[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Mar 17 10:27:15 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd95911a by Moritz Muehlenhoff at 2023-03-17T11:26:51+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -44832,8 +44832,8 @@ CVE-2022-38457 (A use-after-free(UAF) vulnerability was found in function 'vmw_c
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2074
 CVE-2022-38096 (A NULL pointer dereference vulnerability was found in vmwgfx driver in ...)
-	- linux <unfixed>
-	NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2073
+	NOTE: PoC has been removed, original reporter is unresponsive and not reproducible
+	NOTE: It's unclear whether this was a really issue in the first place
 CVE-2022-36402 (An integer overflow vulnerability was found in vmwgfx driver in driver ...)
 	- linux <undetermined>
 	NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2072
@@ -217650,6 +217650,7 @@ CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-
 	[buster] - gupnp 1.0.5-0+deb10u1
 	- minidlna 1.2.1+dfsg-3 (bug #976594)
 	- pupnp-1.8 <unfixed> (bug #983206)
+	[bookworm] - pupnp-1.8 <no-dsa> (Minor issue)
 	[bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
 	[buster] - pupnp-1.8 <no-dsa> (Minor issue)
 	- libupnp <removed>
@@ -229842,6 +229843,7 @@ CVE-2020-8555 (The Kubernetes kube-controller-manager in versions v1.0-1.14, ver
 	NOTE: https://github.com/kubernetes/kubernetes/issues/91542
 CVE-2020-8554 (Kubernetes API server in all versions allow an attacker who is able to ...)
 	- kubernetes <unfixed> (bug #990793)
+	[bookworm] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client)
 	[bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/5
 	NOTE: https://github.com/kubernetes/kubernetes/issues/97076



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd95911a49076f04baa4c3156d90fdbcebe2bab3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd95911a49076f04baa4c3156d90fdbcebe2bab3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230317/8bb7d40e/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list