[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jan 26 12:06:45 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c8516a5c by Moritz Muehlenhoff at 2023-01-26T13:05:59+01:00
bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -11301,6 +11301,7 @@ CVE-2022-47017
RESERVED
CVE-2022-47016 (A null pointer dereference issue was discovered in function window_pan ...)
- tmux <unfixed>
+ [bullseye] - tmux <no-dsa> (Minor issue)
NOTE: https://github.com/tmux/tmux/issues/3312
NOTE: https://github.com/tmux/tmux/issues/3447
NOTE: https://github.com/tmux/tmux/commit/e86752820993a00e3d28350cbe46878ba95d9012
@@ -23899,10 +23900,14 @@ CVE-2022-43592 (An information disclosure vulnerability exists in the DPXOutput:
- openimageio <unfixed> (bug #1027143)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
CVE-2022-43591 (A buffer overflow vulnerability exists in the QML QtScript Reflect API ...)
- - qt6-declarative <unfixed>
- - qtdeclarative-opensource-src <undetermined>
- - qtdeclarative-opensource-src-gles <undetermined>
+ - qt6-declarative 6.4.2+dfsg~rc1-2 (unimportant)
+ - qtdeclarative-opensource-src <unfixed> (unimportant)
+ - qtdeclarative-opensource-src-gles <unfixed> (unimportant)
+ NOTE: Not considered a security issue, QML only supported from a trusted source
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1650
+ NOTE: https://www.qt.io/blog/regarding-recent-reported-security-vulnerabilities-from-cisco-talos
+ NOTE: https://bugreports.qt.io/browse/QTBUG-107619
+ NOTE: https://codereview.qt-project.org/c/qt/qtdeclarative/+/437789
CVE-2022-43590 (A null pointer dereference vulnerability exists in the handle_ioctl_0x ...)
NOT-FOR-US: Callback technologies CBFS Filter
CVE-2022-43589 (A null pointer dereference vulnerability exists in the handle_ioctl_83 ...)
@@ -30667,10 +30672,14 @@ CVE-2022-41141
CVE-2022-41140
RESERVED
CVE-2022-40983 (An integer overflow vulnerability exists in the QML QtScript Reflect A ...)
- - qt6-declarative <unfixed>
- - qtdeclarative-opensource-src <undetermined>
- - qtdeclarative-opensource-src-gles <undetermined>
- NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1617
+ - qt6-declarative 6.4.2+dfsg~rc1-2 (unimportant)
+ - qtdeclarative-opensource-src <unfixed> (unimportant)
+ - qtdeclarative-opensource-src-gles <unfixed> (unimportant)
+ NOTE: Not considered a security issue, QML only supported from a trusted source
+ NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1650
+ NOTE: https://www.qt.io/blog/regarding-recent-reported-security-vulnerabilities-from-cisco-talos
+ NOTE: https://bugreports.qt.io/browse/QTBUG-107619
+ NOTE: https://codereview.qt-project.org/c/qt/qtdeclarative/+/437921
CVE-2022-40693
RESERVED
CVE-2022-41222 (mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via ...)
@@ -33045,6 +33054,7 @@ CVE-2022-40153
REJECTED
CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to Denial of ...)
- libwoodstox-java <unfixed>
+ [bullseye] - libwoodstox-java <no-dsa> (Minor issue)
NOTE: https://github.com/x-stream/xstream/issues/304
NOTE: https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -12,10 +12,10 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source package.
--
-bind9
+bind9 (jmm)
Maintainer uploaded bullseye-security update
--
-chromium
+chromium (jmm)
--
curl (jmm)
Team asked maintainer to prepare updates
@@ -27,6 +27,8 @@ git (aron)
jupyter-core
Maintainer asked for availability to prepare updates
--
+libde265
+--
libhtml-stripscripts-perl (carnil)
--
linux (carnil)
@@ -43,7 +45,7 @@ openjdk-11 (jmm)
--
openjdk-17 (jmm)
--
-php-cas (jmm)
+php-cas
--
php-horde-mime-viewer
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8516a5c66faf2d9238e807e4879c611e8462fdb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8516a5c66faf2d9238e807e4879c611e8462fdb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230126/a0c3b61d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list