[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Sep 5 11:21:16 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
16b896bb by Moritz Muehlenhoff at 2022-09-05T12:20:25+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25478,6 +25478,7 @@ CVE-2022-28702 (Incorrect Default Permissions vulnerability in ABB e-Design allo
 	NOT-FOR-US: ABB e-Design
 CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail and give predictable random val ...)
 	- samba <unfixed>
+	[bullseye] - samba <postponed> (Minor issue)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15103
 	NOTE: https://gitlab.com/samba-team/samba/-/commit/9849e7440e30853c61a80ce1f11b7b244ed766fe (v4-17-stable)
 CVE-2022-1614 (The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visi ...)
@@ -41751,12 +41752,14 @@ CVE-2022-24730 (Argo CD is a declarative, GitOps continuous delivery tool for Ku
 CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.  ...)
 	- ckeditor 4.19.0+dfsg-1
 	- ckeditor3 <unfixed> (bug #1015217)
+	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh
 CVE-2022-24728 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.  ...)
 	- ckeditor 4.19.0+dfsg-1
 	- ckeditor3 <unfixed> (bug #1015217)
+	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89
@@ -55668,6 +55671,7 @@ CVE-2021-44739 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and ear
 	NOT-FOR-US: Adobe
 CVE-2021-44545 (Improper input validation for some Intel(R) PROSet/Wireless WiFi and K ...)
 	- firmware-nonfree <unfixed>
+	[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
 	NOTE: Fixed upstream in 20220815
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd
@@ -55697,6 +55701,7 @@ CVE-2021-23188 (Improper access control for some Intel(R) PROSet/Wireless WiFi a
 	NOT-FOR-US: Intel
 CVE-2021-23168 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(T ...)
 	- firmware-nonfree <unfixed>
+	[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
 	NOTE: Fixed upstream in 20220815
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd
@@ -56681,6 +56686,7 @@ CVE-2021-4036
 	RESERVED
 CVE-2021-37409 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...)
 	- firmware-nonfree <unfixed>
+	[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
 	NOTE: Fixed upstream in 20220815
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd
@@ -56708,6 +56714,7 @@ CVE-2021-26251
 	RESERVED
 CVE-2021-23223 (Improper initialization for some Intel(R) PROSet/Wireless WiFi and Kil ...)
 	- firmware-nonfree <unfixed>
+	[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
 	NOTE: Fixed upstream in 20220815
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd
@@ -60384,6 +60391,7 @@ CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for Intel(R)
 	NOT-FOR-US: Intel
 CVE-2022-21181 (Improper input validation for some Intel(R) PROSet/Wireless WiFi and K ...)
 	- firmware-nonfree <unfixed>
+	[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
 	NOTE: Fixed upstream in 20220815
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd
@@ -69006,6 +69014,7 @@ CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected ver
 	[buster] - ckeditor <no-dsa> (Minor issue)
 	[stretch] - ckeditor <no-dsa> (Minor issue)
 	- ckeditor3 <unfixed> (bug #1015217)
+	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2 (v4.17.0)
@@ -78002,6 +78011,7 @@ CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content
 	[bullseye] - ckeditor <no-dsa> (Minor issue)
 	[buster] - ckeditor <no-dsa> (Minor issue)
 	- ckeditor3 <unfixed> (bug #1015217)
+	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc
@@ -87168,6 +87178,7 @@ CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Proc
 	- ckeditor 4.16.0+dfsg-2
 	[buster] - ckeditor <no-dsa> (Minor issue)
 	- ckeditor3 <unfixed> (bug #1015217)
+	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
 	NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
@@ -106873,6 +106884,7 @@ CVE-2021-26271 (It was possible to execute a ReDoS-type attack inside CKEditor 4
 	[buster] - ckeditor <no-dsa> (Minor issue)
 	[stretch] - ckeditor <postponed> (Fix along next DLA)
 	- ckeditor3 <unfixed> (bug #1015217)
+	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
 	NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
@@ -266232,6 +266244,7 @@ CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a
 	[stretch] - ckeditor <ignored> (Minor issue, XSS through direct copy/paste by victim, no identified patch)
 	[jessie] - ckeditor <ignored> (Minor issue)
 	- ckeditor3 <unfixed> (low; bug #1015217)
+	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
 	- fckeditor <removed>
@@ -281770,6 +281783,7 @@ CVE-2018-12065 (A Local File Inclusion vulnerability in /system/WCore/WHelper.ph
 	NOT-FOR-US: wityCMS
 CVE-2018-12064 (tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChann ...)
 	- tinyexr <unfixed> (bug #1014980)
+	[bullseye] - tinyexr <no-dsa> (Minor issue)
 	NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_7953aea
 CVE-2018-12063 (The sell function of a smart contract implementation for Internet Node ...)
 	NOT-FOR-US: Internet Node Token
@@ -434982,6 +434996,7 @@ CVE-2014-5191 (Cross-site scripting (XSS) vulnerability in the Preview plugin be
 	[wheezy] - ckeditor <not-affected> (Preview plugin not yet present)
 	[squeeze] - ckeditor <not-affected> (Preview plugin not yet present)
 	- ckeditor3 <unfixed> (bug #1015217)
+	[bullseye] - ckeditor3 <no-dsa> (Minor issue)
 	[buster] - ckeditor3 <end-of-life> (No longer supported in LTS)
 	[stretch] - ckeditor3 <end-of-life> (EOL'd for stretch)
 	NOTE: https://dev.ckeditor.com/browser/CKEditor/trunk/_source/plugins/preview/preview.html?rev=7706 (v3.6.x)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16b896bbe008f9d4fc519b76de8469636c488681

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16b896bbe008f9d4fc519b76de8469636c488681
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220905/1b76f3bc/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list