[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Sep 7 10:32:27 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aa62fa10 by Moritz Muehlenhoff at 2022-09-07T11:31:45+02:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -396,6 +396,7 @@ CVE-2022-3135
 	RESERVED
 CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0388. ...)
 	- vim <unfixed>
+	[bullseye] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc
 	NOTE: https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e (v9.0.0389)
 CVE-2022-39959
@@ -684,9 +685,11 @@ CVE-2022-39833
 	RESERVED
 CVE-2022-39832 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...)
 	- pspp <unfixed>
+	[bullseye] - pspp <no-dsa> (Minor issue)
 	NOTE: https://savannah.gnu.org/bugs/index.php?63000
 CVE-2022-39831 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...)
 	- pspp <unfixed>
+	[bullseye] - pspp <no-dsa> (Minor issue)
 	NOTE: https://savannah.gnu.org/bugs/?62977
 CVE-2022-39830 (sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on th ...)
 	NOT-FOR-US: Samsung mTower
@@ -3904,6 +3907,7 @@ CVE-2022-38531
 	RESERVED
 CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2216
 	NOTE: https://github.com/gpac/gpac/commit/4e56ad72ac1afb4e049a10f2d99e7512d7141f9d
 CVE-2022-38529 (tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflo ...)
@@ -10488,6 +10492,7 @@ CVE-2022-36060
 CVE-2022-36059
 	RESERVED
 	- node-matrix-js-sdk <unfixed> (bug #1018970)
+	[bullseye] - node-matrix-js-sdk <no-dsa> (Minor issue)
 	- thunderbird 1:102.2.1-1
 	[bullseye] - thunderbird <not-affected> (Only affects ESR102)
 	[buster] - thunderbird <not-affected> (Only affects ESR102)
@@ -39025,6 +39030,7 @@ CVE-2022-25324 (All versions of package bignum are vulnerable to Denial of Servi
 	NOT-FOR-US: justmoon/node-bignum
 CVE-2022-25304 (All versions of package opcua; all versions of package asyncua are vul ...)
 	- python-opcua <unfixed>
+	[bullseye] - python-opcua <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeOpcUa/python-opcua/issues/1466
 	NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-OPCUA-2988730
 CVE-2022-25303 (The package whoogle-search before 0.7.2 are vulnerable to Cross-site S ...)
@@ -42396,6 +42402,7 @@ CVE-2022-24758 (The Jupyter notebook is a web-based notebook environment for int
 	NOTE: https://github.com/jupyter/notebook/commit/c219ce43c1ea25123fa70d264e7735bdf4585b1e (6.4.10)
 CVE-2022-24757 (The Jupyter Server provides the backend (i.e. the core services, APIs, ...)
 	- jupyter-server 1.16.0-1 (bug #1008319)
+	[bullseye] - jupyter-server <no-dsa> (Minor issue)
 	NOTE: https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a (v1.15.4)
 	NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr
 CVE-2022-24756 (Bareos is open source software for backup, archiving, and recovery of  ...)
@@ -177949,6 +177956,7 @@ CVE-2020-10735
 	- python3.11 <unfixed>
 	- python3.10 <unfixed>
 	- python3.9 <unfixed>
+	[bullseye] - python3.9 <no-dsa> (Minor issue)
 	- python3.7 <removed>
 	NOTE: https://github.com/python/cpython/issues/95778
 	NOTE: https://github.com/python/cpython/pull/96499


=====================================
data/dsa-needed.txt
=====================================
@@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa
 --
 asterisk (apo)
 --
+commons-configuration
+--
 connman (carnil)
 --
 freecad (aron)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa62fa10b5423e05c629cb3b6b58652a0a91af0b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa62fa10b5423e05c629cb3b6b58652a0a91af0b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220907/77fb183a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list