[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Sep 2 08:10:48 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7fa5035b by Moritz Muehlenhoff at 2022-09-02T09:07:16+02:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3914,10 +3914,10 @@ CVE-2022-37772
CVE-2022-37771
RESERVED
CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a segmentation fault ...)
- - libjpeg <unfixed>
- [bullseye] - libjpeg <no-dsa> (Minor issue)
+ - libjpeg <unfixed> (unimportant)
NOTE: https://github.com/thorfdbg/libjpeg/issues/79
NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-37769 (libjpeg commit 281daa9 was discovered to contain a segmentation fault ...)
- libjpeg <unfixed>
[bullseye] - libjpeg <no-dsa> (Minor issue)
@@ -5716,11 +5716,13 @@ CVE-2022-37049 (The component tcpprep in Tcpreplay v4.4.1 was discovered to cont
NOTE: https://github.com/appneta/tcpreplay/issues/718
NOTE: Crash in CLI tool, no security impact
CVE-2022-37048 (The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain ...)
- - tcpreplay <unfixed> (bug #1018057)
+ - tcpreplay <unfixed> (unimportant; bug #1018057)
NOTE: https://github.com/appneta/tcpreplay/issues/735
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-37047 (The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain ...)
- - tcpreplay <unfixed> (bug #1018057)
+ - tcpreplay <unfixed> (unimportant; bug #1018057)
NOTE: https://github.com/appneta/tcpreplay/issues/734
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-37046
RESERVED
CVE-2022-37045
@@ -7963,11 +7965,13 @@ CVE-2022-36192
RESERVED
CVE-2022-36191 (A heap-buffer-overflow had occurred in function gf_isom_dovi_config_ge ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2218
NOTE: https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3
CVE-2022-36190 (GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerabili ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2220
NOTE: Fixed along with: https://github.com/gpac/gpac/issues/2218
@@ -10582,8 +10586,9 @@ CVE-2022-35168 (Due to improper input sanitization of XML input in SAP Business
CVE-2022-35167 (Printix Cloud Print Management v1.3.1149.0 for Windows was discovered ...)
NOT-FOR-US: Printix Cloud Print Management
CVE-2022-35166 (libjpeg commit 842c7ba was discovered to contain an infinite loop via ...)
- - libjpeg <unfixed>
+ - libjpeg <unfixed> (unimportant)
NOTE: https://github.com/thorfdbg/libjpeg/issues/7
+ NOTE: Hang in CLI tool, no security impact
CVE-2022-35165 (An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows at ...)
NOT-FOR-US: Bento4
CVE-2022-35164 (LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a ...)
@@ -41297,6 +41302,7 @@ CVE-2022-21795
RESERVED
CVE-2022-21233 (Improper isolation of shared resources in some Intel(R) Processors may ...)
- intel-microcode 3.20220809.1
+ [bullseye] - intel-microcode <no-dsa> (Minor issue, only impacts SGX)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809
CVE-2022-21128 (Insufficient control flow management in the Intel(R) Advisor software ...)
@@ -43083,6 +43089,7 @@ CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...
NOTE: https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa (v8.2.4217)
CVE-2022-0367 (A heap-based buffer overflow flaw was found in libmodbus in function m ...)
- libmodbus <unfixed>
+ [bullseye] - libmodbus <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045571
NOTE: https://github.com/stephane/libmodbus/issues/614
NOTE: Fixed by: https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 (v3.1.7)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fa5035b624ace13d3e469a2299b5e0acfea442c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fa5035b624ace13d3e469a2299b5e0acfea442c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220902/d43b233f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list