bullseye triage

Moritz Muehlenhoff (@jmm) Wed, 06 Apr 2022 06:31:26 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2e21f566 by Moritz Muehlenhoff at 2022-04-06T15:30:05+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1600,11 +1600,15 @@ CVE-2022-1116
 CVE-2022-1115
        RESERVED
        - imagemagick <unfixed>
+       [bullseye] - imagemagick <no-dsa> (Minor issue)
+       [buster] - imagemagick <no-dsa> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/4974
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51
 CVE-2022-1114
        RESERVED
        - imagemagick <unfixed>
+       [bullseye] - imagemagick <no-dsa> (Minor issue)
+       [buster] - imagemagick <no-dsa> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/4947
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/78f03b619d08d7c2e0fcaccab407e3ac93c2ee8f
 CVE-2022-1113
@@ -10379,6 +10383,7 @@ CVE-2022-24804
        RESERVED
 CVE-2022-24803 (Asciidoctor-include-ext is Asciidoctor&#8217;s standard 
include proces ...)
        - ruby-asciidoctor-include-ext <unfixed> (bug #1009035)
+       [bullseye] - ruby-asciidoctor-include-ext <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29
        NOTE: 
https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155
 (v0.4.0)
        NOTE: 
https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee
 (v0.4.0)
@@ -10632,14 +10637,20 @@ CVE-2022-24717 (ssr-pages is an HTML page builder for 
the purpose of server-side
        NOT-FOR-US: ssr-pages
 CVE-2022-24716 (Icinga Web 2 is an open source monitoring web interface, 
framework and ...)
        - icingaweb2 2.9.6-1
+       [bullseye] - icingaweb2 <not-affected> (Vulnerable code not present)
+       [buster] - icingaweb2 <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw
        NOTE: 
https://github.com/Icinga/icingaweb2/commit/9931ed799650f5b8d5e1dc58ea3415a4cdc5773d
 CVE-2022-24715 (Icinga Web 2 is an open source monitoring web interface, 
framework and ...)
        - icingaweb2 2.9.6-1
+       [bullseye] - icingaweb2 <no-dsa> (Minor issue)
+       [buster] - icingaweb2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63
        NOTE: 
https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafb
 CVE-2022-24714 (Icinga Web 2 is an open source monitoring web interface, 
framework and ...)
        - icingaweb2 2.9.6-1
+       [bullseye] - icingaweb2 <no-dsa> (Minor issue)
+       [buster] - icingaweb2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf
        NOTE: 
https://github.com/Icinga/icingaweb2/commit/6e989d05a1568a6733a3d912001251acc51d9293
 CVE-2022-24713 (regex is an implementation of regular expressions for the Rust 
languag ...)
@@ -12349,9 +12360,10 @@ CVE-2022-24193 (CasaOS before v0.2.7 was discovered to 
contain a command injecti
 CVE-2022-24192
        RESERVED
 CVE-2022-24191 (In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw 
function can l ...)
-       - htmldoc 1.9.15-1
+       - htmldoc 1.9.15-1 (unimportant)
        NOTE: 
https://github.com/michaelrsweet/htmldoc/commit/fb0334a51300988e9b83b9870d4063e86002b077
 (v1.9.15)
        NOTE: https://github.com/michaelrsweet/htmldoc/issues/470
+       NOTE: Hang in CLI tool, no security impact
 CVE-2022-24190
        RESERVED
 CVE-2022-24189
@@ -55417,7 +55429,11 @@ CVE-2021-33658 (atune before 0.3-0.8 log in as a local 
user and run the curl com
        NOT-FOR-US: A-Tune OS tuning engine
 CVE-2021-33657 (There is a heap overflow problem in video/SDL_pixels.c in SDL 
(Simple  ...)
        - libsdl1.2 <unfixed>
+       [bullseye] - libsdl1.2 <no-dsa> (Minor issue)
+       [buster] - libsdl1.2 <no-dsa> (Minor issue)
        - libsdl2 2.0.20+dfsg-2
+       [bullseye] - libsdl2 <no-dsa> (Minor issue)
+       [buster] - libsdl2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9
 (release-2.0.20)
 CVE-2021-33656
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e21f56693fa9d0158ec05f427ab99c9bcb7f54f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e21f56693fa9d0158ec05f427ab99c9bcb7f54f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Reply via email to