[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2022-0699,shapelib: Mark Buster as no-dsa

Sat Oct 29 22:49:38 BST 2022


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a383f282 by Markus Koschany at 2022-10-29T23:47:04+02:00
CVE-2022-0699,shapelib: Mark Buster as no-dsa

Minor issue

- - - - -
d71191ca by Markus Koschany at 2022-10-29T23:48:18+02:00
Reserve DSA-5264-1 batik

- - - - -
6160ed2b by Markus Koschany at 2022-10-29T23:49:14+02:00
Reserve DSA-5265-1 tomcat9

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39444,7 +39444,6 @@ CVE-2022-29892 (Improper input validation vulnerability in Space of Cybozu Garoo
 CVE-2022-29885 (The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1  ...)
 	{DLA-3160-1}
 	- tomcat9 9.0.63-1
-	[bullseye] - tomcat9 <postponed> (Minor issue)
 	- tomcat8 <removed>
 	[stretch] - tomcat8 <postponed> (Minor issue)
 	NOTE: https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48 (9.0.63)
@@ -51985,6 +51984,7 @@ CVE-2022-0700 (The Simple Tracking WordPress plugin before 1.7 does not sanitise
 CVE-2022-0699 (A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0  ...)
 	- shapelib 1.5.0-3 (bug #1022557)
 	[bullseye] - shapelib <no-dsa> (Minor issue)
+	[buster] - shapelib <no-dsa> (Minor issue)
 	NOTE: https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f
 	NOTE: https://github.com/OSGeo/shapelib/issues/39
 CVE-2022-25597 (ASUS RT-AC86U’s LPD service has insufficient filtering for speci ...)
@@ -60381,7 +60381,6 @@ CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTT
 CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use  ...)
 	{DLA-3160-1}
 	- tomcat9 9.0.58-1
-	[bullseye] - tomcat9 <postponed> (Minor issue, fix along in future DSA)
 	- tomcat8 <removed>
 	[stretch] - tomcat8 <postponed> (Minor issue; local race condition)
 	NOTE: https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,9 @@
+[29 Oct 2022] DSA-5265-1 tomcat9 - security update
+	{CVE-2021-43980 CVE-2022-23181 CVE-2022-29885}
+	[bullseye] - tomcat9 9.0.43-2~deb11u4
+[29 Oct 2022] DSA-5264-1 batik - security update
+	{CVE-2022-41704 CVE-2022-42890}
+	[bullseye] - batik 1.12-4+deb11u1
 [29 Oct 2022] DSA-5263-1 chromium - security update
 	{CVE-2022-3723}
 	[bullseye] - chromium 107.0.5304.87-1~deb11u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5ac4f6c94ac97439b2c9ab09d4bd063bbf53373a...6160ed2b1d2e4b4809f6a10127c3879d70f861c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5ac4f6c94ac97439b2c9ab09d4bd063bbf53373a...6160ed2b1d2e4b4809f6a10127c3879d70f861c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221029/b9fdcc8c/attachment.htm>
