From f8915d750e02b409853c4b5680a4968c8b996dd6 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Mon, 28 Nov 2022 22:06:23 +0100 Subject: bullseye triage --- data/CVE/list | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 2c52bc1f03..9b7508a314 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -950,10 +950,10 @@ CVE-2022-45898 CVE-2022-4144 [QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read] RESERVED - qemu + [bullseye] - qemu (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2148506 NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1336 - TODO: check details CVE-2022-4143 RESERVED CVE-2022-4142 @@ -4157,10 +4157,12 @@ CVE-2022-44794 (An issue was discovered in Object First 1.0.7.712. Management pr NOT-FOR-US: Object First CVE-2022-44793 (handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-S ...) - net-snmp (bug #1024020) + [bullseye] - net-snmp (Minor issue) NOTE: https://github.com/net-snmp/net-snmp/issues/475 NOTE: https://gist.github.com/menglong2234/d07a65b5028145c9f4e1d1db8c4c202f CVE-2022-44792 (handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP ...) - net-snmp (bug #1024020) + [bullseye] - net-snmp (Minor issue) NOTE: https://github.com/net-snmp/net-snmp/issues/474 NOTE: https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428 CVE-2022-44791 @@ -15353,6 +15355,7 @@ CVE-2022-3325 (Improper access control in the GitLab CE/EE API affecting all ver CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...) {DLA-3182-1} - vim 2:9.0.0626-1 + [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c/ NOTE: https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb (v9.0.0598) CVE-2022-3323 (An SQL injection vulnerability in Advantech iView 5.7.04.6469. The spe ...) @@ -21993,8 +21996,7 @@ CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer Ov NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/b5e745b4bfab2835103a060094fae3c6cc1ba17d (r38393) NOTE: Crash in CLI tool, no security impact CVE-2022-38862 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) - - mplayer (bug #1021013) - [bullseye] - mplayer (Minor issue) + NOTE: Unreproducible issue, probably a bug in the reporter's ASAN setup NOTE: https://trac.mplayerhq.hu/ticket/2400 NOTE: https://trac.mplayerhq.hu/ticket/2404 CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory ...) @@ -35599,6 +35601,7 @@ CVE-2022-33980 (Apache Commons Configuration performs variable interpolation, al CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...) {DLA-3204-1} - vim 2:9.0.0135-1 (bug #1015984) + [bullseye] - vim (Minor issue) [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352 NOTE: https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d (v8.2.5126) @@ -43635,6 +43638,7 @@ CVE-2022-31009 (wire-ios is an iOS client for the Wire secure messaging applicat NOT-FOR-US: wire-ios CVE-2022-31008 (RabbitMQ is a multi-protocol messaging and streaming broker. In affect ...) - rabbitmq-server 3.10.8-1 + [bullseye] - rabbitmq-server (Minor issue) [buster] - rabbitmq-server (Vulnerable code introduced later) NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-v9gv-xp36-jgj8 NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/4841 -- cgit v1.2.3