From 0ffdcddf525cecac62c1e2e1b5d1d8cdf35b741f Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Fri, 27 May 2022 19:22:07 +0200 Subject: buster/bullseye triage add one more patch needed for pcre issue --- data/CVE/list | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 11e9d027a9..95ff03949c 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -2317,12 +2317,13 @@ CVE-2022-25932 RESERVED CVE-2022-1736 RESERVED - - gnome-remote-desktop 42.1.1-2 + - gnome-remote-desktop 42.1.1-2 (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028/comments/3 NOTE: The CVE is assigned based on the Ubuntu policy strongly discouraging open ports by NOTE: default (https://wiki.ubuntu.com/Security/Features#ports) and the fact that the user NOTE: service was enabled by default (and not automatically enabled anymore since 42.1.1-2) - TODO: check, if we want to threat this as unimportant severity issue + NOTE: Not treated as a security issue in Debian, whether to start the daemon or not is ultimately + NOTE: up to the local admin CVE-2022-1735 (Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969 ...) - vim (unimportant) NOTE: https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9 @@ -4047,6 +4048,8 @@ CVE-2022-30285 RESERVED CVE-2022-30284 (In the python-libnmap package through 0.7.2 for Python, remote command ...) - python-libnmap + [bullseye] - python-libnmap (Minor issue) + [buster] - python-libnmap (Minor issue) NOTE: https://www.swascan.com/security-advisory-libnmap-2/ CVE-2022-30283 RESERVED @@ -4104,6 +4107,7 @@ CVE-2022-1587 (An out-of-bounds read vulnerability was discovered in the PCRE2 l CVE-2022-1586 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...) - pcre2 10.40-1 NOTE: https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a (pcre2-10.40) + NOTE: https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c CVE-2022-1585 RESERVED CVE-2022-30259 @@ -7995,6 +7999,8 @@ CVE-2022-28920 (Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scr NOT-FOR-US: Baidu Tieba CVE-2022-28919 (HTMLCreator release_stable_2020-07-29 was discovered to contain a cros ...) - dokuwiki (bug #1011056) + [bullseye] - dokuwiki (Minor issue) + [buster] - dokuwiki (Minor issue) NOTE: https://github.com/splitbrain/dokuwiki/issues/3651 NOTE: https://github.com/splitbrain/dokuwiki/commit/d3233986baa7dfe44490b805ae2e4296fad59401 CVE-2022-28918 (GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletio ...) -- cgit v1.2.3