[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Oct 5 11:28:01 BST 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90fa8546 by Moritz Muehlenhoff at 2022-10-05T12:27:29+02:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3962,6 +3962,7 @@ CVE-2022-3223 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/d
 	NOT-FOR-US: jgraph/drawio
 CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/
 	NOTE: https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf
@@ -6119,6 +6120,7 @@ CVE-2022-39836
 	RESERVED
 CVE-2022-39835 (An issue was discovered in Gajim through 1.4.7. The vulnerability allo ...)
 	- gajim 1.5.0-1
+	[bullseye] - gajim <no-dsa> (Minor issue)
 	NOTE: https://dev.gajim.org/gajim/gajim/-/commit/af02c6bd53fad4e0065951597bd7ec801c002067 (1.5.0)
 CVE-2022-39834
 	RESERVED
@@ -40933,6 +40935,7 @@ CVE-2022-1036 (Able to create an account with long password leads to memory corr
 	NOT-FOR-US: microweber
 CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...)
 	- gpac <unfixed> (bug #1016443)
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b
@@ -44986,6 +44989,7 @@ CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to Cross-site
 	NOT-FOR-US: grapejs
 CVE-2022-21797 (The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary ...)
 	- joblib <unfixed> (bug #1020820)
+	[bullseye] - joblib <no-dsa> (Minor issue)
 	NOTE: https://github.com/joblib/joblib/issues/1128
 	NOTE: https://github.com/joblib/joblib/pull/1321
 	NOTE: https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059 (1.2.0)
@@ -58332,6 +58336,7 @@ CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.
 	NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
 CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...)
 	- gpac 2.0.0+dfsg1-2
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1990
@@ -134539,6 +134544,7 @@ CVE-2020-29261
 CVE-2020-29260 (libvncclient v0.9.13 was discovered to contain a memory leak via the f ...)
 	{DLA-3125-1}
 	- libvncserver <unfixed> (bug #1019228)
+	[bullseye] - libvncserver <no-dsa> (Minor issue)
 	NOTE: https://github.com/LibVNC/libvncserver/commit/bef41f6ec4097a8ee094f90a1b34a708fbd757ec
 CVE-2020-29259 (Cross-site scripting (XSS) vulnerability in Online Examination System  ...)
 	NOT-FOR-US: Online Examination System


=====================================
data/dsa-needed.txt
=====================================
@@ -29,6 +29,8 @@ netatalk
 --
 nodejs
 --
+openexr
+--
 php-horde-mime-viewer
 --
 php-horde-turba



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90fa85463e85b04807a7152399578c7f2f05c0c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90fa85463e85b04807a7152399578c7f2f05c0c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221005/a24bbedc/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list