[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Feb 28 16:24:51 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bb556c99 by Moritz Muehlenhoff at 2023-02-28T17:24:25+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38083,6 +38083,7 @@ CVE-2022-3278 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.
CVE-2022-3277 [unrestricted creation of security groups]
RESERVED
- neutron <unfixed> (bug #1027150)
+ [bookworm] - neutron <no-dsa> (Minor issue)
[bullseye] - neutron <no-dsa> (Minor issue)
[buster] - neutron <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129193
@@ -47524,17 +47525,17 @@ CVE-2022-37772 (Maarch RM 2.8.3 solution contains an improper restriction of exc
CVE-2022-37771 (IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protecti ...)
NOT-FOR-US: IObit Malware Fighter
CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a segmentation fault ...)
- - libjpeg <unfixed> (unimportant)
+ - libjpeg 0.0~git20220805.54ec643-1 (unimportant)
NOTE: https://github.com/thorfdbg/libjpeg/issues/79
NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
NOTE: Crash in CLI tool, no security impact
CVE-2022-37769 (libjpeg commit 281daa9 was discovered to contain a segmentation fault ...)
- - libjpeg <unfixed> (bug #1025339)
+ - libjpeg 0.0~git20220805.54ec643-1 (bug #1025339)
[bullseye] - libjpeg <no-dsa> (Minor issue)
NOTE: https://github.com/thorfdbg/libjpeg/issues/78
NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
CVE-2022-37768 (libjpeg commit 281daa9 was discovered to contain an infinite loop via ...)
- - libjpeg <unfixed> (unimportant)
+ - libjpeg 0.0~git20220805.54ec643-1 (unimportant)
NOTE: https://github.com/thorfdbg/libjpeg/issues/77
NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
NOTE: Hang in CLI tool, no security impact
@@ -130427,6 +130428,7 @@ CVE-2021-33814
CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to c ...)
{DLA-2712-1 DLA-2696-1}
- libjdom2-intellij-java <unfixed> (bug #990673)
+ [bookworm] - libjdom2-intellij-java <no-dsa> (Minor issue)
[bullseye] - libjdom2-intellij-java <no-dsa> (Minor issue)
[buster] - libjdom2-intellij-java <no-dsa> (Minor issue)
- libjdom2-java 2.0.6-2.1 (bug #990671)
@@ -133003,7 +133005,7 @@ CVE-2021-32825 (bblfshd is an open source self-hosted server for source code par
CVE-2021-32824 (Apache Dubbo is a java based, open source RPC framework. Versions prio ...)
TODO: check
CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a potential deni ...)
- - ruby-bindata <unfixed> (bug #990577)
+ - ruby-bindata 2.4.14-1 (bug #990577)
[bullseye] - ruby-bindata <no-dsa> (Minor issue)
[buster] - ruby-bindata <no-dsa> (Minor issue)
[stretch] - ruby-bindata <no-dsa> (Minor issue)
@@ -163502,7 +163504,7 @@ CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm packa
NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96
NOTE: https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd
CVE-2021-21305 (CarrierWave is an open-source RubyGem which provides a simple and flex ...)
- - ruby-carrierwave <unfixed> (bug #982551)
+ - ruby-carrierwave 1.3.2-1 (bug #982551)
[buster] - ruby-carrierwave <no-dsa> (Minor issue)
[stretch] - ruby-carrierwave <ignored> (No reverse dependencies)
NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4
@@ -204199,6 +204201,7 @@ CVE-2020-16156 (CPAN 2.28 allows Signature Verification Bypass. ...)
NOTE: https://github.com/andk/cpanpm/commit/89b13baf1d46e4fb10023af30ef305efec4fd603 (2.33-TRIAL)
CVE-2020-16155 (The CPAN::Checksums package 2.12 for Perl does not uniquely define sig ...)
- libcpan-checksums-perl <unfixed>
+ [bookworm] - libcpan-checksums-perl <no-dsa> (Minor issue)
[bullseye] - libcpan-checksums-perl <no-dsa> (Minor issue)
[buster] - libcpan-checksums-perl <no-dsa> (Minor issue)
[stretch] - libcpan-checksums-perl <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb556c99e0da30ced15af92856f0cae5c2d1bdab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb556c99e0da30ced15af92856f0cae5c2d1bdab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230228/b2f0bfed/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list