[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2021-3826 in libiberty for buster LTS.
Chris Lamb (@lamby)
lamby at debian.org
Mon Oct 10 20:20:25 BST 2022
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
91945f55 by Chris Lamb at 2022-10-10T12:15:30-07:00
Triage CVE-2021-3826 in libiberty for buster LTS.
- - - - -
4a3d07b9 by Chris Lamb at 2022-10-10T12:16:00-07:00
Triage CVE-2022-3277 in neutron for buster LTS.
- - - - -
c061a278 by Chris Lamb at 2022-10-10T12:16:35-07:00
Triage CVE-2021-37819 in pdftk-java for buster LTS.
- - - - -
190ecc94 by Chris Lamb at 2022-10-10T12:18:48-07:00
Triage CVE-2022-31033 in ruby-mechanize for buster LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3311,6 +3311,7 @@ CVE-2022-3277 [unrestricted creation of security groups]
RESERVED
- neutron <unfixed>
[bullseye] - neutron <no-dsa> (Minor issue)
+ [buster] - neutron <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129193
CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in t ...)
- node-hoek 9.0.3+~5.0.0+~4.0.0-1
@@ -30451,6 +30452,7 @@ CVE-2022-31034 (Argo CD is a declarative, GitOps continuous delivery tool for Ku
CVE-2022-31033 (The Mechanize library is used for automating interaction with websites ...)
- ruby-mechanize 2.8.5-1 (bug #1014809)
[bullseye] - ruby-mechanize <no-dsa> (Minor issue)
+ [buster] - ruby-mechanize <no-dsa> (Minor issue)
NOTE: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9
NOTE: Prerequisite to clear credential headers when redirecting to cross site
NOTE: https://github.com/sparklemotion/mechanize/commit/17e5381032c90caf240ac3d2e52b353f40c18d83 (v2.8.0)
@@ -75433,6 +75435,7 @@ CVE-2021-3826 (Heap/stack buffer overflow in the dlang_lname function in d-deman
- binutils 2.37.50.20220121-1 (unimportant)
- libiberty 20220713-1
[bullseye] - libiberty <no-dsa> (Minor issue)
+ [buster] - libiberty <no-dsa> (Minor issue)
NOTE: https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579985.html
NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=5481040197402be6dfee265bd2ff5a4c88e30505
NOTE: binutils not covered by security support
@@ -85102,6 +85105,7 @@ CVE-2021-37820
CVE-2021-37819 (PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop ...)
- pdftk-java 3.3.2-1
[bullseye] - pdftk-java <no-dsa> (Minor issue)
+ [buster] - pdftk-java <no-dsa> (Minor issue)
- pdftk 2.02-5
NOTE: https://gitlab.com/pdftk-java/pdftk/-/merge_requests/21
NOTE: https://gitlab.com/pdftk-java/pdftk/-/commit/75deacdf5c46fd4eefb310c784eb9dfdc7b9fdc9 (v3.3.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/09e390e65a80ea678be856c270e471083b83d5d9...190ecc94ebd89b5529ca1129f3ae32dac60b291c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/09e390e65a80ea678be856c270e471083b83d5d9...190ecc94ebd89b5529ca1129f3ae32dac60b291c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221010/f2235b33/attachment.htm>
More information about the debian-security-tracker-commits
mailing list