From d8ea72580431ad11ebedf8fed518f493c1332f1f Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 22 Jun 2022 17:38:48 +0200
Subject: buster/bullseye triage

---
 data/CVE/list       | 12 +++++++-----
 data/dsa-needed.txt |  2 ++
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/data/CVE/list b/data/CVE/list
index 2bd6400799..f5922b6018 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -10537,9 +10537,13 @@ CVE-2022-1588
 	REJECTED
 CVE-2022-1587 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...)
 	- pcre2 10.40-1 (bug #1011954)
+	[bullseye] - pcre2 <no-dsa> (Minor issue)
+	[buster] - pcre2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 (pcre2-10.40)
 CVE-2022-1586 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...)
 	- pcre2 10.40-1 (bug #1011954)
+	[bullseye] - pcre2 <no-dsa> (Minor issue)
+	[buster] - pcre2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a (pcre2-10.40)
 	NOTE: https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c (pcre2-10.40)
 CVE-2022-1585
@@ -12409,11 +12413,9 @@ CVE-2022-29624 (An arbitrary file upload vulnerability in the Add File function
 CVE-2022-29623 (An arbitrary file upload vulnerability in the file upload module of Co ...)
 	NOT-FOR-US: expressjs/connect-multiparty
 CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4 allows att ...)
-	- node-formidable <unfixed> (bug #1011341)
-	[stretch] - node-formidable <end-of-life> (No longer supported in LTS)
-	NOTE: https://www.youtube.com/watch?v=C6QPKooxhAo
-	NOTE: https://github.com/vyas0189/CougarCS-Backend/issues/57
-	NOTE: unclear if reported upstream
+	- node-formidable <unfixed> (unimportant; bug #1011341)
+	NOTE: https://github.com/node-formidable/formidable/issues/856
+	NOTE: https://medium.com/@zsolt.imre/cve-2022-29622-in-vulnerability-analysis-5cf783c3721
 CVE-2022-29621
 	RESERVED
 CVE-2022-29620 (** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain cleartext  ...)
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index 01941335e0..ae403f7e50 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -45,6 +45,8 @@ netatalk
 --
 nodejs (jmm)
 --
+php-horde-mime-viewer
+--
 php-horde-turba
 --
 puma/oldstable
-- 
cgit v1.2.3