diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2022-05-06 13:06:18 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-05-06 13:06:18 +0200 |
| commit | 0a9201d829e82e9d68df93fb48556a0373eb72b7 (patch) | |
| tree | a96173682d95d1bd3880a3b2d40ec166a0225ea7 | |
| parent | 41f3335ef4a9d66d13842e8ece25aca88ebfcf78 (diff) | |
buster/bullseye triage
| -rw-r--r-- | data/CVE/list | 19 | ||||
| -rw-r--r-- | data/dsa-needed.txt | 4 |
2 files changed, 18 insertions, 5 deletions
diff --git a/data/CVE/list b/data/CVE/list index 2ec1a325ed..6abaa2cfeb 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -36,6 +36,8 @@ CVE-2022-1589 RESERVED CVE-2022-30292 (thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain sq_reserv ...) - squirrel3 <unfixed> + [bullseye] - squirrel3 <no-dsa> (Minor issue) + [buster] - squirrel3 <no-dsa> (Minor issue) NOTE: https://github.com/albertodemichelis/squirrel/commit/a6413aa690e0bdfef648c68693349a7b878fe60d CVE-2022-30291 RESERVED @@ -808,6 +810,8 @@ CVE-2022-29974 RESERVED CVE-2022-29973 (relan exFAT 1.3.0 allows local users to obtain sensitive information ( ...) - fuse-exfat <unfixed> + [bullseye] - fuse-exfat <no-dsa> (Minor issue) + [buster] - fuse-exfat <no-dsa> (Minor issue) NOTE: https://github.com/relan/exfat/issues/185 CVE-2022-29972 RESERVED @@ -2697,10 +2701,14 @@ CVE-2022-29341 RESERVED CVE-2022-29340 (GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vul ...) - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) NOTE: https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0 NOTE: https://github.com/gpac/gpac/issues/2163 CVE-2022-29339 (In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils ...) - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) NOTE: https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f NOTE: https://github.com/gpac/gpac/issues/2165 CVE-2022-29338 @@ -6371,6 +6379,8 @@ CVE-2022-28067 (An incorrect access control issue in Sandboxie Classic v5.55.13 NOT-FOR-US: Sandboxie Classic CVE-2022-28066 (Libarchive v3.6.0 was discovered to contain a read memory access vulne ...) - libarchive <unfixed> + [bullseye] - libarchive <no-dsa> (Minor issue) + [buster] - libarchive <no-dsa> (Minor issue) NOTE: https://github.com/libarchive/libarchive/issues/1672 NOTE: https://github.com/libarchive/libarchive/commit/cfaa28168a07ea4a53276b63068f94fce37d6aff (v3.6.1) CVE-2022-28065 @@ -8225,6 +8235,8 @@ CVE-2022-27338 RESERVED CVE-2022-27337 (A logic error in the Hints::Hints function of Poppler v22.03.0 allows ...) - poppler <unfixed> + [bullseye] - poppler <no-dsa> (Minor issue) + [buster] - poppler <no-dsa> (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230 NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/81044c64b9ed9a10ae82a28bac753060bdfdac74 (poppler-22.04.0) CVE-2022-27336 (Seacms v11.6 was discovered to contain a remote code execution (RCE) v ...) @@ -21893,6 +21905,8 @@ CVE-2022-22966 (An authenticated, high privileged malicious actor with network a NOT-FOR-US: VMware CVE-2022-22965 (A Spring MVC or Spring WebFlux application running on JDK 9+ may be vu ...) - libspring-java <unfixed> + [bullseye] - libspring-java <no-dsa> (No reverse dependencies in the archive affected) + [buster] - libspring-java <no-dsa> (No reverse dependencies in the archive affected) [stretch] - libspring-java <end-of-life> (EOL'd for stretch) NOTE: https://bugalert.org/content/notices/2022-03-30-spring.html NOTE: https://tanzu.vmware.com/security/cve-2022-22965 @@ -21926,9 +21940,10 @@ CVE-2022-22951 (VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x pr NOT-FOR-US: VMware CVE-2022-22950 (n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versi ...) - libspring-java <unfixed> + [bullseye] - libspring-java <no-dsa> (Minor issue) + [buster] - libspring-java <no-dsa> (Minor issue) [stretch] - libspring-java <end-of-life> (EOL'd for stretch) NOTE: https://tanzu.vmware.com/security/cve-2022-22950 - TODO: check, no details available CVE-2022-22949 RESERVED CVE-2022-22948 (The vCenter Server contains an information disclosure vulnerability du ...) @@ -93474,10 +93489,12 @@ CVE-2021-21240 (httplib2 is a comprehensive HTTP client library for Python. In h CVE-2021-21239 (PySAML2 is a pure python implementation of SAML Version 2 Standard. Py ...) {DLA-2577-1} - python-pysaml2 6.5.1-1 (bug #980772) + [buster] - python-pysaml2 <no-dsa> (Minor issue) NOTE: https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-5p3x-r448-pc62 NOTE: https://github.com/IdentityPython/pysaml2/commit/751dbf50a51131b13d55989395f9b115045f9737 CVE-2021-21238 (PySAML2 is a pure python implementation of SAML Version 2 Standard. Py ...) - python-pysaml2 6.5.1-1 (bug #980773) + [buster] - python-pysaml2 <no-dsa> (Minor issue) [stretch] - python-pysaml2 <ignored> (python3-xmlschema not available in stretch for fix) NOTE: https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9 NOTE: https://github.com/IdentityPython/pysaml2/commit/3b707723dcf1bf60677b424aac398c0c3557641d diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index c36684f6d5..8843783a7f 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -22,8 +22,6 @@ epiphany-browser -- freecad (aron) -- -libspring-java --- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v4.19.y versions. @@ -34,8 +32,6 @@ nodejs (jmm) -- puma -- -python-pysaml2 (jmm) --- qemu/stable Maintainer is proposing update for some CVEs, need review -- |