buster/bullseye triage

2 files changed, 29 insertions, 5 deletions

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index ed3eda65d7..64c0101ce3 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -2,6 +2,8 @@ CVE-2021-46701 (PreMiD 2.2.0 allows unintended access via the websocket transpor
 	NOT-FOR-US: PreMiD
 CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called from six ...)
 	- libsixel <unfixed>
+	[bullseye] - libsixel <no-dsa> (Minor issue)
+	[buster] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/158
 CVE-2021-4222
 	RESERVED
@@ -353,8 +355,11 @@ CVE-2021-4214
 CVE-2021-4213
 	RESERVED
 	- jss <unfixed>
+	[bullseye] - jss <no-dsa> (Minor issue)
+	[buster] - jss <no-dsa> (Minor issue)
 	[stretch] - jss <postponed> (revisit when/if fix is complete)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2042900
+	NOTE: https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448
 CVE-2021-4212
 	RESERVED
 CVE-2021-4211
@@ -1594,22 +1599,32 @@ CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the g
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
 CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fsee ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2002
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
 CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_b ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2004
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
 CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finpla ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2003
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
 CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_ ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/1999
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
 CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2000
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
 CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...)
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index c09598d630..0570c2b0e5 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -855,6 +855,8 @@ CVE-2022-0640
 	RESERVED
 CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
 	- node-url-parse 1.5.7-1
+	[bullseye] - node-url-parse <no-dsa> (Minor issue)
+	[buster] - node-url-parse <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155
 	NOTE: https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788 (1.5.7)
 CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
@@ -2364,10 +2366,11 @@ CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM
 CVE-2022-0535
 	RESERVED
 CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the stack ou ...)
-	- htmldoc 1.9.15-1
+	- htmldoc 1.9.15-1 (unimportant)
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/463
 	NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/776cf0fc4c760f1fb7b966ce28dc92dd7d44ed50 (v1.9.15)
 	NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9 (v1.9.15)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-0533
 	RESERVED
 CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O 1.18  ...)
@@ -2937,6 +2940,8 @@ CVE-2022-0513 (The WP Statistics WordPress plugin is vulnerable to SQL Injection
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0512 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
 	- node-url-parse 1.5.7-1
+	[bullseye] - node-url-parse <no-dsa> (Minor issue)
+	[buster] - node-url-parse <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b
 	NOTE: https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40 (1.5.6)
 CVE-2022-0511
@@ -6070,11 +6075,15 @@ CVE-2022-23321 (A persistent cross-site scripting (XSS) vulnerability exists on
 CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...)
 	NOT-FOR-US: XMPie uStore
 CVE-2022-23319 (A segmentation fault during PCF file parsing in pcf2bdf versions &gt;= ...)
-	- pcf2bdf <unfixed>
-	TODO: check, no additional references provided, double check
+	- pcf2bdf <unfixed> (unimportant)
+	NOTE: https://github.com/ganaware/pcf2bdf
+	NOTE: https://github.com/ganaware/pcf2bdf/issues/5
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-23318 (A heap-buffer-overflow in pcf2bdf, versions &gt;= 1.05 allows an attac ...)
-	- pcf2bdf <unfixed>
-	TODO: check, no additional references provided, double check
+	- pcf2bdf <unfixed> (unimportant)
+	NOTE: https://github.com/ganaware/pcf2bdf
+	NOTE: https://github.com/ganaware/pcf2bdf/issues/4
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-23317 (CobaltStrike &lt;=4.5 HTTP(S) listener does not determine whether the  ...)
 	NOT-FOR-US: CobaltStrike
 CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...)