[Git][security-tracker-team/security-tracker][master] 11 commits: CVE-2022-39028,inetutils: Buster is no-dsa

Markus Koschany (@apo) apo at debian.org
Sun Sep 4 06:42:00 BST 2022 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a6a1dea by Markus Koschany at 2022-09-04T07:14:26+02:00
CVE-2022-39028,inetutils: Buster is no-dsa

Minor issue

- - - - -
7447b886 by Markus Koschany at 2022-09-04T07:19:13+02:00
CVE-2021-3427,deluge: Mark Buster as no-dsa

Minor issue

- - - - -
bd383103 by Markus Koschany at 2022-09-04T07:21:21+02:00
Add imagemagick to dla-needed.txt

- - - - -
3a9fe2b5 by Markus Koschany at 2022-09-04T07:22:15+02:00
CVE-2022-21233,intel-microcode: Buster no-dsa

Minor issue

- - - - -
dcfc53fa by Markus Koschany at 2022-09-04T07:25:21+02:00
CVE-2022-2447,keystone: Buster no-dsa

Minor issue

- - - - -
ff3b84aa by Markus Koschany at 2022-09-04T07:33:12+02:00
Add openexr to dla-needed.txt

- - - - -
d623da06 by Markus Koschany at 2022-09-04T07:34:51+02:00
CVE-2022-37428,pdns-recursor: Buster no-dsa

Minor issue

- - - - -
4653ec65 by Markus Koschany at 2022-09-04T07:36:53+02:00
Add python-oslo.utils to dla-needed.txt

- - - - -
71877d01 by Markus Koschany at 2022-09-04T07:39:01+02:00
Add samba to dla-needed.txt

- - - - -
b279146d by Markus Koschany at 2022-09-04T07:39:54+02:00
Add vim to dla-needed.txt

- - - - -
d79787aa by Markus Koschany at 2022-09-04T07:41:07+02:00
CVE-2021-42521,vtk6,vtk7: Buster is no-dsa

Minor issue

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2344,6 +2344,7 @@ CVE-2022-3019 (The forgot password token basically just makes us capable of taki
 CVE-2022-39028 (telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and ...)
 	- inetutils 2:2.3-5
 	[bullseye] - inetutils <no-dsa> (Minor issue)
+	[buster] - inetutils <no-dsa> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
 	NOTE: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
 CVE-2022-38795
@@ -6096,6 +6097,7 @@ CVE-2022-37429
 CVE-2022-37428 (PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when pro ...)
 	- pdns-recursor 4.7.2-1
 	[bullseye] - pdns-recursor <no-dsa> (Minor issue)
+	[buster] - pdns-recursor <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/08/23/1
 	NOTE: https://downloads.powerdns.com/patches/2022-02/
 CVE-2022-37427
@@ -9550,6 +9552,7 @@ CVE-2022-2448
 CVE-2022-2447 (A flaw was found in OpenStack. The application credential tokens can b ...)
 	- keystone <unfixed>
 	[bullseye] - keystone <no-dsa> (Minor issue)
+	[buster] - keystone <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2105419
 CVE-2017-20143 (A vulnerability, which was classified as critical, has been found in I ...)
 	NOT-FOR-US: Itech Movie Portal Script
@@ -42703,6 +42706,7 @@ CVE-2022-21795
 CVE-2022-21233 (Improper isolation of shared resources in some Intel(R) Processors may ...)
 	- intel-microcode 3.20220809.1
 	[bullseye] - intel-microcode <no-dsa> (Minor issue, only impacts SGX)
+	[buster] - intel-microcode <no-dsa> (Minor issue, only impacts SGX)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809
 CVE-2022-21128 (Insufficient control flow management in the Intel(R) Advisor software  ...)
@@ -65260,8 +65264,10 @@ CVE-2021-42521 (There is a NULL pointer dereference vulnerability in VTK, and it
 	[bullseye] - vtk9 <no-dsa> (Minor issue)
 	- vtk7 <unfixed>
 	[bullseye] - vtk7 <no-dsa> (Minor issue)
+	[buster] - vtk7 <no-dsa> (Minor issue)
 	- vtk6 <unfixed>
 	[bullseye] - vtk6 <no-dsa> (Minor issue)
+	[buster] - vtk6 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/17818
 CVE-2021-42520
 	RESERVED
@@ -102159,6 +102165,7 @@ CVE-2021-28133 (Zoom through 5.5.4 sometimes allows attackers to read private in
 CVE-2021-3427 (The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. ...)
 	- deluge <unfixed>
 	[bullseye] - deluge <no-dsa> (Minor issue)
+	[buster] - deluge <no-dsa> (Minor issue)
 	NOTE: https://dev.deluge-torrent.org/ticket/3459
 	NOTE: https://dev.deluge-torrent.org/changeset/8ece03677
 	NOTE: https://dev.deluge-torrent.org/changeset/a5503c0c606


=====================================
data/dla-needed.txt
=====================================
@@ -46,6 +46,10 @@ exiv2 (Roberto C. Sánchez)
 glib2.0
   NOTE: 20220901: Programming language C.
 --
+imagemagick
+  NOTE: 20220904: Programming language C.
+  NOTE: 20220904: Should be synced with Stretch. (apo)
+--
 kopanocore
   NOTE: 20220801: Programming language: C++.
   NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973)
@@ -66,9 +70,15 @@ nodejs (Sylvain Beucler)
   NOTE: 20220801: Programming language: JavaScript, C/C++, Python.
   NOTE: 20220801: one of the upstream fixes doesn't address the security issue (jmm)
 --
+openexr
+  NOTE: 20220904: Programming language C++.
+  NOTE: 20220904: Should be synced with Stretch. (apo)
+--
 poppler (Markus Koschany)
   NOTE: 20220902: Programming language C.
 --
+python-oslo.utils
+--
 qemu (Abhijith PA)
   NOTE: 20220802: Programming language: C.
   NOTE: 20220802: debdiff of backported fixes was submitted to buster-proposed-updates: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931 and
@@ -76,6 +86,10 @@ qemu (Abhijith PA)
   NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith)
   NOTE: 20220822: Merged new build at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc (abhijith)
 --
+samba
+  NOTE: 20220904: Programming language C.
+  NOTE: 20220904: Many postponed or open CVE in general. (apo)
+--
 salt
   NOTE: 20220814: Programming language: Python.
   NOTE: 20220814: Packages is not in the supported packages by us.
@@ -92,6 +106,9 @@ upx-ucl (Thorsten Alteholz)
   NOTE: 20220820: Programming language: C.
   NOTE: 20220820: CVE-2020-27787 may be not-affected. (Chris Lamb)
 --
+vim
+  NOTE: 20220904: Programming language C.
+--
 zlib (Emilio)
   NOTE: 20220813: Programming language: C.
   NOTE: 20220813: VCS: https://salsa.debian.org/lts-team/packages/zlib/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89d78ce2349421010afe77c055416493c7dba8de...d79787aa464539c746d208b2544deb9b5a598e1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89d78ce2349421010afe77c055416493c7dba8de...d79787aa464539c746d208b2544deb9b5a598e1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220904/0dfa6f0f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list