[Git][security-tracker-team/security-tracker][master] bullseye triage

Tue Sep 27 13:16:55 BST 2022


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
25dfd340 by Moritz Muehlenhoff at 2022-09-27T14:16:42+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -548,9 +548,10 @@ CVE-2022-41338
 CVE-2022-41337
 	RESERVED
 CVE-2022-3297 (Use After Free in GitHub repository vim/vim prior to 9.0.0579. ...)
-	- vim <unfixed>
+	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c
 	NOTE: https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c (v9.0.0579)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-3296 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
 	- vim <unfixed>
 	NOTE: https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077
@@ -633,8 +634,8 @@ CVE-2022-3278 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.
 CVE-2022-3277 [unrestricted creation of security groups]
 	RESERVED
 	- neutron <unfixed>
+	[bullseye] - neutron <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129193
-	TODO: details missing on RH bugzilla entry
 CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in t ...)
 	- node-hoek 9.0.3+~5.0.0+~4.0.0-1
 	[buster] - node-hoek <not-affected> (Vulnerable code not present)
@@ -6382,16 +6383,18 @@ CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to m
 	NOTE: https://trac.mplayerhq.hu/ticket/2407
 	NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2622e7fbe3605a2f3b4f74900197fefeedc0d2e1 (r38402)
 CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide By Zero  ...)
-	- mplayer <unfixed>
+	- mplayer <unfixed> (unimportant)
 	NOTE: https://trac.mplayerhq.hu/ticket/2402
 	NOTE: Duplicate of https://trac.mplayerhq.hu/ticket/2401
 	NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/62fe0c63cf4fba91efd29bbc85309280e1a99a47 (r38389)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-38859
 	RESERVED
 CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
-	- mplayer <unfixed>
+	- mplayer <unfixed> (unimportant)
 	NOTE: https://trac.mplayerhq.hu/ticket/2396
 	NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/92e0d0b1a04dfdd4ac741e0d07005e3ece2c92ca (r38385)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-38857
 	RESERVED
 CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
@@ -27633,6 +27636,7 @@ CVE-2022-31034 (Argo CD is a declarative, GitOps continuous delivery tool for Ku
 	NOT-FOR-US: Argo CD
 CVE-2022-31033 (The Mechanize library is used for automating interaction with websites ...)
 	- ruby-mechanize 2.8.5-1 (bug #1014809)
+	[bullseye] - ruby-mechanize <no-dsa> (Minor issue)
 	NOTE: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9
 	NOTE: Prerequisite to clear credential headers when redirecting to cross site
 	NOTE: https://github.com/sparklemotion/mechanize/commit/17e5381032c90caf240ac3d2e52b353f40c18d83 (v2.8.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25dfd340d1e0e9597da9f9a3c267237e46007974

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25dfd340d1e0e9597da9f9a3c267237e46007974
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220927/5033bbd4/attachment.htm>
