[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Oct 25 08:00:53 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f75a9f52 by Moritz Muehlenhoff at 2022-10-25T09:00:30+02:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -903,8 +903,9 @@ CVE-2022-3594 (A vulnerability was found in Linux Kernel. It has been declared a
 	- linux 6.0.3-1
 	NOTE: https://git.kernel.org/linus/93e2be344a7db169b7119de21ac1bf253b8c6907 (6.1-rc1)
 CVE-2022-3593 (A vulnerability was found in Linux Kernel. It has been classified as p ...)
-	- iproute2 5.19.0-1
+	- iproute2 5.19.0-1 (unimportant)
 	NOTE: https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=2cb76253ed852559a4f2b315f5e23457a15d71e5
+	NOTE: Memory leak in CLI tool, no security impact
 CVE-2022-3592
 	RESERVED
 CVE-2022-43399
@@ -1968,17 +1969,21 @@ CVE-2022-3531 (A vulnerability was found in Linux Kernel. It has been classified
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=6d2e21dc4db3933db65293552ecc1ede26febeca
 	NOTE: Issue only in selftest/bpf.
 CVE-2022-3530 (A vulnerability was found in Linux Kernel and classified as problemati ...)
-	- iproute2 5.19.0-1
+	- iproute2 5.19.0-1 (unimportant)
 	NOTE: https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=1d540336b026ed5bfe10eefac383db7f434d842f
+	NOTE: Memory leak in CLI tool, no security impact
 CVE-2022-3529 (A vulnerability has been found in Linux Kernel and classified as probl ...)
-	- iproute2 5.19.0-1
+	- iproute2 5.19.0-1 (unimportant)
 	NOTE: https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=6db01afd60748afbba114be2773be338c5be28ff
+	NOTE: Memory leak in CLI tool, no security impact
 CVE-2022-3528 (A vulnerability, which was classified as problematic, was found in Lin ...)
-	- iproute2 5.19.0-1
+	- iproute2 5.19.0-1 (unimportant)
 	NOTE: https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=afdbb0204a5872f1f76058a0db5a529b1f0c8de7
+	NOTE: Memory leak in CLI tool, no security impact
 CVE-2022-3527 (A vulnerability, which was classified as problematic, has been found i ...)
-	- iproute2 5.19.0-1
+	- iproute2 5.19.0-1 (unimportant)
 	NOTE: https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=c5433c4b7a57d380f4cb351316f5ba5ebae9538e
+	NOTE: Memory leak in CLI tool, no security impact
 CVE-2022-3526 (A vulnerability classified as problematic was found in Linux Kernel. T ...)
 	- linux 5.17.6-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -68709,10 +68714,11 @@ CVE-2022-21695 (OnionShare is an open source tool that lets you securely and ano
 	[buster] - onionshare <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4
 CVE-2022-21694 (OnionShare is an open source tool that lets you securely and anonymous ...)
-	- onionshare 2.5-1 (bug #1014966)
+	- onionshare 2.5-1 (unimportant; bug #1014966)
 	[buster] - onionshare <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h
 	NOTE: https://github.com/onionshare/onionshare/issues/1389
+	NOTE: This isn't a security vulnerability by itself
 CVE-2022-21693 (OnionShare is an open source tool that lets you securely and anonymous ...)
 	- onionshare 2.5-1 (bug #1014966)
 	[bullseye] - onionshare <not-affected> (Vulnerable code not present)
@@ -68738,7 +68744,7 @@ CVE-2022-21689 (OnionShare is an open source tool that lets you securely and ano
 	NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-jh82-c5jw-pxpc
 	NOTE: https://github.com/onionshare/onionshare/commit/096178a9e6133fd6ca9d95a00a67bba75ccab377 (v2.5)
 CVE-2022-21688 (OnionShare is an open source tool that lets you securely and anonymous ...)
-	- onionshare 2.5-1 (bug #1014966)
+	NOTE: The report against OnionShare is just a stop gap, this needs to be tracked down/fixed in Qt
 	NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v
 CVE-2022-21687 (gh-ost is a triggerless online schema migration solution for MySQL. Ve ...)
 	NOT-FOR-US: GitHub Online Schema
@@ -77583,6 +77589,7 @@ CVE-2021-41869 (SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vuln
 CVE-2021-41868 (OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ...)
 	- onionshare 2.5-1 (bug #1014966)
 	[buster] - onionshare <not-affected> (Vulnerable code not present)
+	NOTE: https://github.com/onionshare/onionshare/issues/1396
 CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ...)
 	- onionshare 2.5-1 (bug #1014966)
 	[bullseye] - onionshare <not-affected> (Vulnerable code not present)


=====================================
data/dsa-needed.txt
=====================================
@@ -33,6 +33,8 @@ netatalk
 --
 nodejs
 --
+multipath-tools
+--
 openexr
 --
 php-horde-mime-viewer



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f75a9f52c39cdf46fa77f45e7e3cf466cea35afb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f75a9f52c39cdf46fa77f45e7e3cf466cea35afb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221025/93170a19/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list