[Git][security-tracker-team/security-tracker][master] 3 commits: Marked all open CVEs for package aom as no-dsa with motivation minor issue in buster.

Ola Lundqvist (@opal) opal at debian.org
Fri Sep 9 06:57:33 BST 2022 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d67df40 by Ola Lundqvist at 2022-09-09T07:50:10+02:00
Marked all open CVEs for package aom as no-dsa with motivation minor issue in buster.

- - - - -
e6a12f33 by Ola Lundqvist at 2022-09-09T07:50:12+02:00
Marked CVE-2020-20288 as no-dsa in buster.

- - - - -
bf29af6f by Ola Lundqvist at 2022-09-09T07:57:05+02:00
Added phpseclib and php-phpseclib to dla-needed.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -40895,6 +40895,7 @@ CVE-2022-0671 (A flaw was found in vscode-xml in versions prior to 0.19.0. Schem
 	NOT-FOR-US: vscode-xml
 CVE-2022-0670 (A flaw was found in Openstack manilla owning a Ceph File system "share ...)
 	- ceph 16.2.10+ds-1 (bug #1016069)
+	[buster] - ceph <no-dsa> (Minor issue)
 	NOTE: https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/
 	NOTE: https://docs.ceph.com/en/latest/security/CVE-2022-0670/
 CVE-2022-0669 (A flaw was found in dpdk. This flaw allows a malicious vhost-user mast ...)
@@ -97320,16 +97321,19 @@ CVE-2021-3486 (GLPi 9.5.4 does not sanitize the metadata. This way its possible
 CVE-2021-30475 (aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buf ...)
 	[experimental] - aom 3.2.0-1~exp1
 	- aom 3.2.0-1
+	[buster] - aom <no-dsa> (Minor issue)
 	NOTE: https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0
 	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2999
 CVE-2021-30474 (aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use ...)
 	[experimental] - aom 3.2.0-1~exp1
 	- aom 3.2.0-1
+	[buster] - aom <no-dsa> (Minor issue)
 	NOTE: https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e
 	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3000
 CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that i ...)
 	[experimental] - aom 3.2.0-1~exp1
 	- aom 3.2.0-1 (bug #988211)
+	[buster] - aom <no-dsa> (Minor issue)
 	NOTE: https://aomedia.googlesource.com/aom/+/d0cac70b542c38accd916f8afd13592d34c48963%5E%21/
 	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2998
 CVE-2021-30472 (A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in Pdf ...)
@@ -208236,6 +208240,7 @@ CVE-2020-0479 (In callUnchecked of DocumentsProvider.java, there is a possible p
 	NOT-FOR-US: Android
 CVE-2020-0478 (In extend_frame_lowbd of restoration.c, there is a possible out of bou ...)
 	- aom 1.0.0.errata1.avif-1
+	[buster] - aom <no-dsa> (Minor issue)
 	NOTE: https://android.googlesource.com/platform/external/libaom/+/816f15265cb89a02d7ce4b657de277828e71a4b1
 	NOTE: https://source.android.com/security/bulletin/pixel/2020-12-01
 	NOTE: https://aomedia.googlesource.com/aom/+/ebba9c769be2c99d5396d0018901e9a4af5e2d2c (v1.0.0-errata1-avif)


=====================================
data/dla-needed.txt
=====================================
@@ -99,6 +99,14 @@ pcs (Valentin Vidic)
   NOTE: 20220908: CVE-2022-2735 not-affected: Vulnerable code not present, see #1018930.
   NOTE: 20220908: CVE-2022-1049 vulnerable
 --
+phpseclib
+  NOTE: 20220909: Programming language: PHP.
+  NOTE: 20220909: Note the discussion whether 2.0 is in fact affected by the CVE or not. It looks like it is affected by a small part of it that is best to fix..
+--
+php-phpseclib
+  NOTE: 20220909: Programming language: PHP.
+  NOTE: 20220909: Note the discussion whether 2.0 is in fact affected by the CVE or not. It looks like it is affected by a small part of it that is best to fix..
+--
 poppler (Markus Koschany)
   NOTE: 20220904: Programming language: C.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aba0ccc2c5d57c0fc38705dbc7d5de7de20e0862...bf29af6f62b8ae108b8abd7250e18af764b8cb75

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aba0ccc2c5d57c0fc38705dbc7d5de7de20e0862...bf29af6f62b8ae108b8abd7250e18af764b8cb75
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220909/894a79f9/attachment.htm>

More information about the debian-security-tracker-commits mailing list