[Git][security-tracker-team/security-tracker][master] 4 commits: Mark CVE-2009-1143/open-vm-tools as postponed for buster

Sun Nov 27 08:41:02 GMT 2022


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
918a2392 by Utkarsh Gupta at 2022-11-27T14:10:46+05:30
Mark CVE-2009-1143/open-vm-tools as postponed for buster

- - - - -
1fba0734 by Utkarsh Gupta at 2022-11-27T14:10:47+05:30
Mark CVE-2022-396{4,5}/ffmpeg as postponed for buster

- - - - -
d34e07f6 by Utkarsh Gupta at 2022-11-27T14:10:47+05:30
Add lava to dla-needed

- - - - -
e8fe3b20 by Utkarsh Gupta at 2022-11-27T14:10:47+05:30
Add pngcheck to dla-needed

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2234,10 +2234,12 @@ CVE-2022-3966 (A vulnerability, which was classified as critical, has been found
 CVE-2022-3965 (A vulnerability classified as problematic was found in ffmpeg. This vu ...)
 	- ffmpeg <unfixed>
 	[bullseye] - ffmpeg <postponed> (Wait until it lands in 4.1.x)
+	[buster] - ffmpeg <postponed> (Wait until it lands in 4.1.x)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/13c13109759090b7f7182480d075e13b36ed8edd
 CVE-2022-3964 (A vulnerability classified as problematic has been found in ffmpeg. Th ...)
 	- ffmpeg <unfixed>
 	[bullseye] - ffmpeg <postponed> (Wait until it lands in 4.1.x)
+	[buster] - ffmpeg <postponed> (Wait until it lands in 4.1.x)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/92f9b28ed84a77138105475beba16c146bdaf984
 CVE-2022-45197
 	RESERVED
@@ -544432,6 +544434,7 @@ CVE-2009-1144 (Untrusted search path vulnerability in the Gentoo package of Xpdf
 CVE-2009-1143 (An issue was discovered in open-vm-tools 2009.03.18-154848. Local user ...)
 	- open-vm-tools 2:12.0.0-1
 	[bullseye] - open-vm-tools <no-dsa> (Minor issue; mount.vmhgfs not suid root in Debian)
+	[buster] - open-vm-tools <postponed> (Minor issue; mount.vmhgfs not suid root in Debian)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=372070
 	NOTE: Removing hgfsmounter/mount.vmhgfs: https://github.com/vmware/open-vm-tools/commit/61331a189a0eeb76f014db28288b06c0323bc0b9 (stable-12.0.0)
 CVE-2009-1142 (An issue was discovered in open-vm-tools 2009.03.18-154848. Local user ...)


=====================================
data/dla-needed.txt
=====================================
@@ -112,6 +112,9 @@ kopanocore
 krb5 (Chris Lamb)
   NOTE: 20221117: Programming language: C.
 --
+lava
+  NOTE: 20221127: Programming language: Python.
+--
 libapreq2
   NOTE: 20221031: Programming language: C.
 --
@@ -249,6 +252,9 @@ pluxml
   NOTE: 20220913: Programming language: PHP.
   NOTE: 20220913: Special attention: orphaned package.
 --
+pngcheck
+  NOTE: 20221127: Programming language: C.
+--
 protobuf
   NOTE: 20221031: Programming language: Several.
   NOTE: 20221031: Note the 'Note' that one of the CVEs affects the generated code and must therefore get special attention from the application developer using protobuf.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1efc6d893859bc3052b4d8017cc2caf411f3e63d...e8fe3b20dd7c213bff3b4f969acab04d97d66eff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1efc6d893859bc3052b4d8017cc2caf411f3e63d...e8fe3b20dd7c213bff3b4f969acab04d97d66eff
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221127/8921af2a/attachment-0001.htm>
