[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Oct 25 11:33:56 BST 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9ce5b6e9 by Moritz Muehlenhoff at 2022-10-25T12:33:08+02:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5988,9 +5988,10 @@ CVE-2022-3297 (Use After Free in GitHub repository vim/vim prior to 9.0.0579. ..
 	NOTE: https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c (v9.0.0579)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-3296 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
-	- vim 2:9.0.0626-1
+	- vim 2:9.0.0626-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077
 	NOTE: https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be (v9.0.0577)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-3295 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-3294
@@ -49437,6 +49438,7 @@ CVE-2022-0700 (The Simple Tracking WordPress plugin before 1.7 does not sanitise
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0699 (A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0  ...)
 	- shapelib 1.5.0-3 (bug #1022557)
+	[bullseye] - shapelib <no-dsa> (Minor issue)
 	NOTE: https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f
 	NOTE: https://github.com/OSGeo/shapelib/issues/39
 CVE-2022-25597 (ASUS RT-AC86U’s LPD service has insufficient filtering for speci ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -56,9 +56,13 @@ ruby-tzinfo
 --
 salt
 --
+samba
+--
 sofia-sip
   Maintainer proposed debdiff, though as rebuild of the testing version
 --
 sox
   patch needed for CVE-2021-40426, check with upstream
 --
+thunderbird (jmm)
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ce5b6e9ab5505b40b5cc89387e82e44cd9f6e5a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ce5b6e9ab5505b40b5cc89387e82e44cd9f6e5a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221025/b7badb78/attachment.htm>


More information about the debian-security-tracker-commits mailing list