[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 9 10:49:40 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cacc85a3 by Moritz Muehlenhoff at 2022-09-09T11:49:27+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,9 +17,10 @@ CVE-2022-40300
 	RESERVED
 CVE-2022-40299 (In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., b ...)
 	[experimental] - singular 1:4.3.1-p1+ds-1
-	- singular <unfixed>
+	- singular <unfixed> (unimportant)
 	NOTE: https://github.com/Singular/Singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c (Release-4-3-1)
 	NOTE: https://github.com/Singular/Singular/issues/1137
+	NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1)
 CVE-2022-40298
 	RESERVED
 CVE-2022-40297 (UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be use ...)
@@ -4926,9 +4927,10 @@ CVE-2022-2850 [SIGSEGV in sync_repl]
 	NOTE: https://github.com/389ds/389-ds-base/commit/bd566957f85c889f13cd24f903c91c16c955acbd (389-ds-base-1.3.10)
 	NOTE: Results from an incomplete fix for CVE-2021-3514
 CVE-2022-2849 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
-	- vim 2:9.0.0229-1
+	- vim 2:9.0.0229-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e
 	NOTE: https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2 (v9.0.0220)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2848
 	RESERVED
 CVE-2022-2847 (A vulnerability, which was classified as critical, has been found in S ...)
@@ -4936,9 +4938,10 @@ CVE-2022-2847 (A vulnerability, which was classified as critical, has been found
 CVE-2022-2846 (A vulnerability classified as problematic was found in Calendar Event  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2845 (Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218. ...)
-	- vim 2:9.0.0229-1
+	- vim 2:9.0.0229-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445
 	NOTE: https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c (v9.0.0218)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2844 (A vulnerability classified as problematic has been found in MotoPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2843 (A vulnerability was found in MotoPress Timetable and Event Schedule. I ...)
@@ -24497,6 +24500,7 @@ CVE-2022-1776 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPr
 	NOT-FOR-US: WordPress plugin
 CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...)
 	- gpac <unfixed> (bug #1016443)
+	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2179
@@ -43496,6 +43500,7 @@ CVE-2022-24576 (GPAC 1.0.1 is affected by Use After Free through MP4Box. ...)
 	NOTE: https://github.com/gpac/gpac/commit/96699aabae042f8f55cf8a85fa5758e3db752bae (v2.0.0)
 CVE-2022-24575 (GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box ...)
 	- gpac 2.0.0+dfsg1-2
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2058
@@ -63757,6 +63762,7 @@ CVE-2021-43178
 	REJECTED
 CVE-2021-43177 (As a result of an incomplete fix for CVE-2015-7225, in versions of dev ...)
 	- ruby-devise-two-factor 4.0.2-1 (bug #1009636)
+	[bullseye] - ruby-devise-two-factor <no-dsa> (Minor issue)
 	NOTE: https://github.com/tinfoil/devise-two-factor/security/advisories/GHSA-jm35-h8q2-73mp
 	NOTE: https://github.com/tinfoil/devise-two-factor/pull/108
 	NOTE: https://github.com/tinfoil/devise-two-factor/commit/64576bb9e7d29800c5f92bb86fb6ecff91ad6105 (v4.0.2)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cacc85a3dee80e45a3f10fb953e17cd59a396db1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cacc85a3dee80e45a3f10fb953e17cd59a396db1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220909/f02cf90d/attachment.htm>

More information about the debian-security-tracker-commits mailing list