[Git][security-tracker-team/security-tracker][master] bullseye triage

Thu Nov 24 15:22:50 GMT 2022


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a9246dbc by Moritz Muehlenhoff at 2022-11-24T16:21:02+01:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8456,8 +8456,9 @@ CVE-2022-43761
 	RESERVED
 CVE-2022-3705 (A vulnerability was found in vim and classified as problematic. Affect ...)
 	{DLA-3182-1}
-	- vim 2:9.0.0813-1
+	- vim 2:9.0.0813-1 (unimportant)
 	NOTE: https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731 (v9.0.0805)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-3704 (A vulnerability classified as problematic has been found in Ruby on Ra ...)
 	- rails <unfixed> (bug #1024274)
 	NOTE: https://github.com/rails/rails/commit/be177e4566747b73ff63fd5f529fab564e475ed4
@@ -13413,6 +13414,7 @@ CVE-2022-41883 (TensorFlow is an open source platform for machine learning. When
 	- tensorflow <itp> (bug #804612)
 CVE-2022-41882 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
 	- nextcloud-desktop 3.6.1-1
+	[bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
 	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63
 	NOTE: https://github.com/nextcloud/desktop/pull/5039
 	NOTE: https://github.com/nextcloud/server/pull/34559
@@ -13969,9 +13971,10 @@ CVE-2022-3354 (A vulnerability has been found in Open5GS up to 2.4.10 and classi
 CVE-2022-3353
 	RESERVED
 CVE-2022-3352 (Use After Free in GitHub repository vim/vim prior to 9.0.0614. ...)
-	- vim 2:9.0.0626-1
+	- vim 2:9.0.0626-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60
 	NOTE: https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15 (v9.0.0614)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-3351 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Only affects Gitlab EE)
 CVE-2022-3350 (The Contact Bank WordPress plugin through 3.0.30 does not sanitise and ...)
@@ -15153,9 +15156,10 @@ CVE-2022-3258 (Incorrect Permission Assignment for Critical Resource vulnerabili
 CVE-2022-3257 (Mattermost version 7.1.x and earlier fails to sufficiently process a s ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2022-3256 (Use After Free in GitHub repository vim/vim prior to 9.0.0530. ...)
-	- vim 2:9.0.0626-1
+	- vim 2:9.0.0626-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3
 	NOTE: https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad (v9.0.0530)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-3255 (If an attacker can control a script that is executed in the victim's b ...)
 	NOT-FOR-US: pimcore
 CVE-2022-3254 (The WordPress Classifieds Plugin WordPress plugin before 4.3 does not  ...)
@@ -16229,9 +16233,10 @@ CVE-2022-3236 (A code injection vulnerability in the User Portal and Webadmin al
 CVE-2022-40763
 	RESERVED
 CVE-2022-3235 (Use After Free in GitHub repository vim/vim prior to 9.0.0490. ...)
-	- vim 2:9.0.0626-1
+	- vim 2:9.0.0626-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af
 	NOTE: https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0 (v9.0.0490)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-40762 (A Memory Allocation with Excessive Size Value vulnerablity in the TEE_ ...)
 	NOT-FOR-US: Samsung mTower
 CVE-2022-40761 (The function tee_obj_free in Samsung mTower through 0.3.0 allows a tru ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -20,6 +20,8 @@ gerbv
 --
 graphicsmagick (jmm)
 --
+jhead
+--
 lava
 --
 linux (carnil)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9246dbc6b2dc798cd3b97d28d06959f7c693711

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9246dbc6b2dc798cd3b97d28d06959f7c693711
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221124/bb2836fb/attachment.htm>
