From 880a9d224159c8b9ab6d0441cd1f26851b584bc6 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Wed, 22 Jun 2022 20:36:12 +0200 Subject: bullseye/buster triage --- data/CVE/list | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index afb4dbd294..0c722ffca2 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1062,7 +1062,9 @@ CVE-2022-33904 CVE-2022-33903 RESERVED - tor 0.4.7.8-1 - [stretch] - tor (Not supported in LTS) + [bullseye] - tor (Only affects 0.4.7.x) + [buster] - tor (Only affects 0.4.7.x) + [stretch] - tor (Only affects 0.4.7.x) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2099227 NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40626 NOTE: https://lists.torproject.org/pipermail/tor-announce/2022-June/000242.html @@ -14900,18 +14902,26 @@ CVE-2022-28737 CVE-2022-28736 RESERVED - grub2 2.06-3 + [bullseye] - grub2 (Minor issue, fix via point release) + [buster] - grub2 (Minor issue, fix via point release) NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 CVE-2022-28735 RESERVED - grub2 2.06-3 (bug #1001057) + [bullseye] - grub2 (Minor issue, fix via point release) + [buster] - grub2 (Minor issue, fix via point release) NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 CVE-2022-28734 RESERVED - grub2 2.06-3 + [bullseye] - grub2 (Minor issue, fix via point release) + [buster] - grub2 (Minor issue, fix via point release) NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 CVE-2022-28733 RESERVED - grub2 2.06-3 + [bullseye] - grub2 (Minor issue, fix via point release) + [buster] - grub2 (Minor issue, fix via point release) NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 CVE-2022-28732 RESERVED @@ -50903,11 +50913,10 @@ CVE-2021-42220 (A Cross Site Scripting (XSS) vulnerability exists in Dolibarr be CVE-2021-42219 (Go-Ethereum v1.10.9 was discovered to contain an issue which allows at ...) - golang-github-go-ethereum (bug #890541) CVE-2021-42218 (OMPL v1.5.2 contains a memory leak in VFRRT.cpp ...) - - ompl - [bullseye] - ompl (Minor issue) - [stretch] - ompl (VFRRT introduced in v1.2) + - ompl (unimportant) NOTE: https://github.com/ompl/ompl/issues/839 NOTE: https://github.com/ompl/ompl/commit/abb4fadcb4e4fe4c9cf41e5e7706143a66948eb7 + NOTE: Negligible security impact CVE-2021-42217 RESERVED CVE-2021-42216 (A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via ...) @@ -52785,8 +52794,9 @@ CVE-2021-41492 (Multiple SQL Injection vulnerabilities exist in Sourcecodester S CVE-2021-41491 RESERVED CVE-2021-41490 (Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavi ...) - - ompl + - ompl (unimportant) NOTE: https://github.com/ompl/ompl/issues/833 + NOTE: Negligible security impact CVE-2021-41489 RESERVED CVE-2021-41488 @@ -60600,14 +60610,20 @@ CVE-2021-3698 (A flaw was found in Cockpit in versions prior to 260 in the way i CVE-2021-3697 RESERVED - grub2 2.06-3 + [bullseye] - grub2 (Minor issue, fix via point release) + [buster] - grub2 (Minor issue, fix via point release) NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 CVE-2021-3696 RESERVED - grub2 2.06-3 + [bullseye] - grub2 (Minor issue, fix via point release) + [buster] - grub2 (Minor issue, fix via point release) NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 CVE-2021-3695 RESERVED - grub2 2.06-3 + [bullseye] - grub2 (Minor issue, fix via point release) + [buster] - grub2 (Minor issue, fix via point release) NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 CVE-2021-40084 (opensysusers through 0.6 does not safely use eval on files in sysusers ...) - opensysusers 0.6-3 (bug #992058) -- cgit v1.2.3