diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2022-04-25 13:54:43 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-04-25 13:55:42 +0200 |
commit | 2993daecc785e23d647037197bac50fea8175b1a (patch) | |
tree | 2076c611e387e5a55c4f4910e7bd2b8f2b0f7211 /data | |
parent | c59912efcfbeee8c88983ca419e2bc9c697a6bfd (diff) |
buster/bullseye triage
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 15 | ||||
-rw-r--r-- | data/dsa-needed.txt | 2 |
2 files changed, 16 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index 378091ba64..5660265f6f 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -519,6 +519,8 @@ CVE-2022-29566 (The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generati TODO: check CVE-2022-1427 (Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby ...) - mruby <unfixed> + [bullseye] - mruby <no-dsa> (Minor issue) + [buster] - mruby <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/23b6f0a9-64f5-421e-a55f-b5b7a671f301 NOTE: https://github.com/mruby/mruby/commit/a4d97934d51cb88954cc49161dc1d151f64afb6b CVE-2022-29565 @@ -4742,9 +4744,10 @@ CVE-2022-28050 CVE-2022-28049 (NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference v ...) NOT-FOR-US: njs CVE-2022-28048 (STB v2.27 was discovered to contain an integer shift of invalid size i ...) - - libstb <unfixed> + - libstb <unfixed> (unimportant) NOTE: https://github.com/nothings/stb/issues/1293 NOTE: https://github.com/nothings/stb/pull/1297 + NOTE: Negligible security impact CVE-2022-28047 RESERVED CVE-2022-28046 @@ -4759,10 +4762,14 @@ CVE-2022-28043 RESERVED CVE-2022-28042 (stb_image.h v2.27 was discovered to contain an heap-based use-after-fr ...) - libstb <unfixed> + [bullseye] - libstb <no-dsa> (Minor issue) + [buster] - libstb <no-dsa> (Minor issue) NOTE: https://github.com/nothings/stb/issues/1289 NOTE: https://github.com/nothings/stb/pull/1297 CVE-2022-28041 (stb_image.h v2.27 was discovered to contain an integer overflow via th ...) - libstb <unfixed> + [bullseye] - libstb <no-dsa> (Minor issue) + [buster] - libstb <no-dsa> (Minor issue) NOTE: https://github.com/nothings/stb/issues/1292 NOTE: https://github.com/nothings/stb/pull/1297 CVE-2022-28040 @@ -6331,14 +6338,20 @@ CVE-2022-27407 RESERVED CVE-2022-27406 (FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovere ...) - freetype <unfixed> + [bullseye] - freetype <no-dsa> (Minor issue) + [buster] - freetype <no-dsa> (Minor issue) NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140 NOTE: Fixed by: https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2 (VER-2-12-0) CVE-2022-27405 (FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovere ...) - freetype <unfixed> + [bullseye] - freetype <no-dsa> (Minor issue) + [buster] - freetype <no-dsa> (Minor issue) NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139 NOTE: Fixed by: https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 (VER-2-12-0) CVE-2022-27404 (FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovere ...) - freetype <unfixed> + [bullseye] - freetype <no-dsa> (Minor issue) + [buster] - freetype <no-dsa> (Minor issue) NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 NOTE: Fixed by: https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db (VER-2-12-0) CVE-2022-27403 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 6c6b2ef702..cbc4c79d4b 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -20,6 +20,8 @@ condor/oldstable -- epiphany-browser -- +ffmpeg (jmm) +-- fish/stable -- freecad (aron) |