[Git][security-tracker-team/security-tracker][master] 5 commits: data/dla-needed.txt: Triage libreoffice for buster LTS (CVE-2022-3140)

Wed Oct 12 16:37:51 BST 2022


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4409fd62 by Chris Lamb at 2022-10-12T08:33:35-07:00
data/dla-needed.txt: Triage libreoffice for buster LTS (CVE-2022-3140)

- - - - -
2c81c872 by Chris Lamb at 2022-10-12T08:33:55-07:00
Triage CVE-2022-41550 in libosip2 for buster LTS.

- - - - -
efe16ad3 by Chris Lamb at 2022-10-12T08:34:56-07:00
Triage CVE-2022-37616 in node-xmldom for buster LTS.

- - - - -
0a777192 by Chris Lamb at 2022-10-12T08:35:14-07:00
Triage CVE-2021-3782 in wayland for buster LTS.

- - - - -
99384111 by Chris Lamb at 2022-10-12T08:37:32-07:00
data/dla-needed.txt: Triage ini4j for buster LTS (CVE-2022-41404)

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3142,6 +3142,7 @@ CVE-2022-41551
 CVE-2022-41550 (GNU oSIP v5.3.0 was discovered to contain an integer overflow via the  ...)
 	- libosip2 <unfixed>
 	[bullseye] - libosip2 <no-dsa> (Minor issue)
+	[buster] - libosip2 <no-dsa> (Minor issue)
 	NOTE: https://savannah.gnu.org/bugs/?63103
 	NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=f77f16c832c3c37589c2b749f01b644dc44a55b5
 CVE-2022-41549
@@ -13139,6 +13140,7 @@ CVE-2022-37617 (Prototype pollution vulnerability in function resolveShims in re
 CVE-2022-37616 (A prototype pollution vulnerability exists in the function copy in dom ...)
 	- node-xmldom 0.8.3-1 (bug #1021618)
 	[bullseye] - node-xmldom <no-dsa> (Minor issue)
+	[buster] - node-xmldom <no-dsa> (Minor issue)
 	NOTE: https://github.com/xmldom/xmldom/issues/436
 	NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj
 	NOTE: Fixed by: https://github.com/xmldom/xmldom/commit/6956ec406fd4658dfb028a327c7a39238b24c3cd (0.9.0-beta.2)
@@ -77765,6 +77767,7 @@ CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During W
 CVE-2021-3782 (An internal reference count is held on the buffer pool, incremented ev ...)
 	- wayland 1.21.0-1
 	[bullseye] - wayland <no-dsa> (Minor issue)
+	[buster] - wayland <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/wayland/wayland/-/issues/224
 	NOTE: https://gitlab.freedesktop.org/wayland/wayland/-/commit/b19488c7154b902354cb26a27f11415d7799b0b2 (1.20.91)
 CVE-2021-3781 (A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was  ...)


=====================================
data/dla-needed.txt
=====================================
@@ -82,6 +82,10 @@ imagemagick
   NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/imagemagick.git
   NOTE: 20220904: Should be synced with Stretch. (apo)
 --
+ini4j
+  NOTE: 20221012: Programming language: Java.
+  NOTE: 20221012: Require investigation (lamby)
+--
 joblib (Utkarsh)
   NOTE: 20221006: Programming language: Python.
 --
@@ -89,6 +93,9 @@ kopanocore
   NOTE: 20220801: Programming language: C++.
   NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973)
 --
+libreoffice
+  NOTE: 20221012: Programming language: C++.
+--
 linux (Ben Hutchings)
 --
 man2html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/de62c13f721a4efa3bc14d914386ce35bbbb0de0...99384111f628695ae87fbe2ce32ba67cdd508c80

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/de62c13f721a4efa3bc14d914386ce35bbbb0de0...99384111f628695ae87fbe2ce32ba67cdd508c80
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221012/63dd7634/attachment-0001.htm>
