[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Oct 5 11:28:01 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
90fa8546 by Moritz Muehlenhoff at 2022-10-05T12:27:29+02:00
bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3962,6 +3962,7 @@ CVE-2022-3223 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/d
NOT-FOR-US: jgraph/drawio
CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/
NOTE: https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf
@@ -6119,6 +6120,7 @@ CVE-2022-39836
RESERVED
CVE-2022-39835 (An issue was discovered in Gajim through 1.4.7. The vulnerability allo ...)
- gajim 1.5.0-1
+ [bullseye] - gajim <no-dsa> (Minor issue)
NOTE: https://dev.gajim.org/gajim/gajim/-/commit/af02c6bd53fad4e0065951597bd7ec801c002067 (1.5.0)
CVE-2022-39834
RESERVED
@@ -40933,6 +40935,7 @@ CVE-2022-1036 (Able to create an account with long password leads to memory corr
NOT-FOR-US: microweber
CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...)
- gpac <unfixed> (bug #1016443)
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b
@@ -44986,6 +44989,7 @@ CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to Cross-site
NOT-FOR-US: grapejs
CVE-2022-21797 (The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary ...)
- joblib <unfixed> (bug #1020820)
+ [bullseye] - joblib <no-dsa> (Minor issue)
NOTE: https://github.com/joblib/joblib/issues/1128
NOTE: https://github.com/joblib/joblib/pull/1321
NOTE: https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059 (1.2.0)
@@ -58332,6 +58336,7 @@ CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.
NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1990
@@ -134539,6 +134544,7 @@ CVE-2020-29261
CVE-2020-29260 (libvncclient v0.9.13 was discovered to contain a memory leak via the f ...)
{DLA-3125-1}
- libvncserver <unfixed> (bug #1019228)
+ [bullseye] - libvncserver <no-dsa> (Minor issue)
NOTE: https://github.com/LibVNC/libvncserver/commit/bef41f6ec4097a8ee094f90a1b34a708fbd757ec
CVE-2020-29259 (Cross-site scripting (XSS) vulnerability in Online Examination System ...)
NOT-FOR-US: Online Examination System
=====================================
data/dsa-needed.txt
=====================================
@@ -29,6 +29,8 @@ netatalk
--
nodejs
--
+openexr
+--
php-horde-mime-viewer
--
php-horde-turba
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90fa85463e85b04807a7152399578c7f2f05c0c7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90fa85463e85b04807a7152399578c7f2f05c0c7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221005/a24bbedc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list