611f604e9fecead9aab947

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2d84d6dbe6b36d4ee611f604e9fecead9aab947
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221121/fe403fd3/attachment.htm>

More information about the debian-security-tracker-commits mailing list