[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Apr 25 20:02:51 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b2ad6fb by Moritz Mühlenhoff at 2023-04-25T21:02:32+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -58193,7 +58193,7 @@ CVE-2022-37408
 CVE-2022-37343
 	RESERVED
 CVE-2022-36788 (A heap-based buffer overflow vulnerability exists in the TriangleMesh  ...)
-	- slic3r <unfixed>
+	- slic3r <unfixed> (bug #1034848)
 	[buster] - slic3r <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1593
 CVE-2022-36420
@@ -116436,17 +116436,17 @@ CVE-2021-43520
 CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 a ...)
 	- lua5.4 5.4.4-1 (bug #1000228)
 	[bullseye] - lua5.4 <no-dsa> (Minor issue)
-	- lua5.3 <unfixed>
+	- lua5.3 <unfixed> (bug #1034847)
 	[bookworm] - lua5.3 <ignored> (Minor issue)
 	[bullseye] - lua5.3 <ignored> (Minor issue)
 	[buster] - lua5.3 <no-dsa> (Minor issue)
 	[stretch] - lua5.3 <no-dsa> (Minor issue)
-	- lua5.2 <unfixed>
+	- lua5.2 <unfixed> (bug #1034846)
 	[bookworm] - lua5.2 <ignored> (Minor issue)
 	[bullseye] - lua5.2 <ignored> (Minor issue)
 	[buster] - lua5.2 <no-dsa> (Minor issue)
 	[stretch] - lua5.2 <no-dsa> (Minor issue)
-	- lua5.1 <unfixed>
+	- lua5.1 <unfixed> (bug #1034845)
 	[bookworm] - lua5.1 <ignored> (Minor issue)
 	[bullseye] - lua5.1 <ignored> (Minor issue)
 	[buster] - lua5.1 <no-dsa> (Minor issue)
@@ -121133,10 +121133,10 @@ CVE-2021-42522 (There is a Information Disclosure vulnerability in anjuta/plugin
 CVE-2021-42521 (There is a NULL pointer dereference vulnerability in VTK before 9.2.5, ...)
 	- vtk9 <unfixed> (bug #1031877)
 	[bullseye] - vtk9 <no-dsa> (Minor issue)
-	- vtk7 <unfixed>
+	- vtk7 <unfixed> (bug #1034844)
 	[bullseye] - vtk7 <no-dsa> (Minor issue)
 	[buster] - vtk7 <no-dsa> (Minor issue)
-	- vtk6 <unfixed>
+	- vtk6 <unfixed> (bug #1034843)
 	[bullseye] - vtk6 <no-dsa> (Minor issue)
 	[buster] - vtk6 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/17818
@@ -123182,7 +123182,7 @@ CVE-2021-41805 (HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11,
 CVE-2021-41804
 	RESERVED
 CVE-2021-41803 (HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properl ...)
-	- consul <unfixed>
+	- consul <unfixed> (bug #1034841)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627
 CVE-2021-41802 (HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a ...)
 	NOT-FOR-US: HashiCorp Vault
@@ -157891,7 +157891,7 @@ CVE-2021-28237 (LibreDWG v0.12.3 was discovered to contain a heap-buffer overflo
 CVE-2021-28236 (LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference  ...)
 	- libredwg <itp> (bug #595191)
 CVE-2021-28235 (Authentication vulnerability found in Etcd-io v.3.4.10 allows remote a ...)
-	- etcd <unfixed>
+	- etcd <unfixed> (bug #1034840)
 	[buster] - etcd <no-dsa> (Minor issue; only when debug is enabled)
 	NOTE: https://github.com/etcd-io/etcd/pull/15648
 	NOTE: https://github.com/etcd-io/etcd/pull/15655



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b2ad6fb4bd18c40a906deacebcfbb41dfb10b5d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b2ad6fb4bd18c40a906deacebcfbb41dfb10b5d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230425/0e249670/attachment.htm>


More information about the debian-security-tracker-commits mailing list