[Git][security-tracker-team/security-tracker][master] triage for older issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Oct 29 14:58:06 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c64235bf by Moritz Muehlenhoff at 2024-10-29T15:57:18+01:00
triage for older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -163950,17 +163950,21 @@ CVE-2022-43359 (Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was disco
 CVE-2022-43358 (Stack overflow vulnerability in ast_selectors.cpp: in function Sass::C ...)
 	[experimental] - libsass 3.6.5+20231221-1
 	- libsass 3.6.5+20231221-2 (bug #1051895)
-	[bookworm] - libsass <no-dsa> (Minor issue)
+	[bookworm] - libsass <ignored> (Minor issue)
 	[bullseye] - libsass <no-dsa> (Minor issue)
 	[buster] - libsass <no-dsa> (Minor issue)
 	NOTE: https://github.com/sass/libsass/issues/3178
+	NOTE: https://github.com/sass/libsass/pull/3184
+	NOTE: https://github.com/sass/libsass/commit/5bb0ea0c4b2ebebe542933f788ffacba459a717a (3.6.6)
 CVE-2022-43357 (Stack overflow vulnerability in ast_selectors.cpp in function Sass::Co ...)
 	[experimental] - libsass 3.6.5+20231221-1
 	- libsass 3.6.5+20231221-2 (bug #1051895)
-	[bookworm] - libsass <no-dsa> (Minor issue)
+	[bookworm] - libsass <ignored> (Minor issue)
 	[bullseye] - libsass <no-dsa> (Minor issue)
 	[buster] - libsass <no-dsa> (Minor issue)
 	NOTE: https://github.com/sass/libsass/issues/3177
+	NOTE: https://github.com/sass/libsass/pull/3184
+	NOTE: https://github.com/sass/libsass/commit/5bb0ea0c4b2ebebe542933f788ffacba459a717a (3.6.6)
 CVE-2022-43356
 	RESERVED
 CVE-2022-43355 (Sanitization Management System v1.0 was discovered to contain a SQL in ...)
@@ -192064,7 +192068,7 @@ CVE-2022-33065 (Multiple signed integers overflow in function au_read_header in
 	NOTE: https://github.com/libsndfile/libsndfile/commit/0754562e13d2e63a248a1c82f90b30bc0ffe307c
 CVE-2022-33064 (An off-by-one error in function wav_read_header in src/wav.c in Libsnd ...)
 	- libsndfile <unfixed> (bug #1051890)
-	[bookworm] - libsndfile <no-dsa> (Minor issue)
+	[bookworm] - libsndfile <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libsndfile <no-dsa> (Minor issue)
 	[buster] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/libsndfile/libsndfile/issues/832
@@ -201169,7 +201173,7 @@ CVE-2022-29979 (Simple Client Management System 1.0 is vulnerable to SQL Injecti
 	NOT-FOR-US: Sourcecodester Simple Client Management System
 CVE-2022-29978 (There is a floating point exception error in sixel_encoder_do_resize,  ...)
 	- libsixel <unfixed> (bug #1014527)
-	[bookworm] - libsixel <no-dsa> (Minor issue)
+	[bookworm] - libsixel <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libsixel <no-dsa> (Minor issue)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
@@ -201177,7 +201181,7 @@ CVE-2022-29978 (There is a floating point exception error in sixel_encoder_do_re
 	NOTE: Previously also reported in https://github.com/saitoha/libsixel/issues/166
 CVE-2022-29977 (There is an assertion failure error in stbi__jpeg_huff_decode, stb_ima ...)
 	- libsixel <unfixed> (bug #1014526)
-	[bookworm] - libsixel <no-dsa> (Minor issue)
+	[bookworm] - libsixel <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libsixel <no-dsa> (Minor issue)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
@@ -211337,10 +211341,12 @@ CVE-2022-26593 (Cross-site scripting (XSS) vulnerability in the Asset module's a
 CVE-2022-26592 (Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector ...)
 	[experimental] - libsass 3.6.5+20231221-1
 	- libsass 3.6.5+20231221-2 (bug #1051895)
-	[bookworm] - libsass <no-dsa> (Minor issue)
+	[bookworm] - libsass <ignored> (Minor issue)
 	[bullseye] - libsass <no-dsa> (Minor issue)
 	[buster] - libsass <no-dsa> (Minor issue)
 	NOTE: https://github.com/sass/libsass/issues/3174
+	NOTE: https://github.com/sass/libsass/pull/3184
+	NOTE: https://github.com/sass/libsass/commit/5bb0ea0c4b2ebebe542933f788ffacba459a717a (3.6.6)
 CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attac ...)
 	NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
 CVE-2022-26590



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c64235bfc652cf519092ff939104a0c77fae07b7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c64235bfc652cf519092ff939104a0c77fae07b7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241029/ee318158/attachment.htm>

More information about the debian-security-tracker-commits mailing list