[Git][security-tracker-team/security-tracker][master] 7 commits: Marked CVE-2022-37434 for libz-mingw-w64 as no-dsa with motivation minor issue...

Ola Lundqvist (@opal) opal at debian.org
Tue Sep 6 22:23:55 BST 2022



Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3e1acc24 by Ola Lundqvist at 2022-09-06T23:03:38+02:00
Marked CVE-2022-37434 for libz-mingw-w64 as no-dsa with motivation minor issue following the analysis for bullseye.

- - - - -
b457154a by Ola Lundqvist at 2022-09-06T23:05:39+02:00
Marked CVE-2022-2962 for qemu as no-dsa in buster with motivation minor issue following the analysis for bullseye.

- - - - -
a65ad595 by Ola Lundqvist at 2022-09-06T23:07:59+02:00
Marked CVE-2020-10688 for resteasy as no-dsa in buster with motivation minor issue following the analysis for bullseye.

- - - - -
65aca7e5 by Ola Lundqvist at 2022-09-06T23:10:53+02:00
Marked CVE-2022-25648 for ruby-git as no-dsa in buster with motivation minor issue following the analysis for bullseye.

- - - - -
b8f1a972 by Ola Lundqvist at 2022-09-06T23:16:17+02:00
Marked CVE-2022-36144 and CVE-2022-36139 for swfmill as no-dsa in buster with motivation minor issue following the analysis for bullseye.

- - - - -
56b1879f by Ola Lundqvist at 2022-09-06T23:19:56+02:00
Marked CVE-2022-2867, CVE-2022-2868 and CVE-2022-2869 for tiff as no-dsa in buster with motivation minor issue following the analysis for bullseye.

- - - - -
178635f8 by Ola Lundqvist at 2022-09-06T23:20:48+02:00
Marked CVE-2019-25058 for usbguard as no-dsa in buster with motivation minor issue following the analysis for bullseye.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3427,6 +3427,7 @@ CVE-2022-2962
 	RESERVED
 	- qemu <unfixed> (bug #1018055)
 	[bullseye] - qemu <no-dsa> (Minor issue)
+	[buster] - qemu <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2120631
 	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1171
 	NOTE: https://lore.kernel.org/qemu-devel/20220821124343.1336880-1-zheyuma97@gmail.com/
@@ -4375,17 +4376,20 @@ CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as proble
 CVE-2022-2869 (libtiff's tiffcrop tool has a uint32_t underflow which leads to out of ...)
 	- tiff 4.4.0~rc1-1
 	[bullseye] - tiff <no-dsa> (Minor issue)
+	[buster] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/352
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1)
 CVE-2022-2868 (libtiff's tiffcrop utility has a improper input validation flaw that c ...)
 	- tiff 4.4.0~rc1-1
 	[bullseye] - tiff <no-dsa> (Minor issue)
+	[buster] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/335
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/294
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1)
 CVE-2022-2867 (libtiff's tiffcrop utility has a uint32_t underflow that can lead to o ...)
 	- tiff 4.4.0~rc1-1
 	[bullseye] - tiff <no-dsa> (Minor issue)
+	[buster] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/350
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/351
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1)
@@ -6813,6 +6817,7 @@ CVE-2022-37434 (zlib through 1.2.12 has a heap-based buffer over-read or buffer
 	- zlib 1:1.2.11.dfsg-4.1 (bug #1016710)
 	- libz-mingw-w64 1.2.12+dfsg-2
 	[bullseye] - libz-mingw-w64 <no-dsa> (Minor issue)
+	[buster] - libz-mingw-w64 <no-dsa> (Minor issue)
 	NOTE: https://github.com/ivd38/zlib_overflow
 	NOTE: https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
 	NOTE: https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d
@@ -10204,6 +10209,7 @@ CVE-2022-36145 (SWFMill commit 53d7690 was discovered to contain a segmentation
 CVE-2022-36144 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...)
 	- swfmill <unfixed>
 	[bullseye] - swfmill <no-dsa> (Minor issue)
+	[buster] - swfmill <no-dsa> (Minor issue)
 	NOTE: https://github.com/djcsdy/swfmill/issues/63
 CVE-2022-36143 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...)
 	- swfmill <unfixed> (unimportant)
@@ -10224,6 +10230,7 @@ CVE-2022-36140 (SWFMill commit 53d7690 was discovered to contain a segmentation
 CVE-2022-36139 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...)
 	- swfmill <unfixed>
 	[bullseye] - swfmill <no-dsa> (Minor issue)
+	[buster] - swfmill <no-dsa> (Minor issue)
 	NOTE: https://github.com/djcsdy/swfmill/issues/56
 CVE-2022-36138
 	RESERVED
@@ -38931,6 +38938,7 @@ CVE-2022-25758 (All versions of package scss-tokenizer are vulnerable to Regular
 CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injection via  ...)
 	- ruby-git <unfixed> (bug #1009926)
 	[bullseye] - ruby-git <no-dsa> (Minor issue)
+	[buster] - ruby-git <no-dsa> (Minor issue)
 	NOTE: https://github.com/ruby-git/ruby-git/pull/569
 	NOTE: Fixed by: https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159 (v1.11.0)
 	NOTE: https://security.snyk.io/vuln/SNYK-RUBY-GIT-2421270
@@ -39220,6 +39228,7 @@ CVE-2019-25058 (An issue was discovered in USBGuard before 1.1.0. On systems wit
 	[experimental] - usbguard 1.1.0+ds-1
 	- usbguard 1.1.0+ds-2 (bug #1008026)
 	[bullseye] - usbguard <no-dsa> (Minor issue)
+	[buster] - usbguard <no-dsa> (Minor issue)
 	NOTE: https://github.com/USBGuard/usbguard/issues/273
 	NOTE: https://github.com/USBGuard/usbguard/issues/403
 	NOTE: https://github.com/USBGuard/usbguard/pull/531
@@ -178094,6 +178103,7 @@ CVE-2020-10688 (A cross-site scripting (XSS) flaw was found in RESTEasy in versi
 	- resteasy <unfixed> (bug #970328)
 	- resteasy3.0 <unfixed> (bug #1015001)
 	[bullseye] - resteasy3.0 <no-dsa> (Minor issue)
+	[buster] - resteasy3.0 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974
 	NOTE: https://github.com/quarkusio/quarkus/issues/7248
 	NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5b6a4a2b319a12f21f9ee0df727ff661be018e2b...178635f8f50de2fe4eeb0c5c3aefe63e34c52a84

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5b6a4a2b319a12f21f9ee0df727ff661be018e2b...178635f8f50de2fe4eeb0c5c3aefe63e34c52a84
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220906/0aaf6718/attachment.htm>


More information about the debian-security-tracker-commits mailing list