[Git][security-tracker-team/security-tracker][master] 5 commits: Triage CVE-2022-28550 in jhead for buster LTS.

Chris Lamb (@lamby) lamby at debian.org
Tue Jul 11 13:21:13 BST 2023 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
74523b35 by Chris Lamb at 2023-07-11T13:04:00+01:00
Triage CVE-2022-28550 in jhead for buster LTS.

- - - - -
56f11e8e by Chris Lamb at 2023-07-11T13:04:17+01:00
Triage CVE-2022-25883 in node-semver for buster LTS.

- - - - -
36d906ff by Chris Lamb at 2023-07-11T13:04:42+01:00
Triage CVE-2023-37360 in pacparser for buster LTS.

- - - - -
e4bbee61 by Chris Lamb at 2023-07-11T13:05:37+01:00
Triage CVE-2023-3255 in qemu for buster LTS.

- - - - -
d45c43e5 by Chris Lamb at 2023-07-11T13:06:14+01:00
Triage CVE-2017-16516 & CVE-2022-24795 in r-cran-jsonlite for buster LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -679,6 +679,7 @@ CVE-2023-3255 [VNC: infinite loop in inflate_buffer() leads to denial of service
 	- qemu <unfixed>
 	[bookworm] - qemu <no-dsa> (Minor issue)
 	[bullseye] - qemu <no-dsa> (Minor issue)
+	[buster] - qemu <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2218486
 	NOTE: Proposed patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg00596.html
 CVE-2023-37212 (Memory safety bugs present in Firefox 114. Some of these bugs showed e ...)
@@ -986,6 +987,7 @@ CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript
 	- pacparser <unfixed>
 	[bookworm] - pacparser <no-dsa> (Minor issue)
 	[bullseye] - pacparser <no-dsa> (Minor issue)
+	[buster] - pacparser <no-dsa> (Minor issue)
 	NOTE: https://github.com/manugarg/pacparser/security/advisories/GHSA-62q6-v997-f7v9
 	NOTE: https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e (v1.4.2)
 CVE-2023-37307 (In MISP before 2.4.172, title_for_layout is not properly sanitized in  ...)
@@ -94224,6 +94226,7 @@ CVE-2022-28550 (Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflo
 	- jhead 1:3.08-1
 	[bookworm] - jhead <no-dsa> (Minor issue)
 	[bullseye] - jhead <no-dsa> (Minor issue)
+	[buster] - jhead <no-dsa> (Minor issue)
 	NOTE: https://github.com/Matthias-Wandel/jhead/issues/51
 	NOTE: https://github.com/Matthias-Wandel/jhead/commit/9688daa7de7eb7bdc6b2223c33eb9ccc2f668b88 (3.08)
 CVE-2022-28549
@@ -101830,6 +101833,7 @@ CVE-2022-25883 (Versions of the package semver before 7.5.2 are vulnerable to Re
 	- node-semver <unfixed>
 	[bookworm] - node-semver <no-dsa> (Minor issue)
 	[bullseye] - node-semver <no-dsa> (Minor issue)
+	[buster] - node-semver <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795
 	NOTE: https://github.com/npm/node-semver/pull/564
 	NOTE: https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441 (v7.5.2)
@@ -105262,6 +105266,7 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation
 	- r-cran-jsonlite <unfixed> (bug #1040161)
 	[bookworm] - r-cran-jsonlite <no-dsa> (Minor issue)
 	[bullseye] - r-cran-jsonlite <no-dsa> (Minor issue)
+	[buster] - r-cran-jsonlite <no-dsa> (Minor issue)
 	- xqilla <unfixed> (bug #1040164)
 	[bullseye] - xqilla <no-dsa> (Minor issue)
 	NOTE: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm
@@ -383019,6 +383024,7 @@ CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is
 	- r-cran-jsonlite <unfixed> (bug #1040161)
 	[bookworm] - r-cran-jsonlite <no-dsa> (Minor issue)
 	[bullseye] - r-cran-jsonlite <no-dsa> (Minor issue)
+	[buster] - r-cran-jsonlite <no-dsa> (Minor issue)
 	- xqilla <unfixed> (bug #1040164)
 	[bullseye] - xqilla <no-dsa> (Minor issue)
 	NOTE: https://github.com/brianmario/yajl-ruby/issues/176



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c83ec72961f045a18cc47e6f6c009af20d16d6a8...d45c43e58fd16f52ca2274f7c9f811058ddf2d11

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c83ec72961f045a18cc47e6f6c009af20d16d6a8...d45c43e58fd16f52ca2274f7c9f811058ddf2d11
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230711/0ce22103/attachment.htm>

More information about the debian-security-tracker-commits mailing list