[Git][security-tracker-team/security-tracker][master] bullseye triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ad52e3d by Moritz Muehlenhoff at 2023-01-09T10:28:37+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3400,13 +3400,16 @@ CVE-2022-47656 (GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Ov
 	NOTE: https://github.com/gpac/gpac/commit/c9a8118965b53d29837b1b82b6a58543efb23baf (v2.2.0)
 CVE-2022-47655 (Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_q ...)
 	- libde265 <unfixed>
+	[bullseye] - libde265 <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libde265/issues/367
 CVE-2022-47654 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2350
 	NOTE: https://github.com/gpac/gpac/commit/88e7b873da5d3e85d31b601c1560d2e24a1d7b25 (v2.2.0)
 CVE-2022-47653 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/2349
 	NOTE: https://github.com/gpac/gpac/commit/a1e197581437cf0a104a9b6543cb4547cfdfc03f (v2.2.0)
 CVE-2022-47652
@@ -6271,40 +6274,49 @@ CVE-2022-47096
 	RESERVED
 CVE-2022-47095 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2346
 	NOTE: https://github.com/gpac/gpac/commit/1918a58bd0c9789844cf6a377293161506ee312c (v2.2.0)
 CVE-2022-47094 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer de ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2345
 	NOTE: https://github.com/gpac/gpac/commit/6ddedfb85e617f5e935cb490d5b51f141e13a937 (v2.2.0)
 CVE-2022-47093 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after- ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2344
 	NOTE: https://github.com/gpac/gpac/commit/706111f4d8babf0cda9fac5f3ca4e89983274d6e (v2.2.0)
 CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow  ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/2347
 	NOTE: https://github.com/gpac/gpac/commit/6bb3e4e288f02c9c595e63230979cd5443a1cb7a (v2.2.0)
 CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2343
 	NOTE: https://github.com/gpac/gpac/commit/65d089bcb5dad6fda668ee61e38a8394ed8bdf1f (v2.2.0)
 CVE-2022-47090
 	RESERVED
 CVE-2022-47089 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/2338
 	NOTE: https://github.com/gpac/gpac/commit/73a8c425adaad7526de81586fcb053acde807757 (v2.2.0)
 CVE-2022-47088 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/2340
 	NOTE: https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0)
 CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_ ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/2339
 	NOTE: https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0)
 CVE-2022-47086 (GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violati ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2337
 	NOTE: https://github.com/gpac/gpac/commit/15e3aece44f24a1c4e8cc0622c59008b1b9ab683 (v2.2.0)
 CVE-2022-47085
@@ -8070,11 +8082,11 @@ CVE-2022-46458
 CVE-2022-46457 (NASM v2.16 was discovered to contain a segmentation violation in the c ...)
 	- nasm <unfixed> (unimportant)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392809
-	NOTE: Negligible security impact
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-46456 (NASM v2.16 was discovered to contain a global buffer overflow in the c ...)
 	- nasm <unfixed> (unimportant)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392814
-	NOTE: Negligible security impact
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-46455
 	RESERVED
 CVE-2022-46454
@@ -12228,6 +12240,7 @@ CVE-2022-3933 (The Essential Real Estate WordPress plugin before 3.9.6 does not
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45143 (The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and ...)
 	- tomcat9 9.0.70-1
+	[bullseye] - tomcat9 <postponed> (Minor issue, fix along in future update)
 	- tomcat8 <removed>
 	NOTE: https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e (9.0.69)
 	NOTE: https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf (8.5.84)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ad52e3d4815f9fd88171f6eb0f88b62cfa5b097

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ad52e3d4815f9fd88171f6eb0f88b62cfa5b097
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230109/4a012c64/attachment.htm>