[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Nov 30 21:47:55 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d6f78138 by Moritz Muehlenhoff at 2022-11-30T22:46:30+01:00
bullseye triage
mplayer spu

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1486,6 +1486,7 @@ CVE-2022-45786
 CVE-2022-4121 [Null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c]
 	RESERVED
 	- libetpan <unfixed> (bug #1025120)
+	[bullseye] - libetpan <no-dsa> (Minor issue)
 	NOTE: https://github.com/dinhvh/libetpan/issues/420
 CVE-2022-4120
 	RESERVED
@@ -2959,6 +2960,7 @@ CVE-2022-45344
 	RESERVED
 CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a hea ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2315
 	NOTE: https://github.com/gpac/gpac/commit/1016912db5408b6f38e8eb715279493ae380d1c4
@@ -3341,6 +3343,7 @@ CVE-2022-3964 (A vulnerability classified as problematic has been found in ffmpe
 CVE-2022-45197 [missing certificate hostname validation]
 	RESERVED
 	- slixmpp 1.8.3-1
+	[bullseye] - slixmpp <no-dsa> (Minor issue)
 	NOTE: https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa (slix-1.8.3)
 CVE-2022-45196 (Hyperledger Fabric 2.3 allows attackers to cause a denial of service ( ...)
 	NOT-FOR-US: Hyperledger Fabric
@@ -22221,6 +22224,7 @@ CVE-2022-38865 (Certain The MPlayer Project products are vulnerable to Divide By
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-38864 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
 	- mplayer <unfixed> (bug #1021013)
+	[bullseye] - mplayer <no-dsa> (Minor issue, will be fixed via spu)
 	NOTE: https://trac.mplayerhq.hu/ticket/2406
 	NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/36546389ef9fb6b0e0540c5c3f212534c34b0e94 (r38391)
 CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
@@ -22234,6 +22238,7 @@ CVE-2022-38862 (Certain The MPlayer Project products are vulnerable to Buffer Ov
 	NOTE: https://trac.mplayerhq.hu/ticket/2404
 CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory  ...)
 	- mplayer <unfixed> (bug #1021013)
+	[bullseye] - mplayer <no-dsa> (Minor issue, will be fixed via spu)
 	NOTE: https://trac.mplayerhq.hu/ticket/2407
 	NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2622e7fbe3605a2f3b4f74900197fefeedc0d2e1 (r38402)
 CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide By Zero  ...)
@@ -29726,9 +29731,11 @@ CVE-2022-36181
 	RESERVED
 CVE-2022-36180 (Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /f ...)
 	- fusiondirectory <removed>
+	[bullseye] - fusiondirectory <no-dsa> (Minor issue)
 	NOTE: https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/
 CVE-2022-36179 (Fusiondirectory 1.3 suffers from Improper Session Handling. ...)
 	- fusiondirectory <removed>
+	[bullseye] - fusiondirectory <no-dsa> (Minor issue)
 	NOTE: https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/
 CVE-2022-36178
 	RESERVED


=====================================
data/next-point-update.txt
=====================================
@@ -68,3 +68,23 @@ CVE-2020-29260
 	[bullseye] - libvncserver 0.9.13+dfsg-2+deb11u1
 CVE-2022-39353
 	[bullseye] - node-xmldom 0.5.0-1+deb11u2
+CVE-2022-38866
+	[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38865
+	[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38864
+	[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38863
+	[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38861
+	[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38860
+	[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38858
+	[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38855
+	[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38851
+	[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
+CVE-2022-38850
+	[bullseye] - mplayer 2:1.4+ds1-1+deb11u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f78138c9925551da9bf1698da03dbd1876e772

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f78138c9925551da9bf1698da03dbd1876e772
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221130/7648c513/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list