[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Feb 28 16:24:51 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bb556c99 by Moritz Muehlenhoff at 2023-02-28T17:24:25+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38083,6 +38083,7 @@ CVE-2022-3278 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.
 CVE-2022-3277 [unrestricted creation of security groups]
 	RESERVED
 	- neutron <unfixed> (bug #1027150)
+	[bookworm] - neutron <no-dsa> (Minor issue)
 	[bullseye] - neutron <no-dsa> (Minor issue)
 	[buster] - neutron <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129193
@@ -47524,17 +47525,17 @@ CVE-2022-37772 (Maarch RM 2.8.3 solution contains an improper restriction of exc
 CVE-2022-37771 (IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protecti ...)
 	NOT-FOR-US: IObit Malware Fighter
 CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a segmentation fault  ...)
-	- libjpeg <unfixed> (unimportant)
+	- libjpeg 0.0~git20220805.54ec643-1 (unimportant)
 	NOTE: https://github.com/thorfdbg/libjpeg/issues/79
 	NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-37769 (libjpeg commit 281daa9 was discovered to contain a segmentation fault  ...)
-	- libjpeg <unfixed> (bug #1025339)
+	- libjpeg 0.0~git20220805.54ec643-1 (bug #1025339)
 	[bullseye] - libjpeg <no-dsa> (Minor issue)
 	NOTE: https://github.com/thorfdbg/libjpeg/issues/78
 	NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
 CVE-2022-37768 (libjpeg commit 281daa9 was discovered to contain an infinite loop via  ...)
-	- libjpeg <unfixed> (unimportant)
+	- libjpeg 0.0~git20220805.54ec643-1 (unimportant)
 	NOTE: https://github.com/thorfdbg/libjpeg/issues/77
 	NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
 	NOTE: Hang in CLI tool, no security impact
@@ -130427,6 +130428,7 @@ CVE-2021-33814
 CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to c ...)
 	{DLA-2712-1 DLA-2696-1}
 	- libjdom2-intellij-java <unfixed> (bug #990673)
+	[bookworm] - libjdom2-intellij-java <no-dsa> (Minor issue)
 	[bullseye] - libjdom2-intellij-java <no-dsa> (Minor issue)
 	[buster] - libjdom2-intellij-java <no-dsa> (Minor issue)
 	- libjdom2-java 2.0.6-2.1 (bug #990671)
@@ -133003,7 +133005,7 @@ CVE-2021-32825 (bblfshd is an open source self-hosted server for source code par
 CVE-2021-32824 (Apache Dubbo is a java based, open source RPC framework. Versions prio ...)
 	TODO: check
 CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a potential deni ...)
-	- ruby-bindata <unfixed> (bug #990577)
+	- ruby-bindata 2.4.14-1 (bug #990577)
 	[bullseye] - ruby-bindata <no-dsa> (Minor issue)
 	[buster] - ruby-bindata <no-dsa> (Minor issue)
 	[stretch] - ruby-bindata <no-dsa> (Minor issue)
@@ -163502,7 +163504,7 @@ CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm packa
 	NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96
 	NOTE: https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd
 CVE-2021-21305 (CarrierWave is an open-source RubyGem which provides a simple and flex ...)
-	- ruby-carrierwave <unfixed> (bug #982551)
+	- ruby-carrierwave 1.3.2-1 (bug #982551)
 	[buster] - ruby-carrierwave <no-dsa> (Minor issue)
 	[stretch] - ruby-carrierwave <ignored> (No reverse dependencies)
 	NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4
@@ -204199,6 +204201,7 @@ CVE-2020-16156 (CPAN 2.28 allows Signature Verification Bypass. ...)
 	NOTE: https://github.com/andk/cpanpm/commit/89b13baf1d46e4fb10023af30ef305efec4fd603 (2.33-TRIAL)
 CVE-2020-16155 (The CPAN::Checksums package 2.12 for Perl does not uniquely define sig ...)
 	- libcpan-checksums-perl <unfixed>
+	[bookworm] - libcpan-checksums-perl <no-dsa> (Minor issue)
 	[bullseye] - libcpan-checksums-perl <no-dsa> (Minor issue)
 	[buster] - libcpan-checksums-perl <no-dsa> (Minor issue)
 	[stretch] - libcpan-checksums-perl <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb556c99e0da30ced15af92856f0cae5c2d1bdab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb556c99e0da30ced15af92856f0cae5c2d1bdab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230228/b2f0bfed/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list