[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Nov 29 08:25:02 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8915d75 by Moritz Muehlenhoff at 2022-11-29T09:24:46+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -950,10 +950,10 @@ CVE-2022-45898
 CVE-2022-4144 [QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read]
 	RESERVED
 	- qemu <unfixed>
+	[bullseye] - qemu <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2148506
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html
 	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1336
-	TODO: check details
 CVE-2022-4143
 	RESERVED
 CVE-2022-4142
@@ -4157,10 +4157,12 @@ CVE-2022-44794 (An issue was discovered in Object First 1.0.7.712. Management pr
 	NOT-FOR-US: Object First
 CVE-2022-44793 (handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-S ...)
 	- net-snmp <unfixed> (bug #1024020)
+	[bullseye] - net-snmp <no-dsa> (Minor issue)
 	NOTE: https://github.com/net-snmp/net-snmp/issues/475
 	NOTE: https://gist.github.com/menglong2234/d07a65b5028145c9f4e1d1db8c4c202f
 CVE-2022-44792 (handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP  ...)
 	- net-snmp <unfixed> (bug #1024020)
+	[bullseye] - net-snmp <no-dsa> (Minor issue)
 	NOTE: https://github.com/net-snmp/net-snmp/issues/474
 	NOTE: https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428
 CVE-2022-44791
@@ -15353,6 +15355,7 @@ CVE-2022-3325 (Improper access control in the GitLab CE/EE API affecting all ver
 CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
 	{DLA-3182-1}
 	- vim 2:9.0.0626-1
+	[bullseye] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c/
 	NOTE: https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb (v9.0.0598)
 CVE-2022-3323 (An SQL injection vulnerability in Advantech iView 5.7.04.6469. The spe ...)
@@ -21993,8 +21996,7 @@ CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer Ov
 	NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/b5e745b4bfab2835103a060094fae3c6cc1ba17d (r38393)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-38862 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
-	- mplayer <unfixed> (bug #1021013)
-	[bullseye] - mplayer <no-dsa> (Minor issue)
+	NOTE: Unreproducible issue, probably a bug in the reporter's ASAN setup
 	NOTE: https://trac.mplayerhq.hu/ticket/2400
 	NOTE: https://trac.mplayerhq.hu/ticket/2404
 CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory  ...)
@@ -35599,6 +35601,7 @@ CVE-2022-33980 (Apache Commons Configuration performs variable interpolation, al
 CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
 	{DLA-3204-1}
 	- vim 2:9.0.0135-1 (bug #1015984)
+	[bullseye] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <postponed> (Minor issue)
 	NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352
 	NOTE: https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d (v8.2.5126)
@@ -43635,6 +43638,7 @@ CVE-2022-31009 (wire-ios is an iOS client for the Wire secure messaging applicat
 	NOT-FOR-US: wire-ios
 CVE-2022-31008 (RabbitMQ is a multi-protocol messaging and streaming broker. In affect ...)
 	- rabbitmq-server 3.10.8-1
+	[bullseye] - rabbitmq-server <no-dsa> (Minor issue)
 	[buster] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-v9gv-xp36-jgj8
 	NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/4841



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8915d750e02b409853c4b5680a4968c8b996dd6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8915d750e02b409853c4b5680a4968c8b996dd6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221129/4808ddbf/attachment.htm>

More information about the debian-security-tracker-commits mailing list