[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-38223/w3m: reference follow-up fix
Sylvain Beucler (@beuc)
beuc at debian.org
Sat Aug 12 16:57:22 BST 2023
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f3079bb2 by Sylvain Beucler at 2023-08-12T17:54:16+02:00
CVE-2022-38223/w3m: reference follow-up fix
- - - - -
0e990e9d by Sylvain Beucler at 2023-08-12T17:56:56+02:00
dla: add w3m
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -72163,8 +72163,8 @@ CVE-2022-38223 (There is an out-of-bounds write in checkType located in etc.c in
[bullseye] - w3m 0.5.3+git20210102-6+deb11u1
[buster] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/242
- NOTE: https://github.com/tats/w3m/commit/419ca82d57c72242817b55e2eaa4cdbf6916e7fa
- NOTE: Possibly incomplete fix: https://github.com/tats/w3m/issues/268
+ NOTE: Initial fix: https://github.com/tats/w3m/commit/419ca82d57c72242817b55e2eaa4cdbf6916e7fa
+ NOTE: Follow-up fix: https://github.com/tats/w3m/commit/25fb402cea405b263466c627f32513d186a38ade
CVE-2022-38222 (There is a use-after-free issue in JBIG2Stream::close() located in JBI ...)
- xpdf <not-affected> (Debian uses poppler, which is not affected)
CVE-2022-38221 (A buffer overflow in the FTcpListener thread in The Isle Evrima (the d ...)
=====================================
data/dla-needed.txt
=====================================
@@ -35,7 +35,7 @@ cinder
datatables.js (guilhem)
NOTE: 20230809: Added by Front-Desk (Beuc)
NOTE: 20230809: Experimental issue-based workflow: please follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/29
- NOTE: 20230809: Follow fixes from 11.2 (1 CVE) (Beuc/front-desk)
+ NOTE: 20230809: Follow fixes from bullseye 11.2 (1 CVE) (Beuc/front-desk)
--
docker.io
NOTE: 20230303: Added by Front-Desk (Beuc)
@@ -59,7 +59,7 @@ flask
flask-security
NOTE: 20230811: Added by Front-Desk (Beuc)
NOTE: 20230811: Experimental issue-based workflow: please follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/37
- NOTE: 20230811: Follow fixes from 11.7 (1 CVE) (Beuc/front-desk)
+ NOTE: 20230811: Follow fixes from bullseye 11.7 (1 CVE) (Beuc/front-desk)
--
gawk (Adrian Bunk)
NOTE: 20230806: Added by Front-Desk (gladk)
@@ -249,6 +249,11 @@ suricata (Adrian Bunk)
unrar-nonfree (Markus Koschany)
NOTE: 20230808: Added by Front-Desk (Beuc)
--
+w3m
+ NOTE: 20230812: Added by Front-Desk (Beuc)
+ NOTE: 20230812: Experimental issue-based workflow: please follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/42
+ NOTE: 20230812: Follow fixes from bullseye 11.7 (1 CVE) (Beuc/front-desk)
+--
zabbix (tobi)
NOTE: 20230731: Added by Front-Desk (apo)
NOTE: 20230812: WIP, patches backported but largerly untested. Will continue after VAC. (tobi)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/353458534ed653448b1c5aa5a21a9386257b4268...0e990e9dc8cfac76e0a89e1877300f92af617507
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/353458534ed653448b1c5aa5a21a9386257b4268...0e990e9dc8cfac76e0a89e1877300f92af617507
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230812/c3052706/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list