[Git][security-tracker-team/security-tracker][master] Process several texlive-bin CVEs related to OTFCC
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 22 21:48:52 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
12210128 by Salvatore Bonaccorso at 2022-09-22T22:47:34+02:00
Process several texlive-bin CVEs related to OTFCC
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16030,43 +16030,97 @@ CVE-2022-35041
CVE-2022-35040
RESERVED
CVE-2022-35039 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35038 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35037 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35036 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35035 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35034 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35033
RESERVED
CVE-2022-35032 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35031 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35030 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35029 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35028 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35027 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35026 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35025 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35024 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35023 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35022 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35021 (OTFCC commit 617837b was discovered to contain a global buffer overflo ...)
- TODO: check
+ - texlive-bin <unfixed> (unimportant)
+ [bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
+ [buster] - texlive-bin <not-affected> (Vulnerable code not present)
+ NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
CVE-2022-35020 (Advancecomp v2.3 was discovered to contain a heap buffer overflow via ...)
- advancecomp <unfixed> (unimportant; bug #1019592)
NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35020.md
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12210128324d72e67d4ade82c87af775c5b5fd08
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12210128324d72e67d4ade82c87af775c5b5fd08
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220922/5c7eb645/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list