[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 2 08:10:48 BST 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7fa5035b by Moritz Muehlenhoff at 2022-09-02T09:07:16+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3914,10 +3914,10 @@ CVE-2022-37772
 CVE-2022-37771
 	RESERVED
 CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a segmentation fault  ...)
-	- libjpeg <unfixed>
-	[bullseye] - libjpeg <no-dsa> (Minor issue)
+	- libjpeg <unfixed> (unimportant)
 	NOTE: https://github.com/thorfdbg/libjpeg/issues/79
 	NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-37769 (libjpeg commit 281daa9 was discovered to contain a segmentation fault  ...)
 	- libjpeg <unfixed>
 	[bullseye] - libjpeg <no-dsa> (Minor issue)
@@ -5716,11 +5716,13 @@ CVE-2022-37049 (The component tcpprep in Tcpreplay v4.4.1 was discovered to cont
 	NOTE: https://github.com/appneta/tcpreplay/issues/718
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-37048 (The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain ...)
-	- tcpreplay <unfixed> (bug #1018057)
+	- tcpreplay <unfixed> (unimportant; bug #1018057)
 	NOTE: https://github.com/appneta/tcpreplay/issues/735
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-37047 (The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain ...)
-	- tcpreplay <unfixed> (bug #1018057)
+	- tcpreplay <unfixed> (unimportant; bug #1018057)
 	NOTE: https://github.com/appneta/tcpreplay/issues/734
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-37046
 	RESERVED
 CVE-2022-37045
@@ -7963,11 +7965,13 @@ CVE-2022-36192
 	RESERVED
 CVE-2022-36191 (A heap-buffer-overflow had occurred in function gf_isom_dovi_config_ge ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2218
 	NOTE: https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3
 CVE-2022-36190 (GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerabili ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2220
 	NOTE: Fixed along with: https://github.com/gpac/gpac/issues/2218
@@ -10582,8 +10586,9 @@ CVE-2022-35168 (Due to improper input sanitization of XML input in SAP Business
 CVE-2022-35167 (Printix Cloud Print Management v1.3.1149.0 for Windows was discovered  ...)
 	NOT-FOR-US: Printix Cloud Print Management
 CVE-2022-35166 (libjpeg commit 842c7ba was discovered to contain an infinite loop via  ...)
-	- libjpeg <unfixed>
+	- libjpeg <unfixed> (unimportant)
 	NOTE: https://github.com/thorfdbg/libjpeg/issues/7
+	NOTE: Hang in CLI tool, no security impact
 CVE-2022-35165 (An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows at ...)
 	NOT-FOR-US: Bento4
 CVE-2022-35164 (LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a ...)
@@ -41297,6 +41302,7 @@ CVE-2022-21795
 	RESERVED
 CVE-2022-21233 (Improper isolation of shared resources in some Intel(R) Processors may ...)
 	- intel-microcode 3.20220809.1
+	[bullseye] - intel-microcode <no-dsa> (Minor issue, only impacts SGX)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809
 CVE-2022-21128 (Insufficient control flow management in the Intel(R) Advisor software  ...)
@@ -43083,6 +43089,7 @@ CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...
 	NOTE: https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa (v8.2.4217)
 CVE-2022-0367 (A heap-based buffer overflow flaw was found in libmodbus in function m ...)
 	- libmodbus <unfixed>
+	[bullseye] - libmodbus <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045571
 	NOTE: https://github.com/stephane/libmodbus/issues/614
 	NOTE: Fixed by: https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 (v3.1.7)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fa5035b624ace13d3e469a2299b5e0acfea442c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fa5035b624ace13d3e469a2299b5e0acfea442c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220902/d43b233f/attachment.htm>


More information about the debian-security-tracker-commits mailing list