diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2022-04-21 14:28:53 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-04-21 14:36:15 +0200 |
commit | c0c27f05375c1366a86b1c379ad18bb453c5c0dd (patch) | |
tree | 552ffbfac4422e341747c1de1dff05582ccfa843 | |
parent | 9100de72c89a19b2f7fbd6d6d18c49516ec04b6e (diff) |
bullseye/buster triage
-rw-r--r-- | data/CVE/list | 13 | ||||
-rw-r--r-- | data/dsa-needed.txt | 2 |
2 files changed, 15 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index c48da87fe9..c1a76a7b60 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -44,6 +44,8 @@ CVE-2022-29538 RESERVED CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a hea ...) - gpac <unfixed> + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) NOTE: https://github.com/gpac/gpac/issues/2173 NOTE: Fixed by: https://github.com/gpac/gpac/commit/1773b7a34bc08734aee7d3f5dfe65d06389fe15a CVE-2022-29536 (In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document c ...) @@ -2025,7 +2027,9 @@ CVE-2022-28739 [Buffer overrun in String-to-Float conversion] RESERVED - ruby3.0 <unfixed> (bug #1009956) - ruby2.7 <unfixed> (bug #1009957) + [bullseye] - ruby2.7 <postponed> (Minor issue, fix with next Ruby security release) - ruby2.5 <removed> + [buster] - ruby2.5 <postponed> (Minor issue, fix with next Ruby security release) - ruby2.3 <removed> NOTE: https://github.com/ruby/ruby/commit/69f9992ed41920389d4185141a14f02f89a4d306 (v2_6_10) NOTE: https://github.com/ruby/ruby/commit/c9c2245c0a25176072e02db9254f0e0c84c805cd (v2_7_6) @@ -6878,6 +6882,8 @@ CVE-2022-27047 (mogu_blog_cms 5.2 suffers from upload arbitrary files without an NOT-FOR-US: mogu_blog_cms CVE-2022-27046 (libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in ...) - libsixel 1.10.3-1 + [bullseye] - libsixel <no-dsa> (Minor issue) + [buster] - libsixel <no-dsa> (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/157 NOTE: https://github.com/libsixel/libsixel/issues/27 NOTE: https://github.com/libsixel/libsixel/pull/28 @@ -6886,6 +6892,8 @@ CVE-2022-27045 RESERVED CVE-2022-27044 (libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c: ...) - libsixel 1.10.3-1 + [bullseye] - libsixel <no-dsa> (Minor issue) + [buster] - libsixel <no-dsa> (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/156 NOTE: https://github.com/libsixel/libsixel/issues/25 NOTE: https://github.com/libsixel/libsixel/pull/26 @@ -11327,6 +11335,7 @@ CVE-2022-21183 RESERVED CVE-2016-20014 (In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does no ...) - libpam-tacplus <unfixed> (bug #1009966) + [buster] - libpam-tacplus <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/kravietz/pam_tacplus/commit/e4c00eba70a0f72c4de77b5f072c69708ec2beab (v1.4.1) CVE-2016-20013 (sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ...) NOTE: https://akkadia.org/drepper/SHA-crypt.txt @@ -12896,6 +12905,8 @@ CVE-2022-24829 (Garden is an automation platform for Kubernetes development and NOT-FOR-US: Garden CVE-2022-24828 (Composer is a dependency manager for the PHP programming language. Int ...) - composer <unfixed> (bug #1009960) + [bullseye] - composer <no-dsa> (Minor issue) + [buster] - composer <no-dsa> (Minor issue) NOTE: https://github.com/composer/composer/commit/2c40c53637c5c7e43fff7c09d3d324d632734709 (2.2.12) NOTE: https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6 CVE-2022-24827 (Elide is a Java library that lets you stand up a GraphQL/JSON-API web ...) @@ -12971,6 +12982,8 @@ CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for ru NOT-FOR-US: RaspberryMatic CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation libra ...) - ruby-yajl <unfixed> + [bullseye] - ruby-yajl <no-dsa> (Minor issue) + [buster] - ruby-yajl <no-dsa> (Minor issue) [stretch] - ruby-yajl <no-dsa> (Minor issue) NOTE: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm NOTE: https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 343b29065e..6c6b2ef702 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -18,6 +18,8 @@ cacti -- condor/oldstable -- +epiphany-browser +-- fish/stable -- freecad (aron) |