[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVEs of freeradius as no-dsa for Buster
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Sun Jan 15 18:05:43 GMT 2023
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fa84c288 by Thorsten Alteholz at 2023-01-15T19:05:17+01:00
mark CVEs of freeradius as no-dsa for Buster
- - - - -
c9893585 by Thorsten Alteholz at 2023-01-15T19:05:17+01:00
add tor
- - - - -
b5eecb13 by Thorsten Alteholz at 2023-01-15T19:05:19+01:00
mark CVE-2023-22895 as no-dsa for Buster
- - - - -
6b225caa by Thorsten Alteholz at 2023-01-15T19:05:20+01:00
mark temporary issue for kodi as no-dsa
- - - - -
ded3f861 by Thorsten Alteholz at 2023-01-15T19:05:22+01:00
mark CVE-2022-4743 as no-dsa for Buster
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1839,6 +1839,7 @@ CVE-2014-125073 (A vulnerability was found in mapoor voteapp. It has been rated
CVE-2023-XXXX [kodi: VideoPlayerCodec: Stop dividing by zero]
- kodi 2:20.0~rc2+dfsg-2
[bullseye] - kodi <no-dsa> (Minor issue)
+ [buster] - kodi <no-dsa> (Minor issue)
NOTE: https://github.com/xbmc/xbmc/commit/dbc00c500f4c4830049cc040a61c439c580eea73
NOTE: https://github.com/xbmc/xbmc/issues/22378
NOTE: https://github.com/xbmc/xbmc/pull/22391
@@ -1869,6 +1870,7 @@ CVE-2023-22896
CVE-2023-22895 (The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denia ...)
- rust-bzip2 <unfixed>
[bullseye] - rust-bzip2 <no-dsa> (Minor issue)
+ [buster] - rust-bzip2 <no-dsa> (Minor issue)
NOTE: https://github.com/alexcrichton/bzip2-rs/pull/86
NOTE: https://github.com/alexcrichton/bzip2-rs/commit/90c9c182cd5a5ebc75810aebd89b347a7bdf590b (0.4.4)
CVE-2023-22894
@@ -4472,6 +4474,7 @@ CVE-2022-4744
RESERVED
CVE-2022-4743 (A potential memory leak issue was discovered in SDL2 in GLES_CreateTex ...)
- libsdl2 2.26.0+dfsg-1
+ [buster] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2156290
NOTE: https://github.com/libsdl-org/SDL/pull/6269
NOTE: Fixed by: https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b (prerelease-2.25.1)
@@ -25933,12 +25936,14 @@ CVE-2022-41861 [freeradius: Crash on invalid abinary data]
RESERVED
- freeradius 3.2.0+dfsg-1
[bullseye] - freeradius <no-dsa> (Minor issue)
+ [buster] - freeradius <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62 (release_3_0_26)
NOTE: https://freeradius.org/security/ ("Crash on invalid abinary data")
CVE-2022-41860 [freeradius: Crash on unknown option in EAP-SIM]
RESERVED
- freeradius 3.2.0+dfsg-1
[bullseye] - freeradius <no-dsa> (Minor issue)
+ [buster] - freeradius <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708 (release_3_0_26)
NOTE: https://freeradius.org/security/ ("Crash on unknown option in EAP-SIM")
CVE-2022-41859
=====================================
data/dla-needed.txt
=====================================
@@ -334,6 +334,9 @@ tiff (Sylvain Beucler)
tinymce
NOTE: 20221227: Programming language: PHP.
--
+tor (Thorsten Alteholz)
+ NOTE: 20220115: Programming language: C.
+--
trafficserver
NOTE: 20220905: Programming language: C.
NOTE: 20221024: WIP, big changeset in security fix (abhijith)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6f8b040c54c03454f6df15f9c3d726336bb43ad9...ded3f861462fb95836476553788cf326befd1ed3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6f8b040c54c03454f6df15f9c3d726336bb43ad9...ded3f861462fb95836476553788cf326befd1ed3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230115/6f8b599d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list