Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
95af1295 by Moritz Muehlenhoff at 2022-07-11T14:31:35+02:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -698,9 +698,10 @@ CVE-2022-33939
CVE-2022-2346
RESERVED
CVE-2022-2345 (Use After Free in GitHub repository vim/vim prior to 9.0.0046.
...)
- - vim <unfixed>
+ - vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/1eed7009-db6d-487b-bc41-8f2fd260483f
NOTE:
https://github.com/vim/vim/commit/32acf1f1a72ebb9d8942b9c9d80023bf1bb668ea
(v9.0.0047)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-2344 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.0 ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/4a095ed9-3125-464a-b656-c31b437e1996
@@ -17369,6 +17370,8 @@ CVE-2022-29218 (RubyGems is a package registry used to
supply software for the R
NOT-FOR-US: rubygems/rubygems.org
CVE-2022-29217 (PyJWT is a Python implementation of RFC 7519. PyJWT supports
multiple ...)
- pyjwt <unfixed> (bug #1011747)
+ [bullseye] - pyjwt <not-affected> (Vulnerable code not present)
+ [buster] - pyjwt <not-affected> (Vulnerable code not present)
[stretch] - pyjwt <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
NOTE:
https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc
(2.4.0)
@@ -51853,6 +51856,7 @@ CVE-2021-42864
RESERVED
CVE-2021-42863 (A buffer overflow in
ecma_builtin_typedarray_prototype_filter() in Jer ...)
- iotjs <unfixed>
+ [bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4793
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4794
@@ -89411,6 +89415,8 @@ CVE-2021-3448 (A flaw was found in dnsmasq in versions
before 2.85. When configu
NOTE:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
CVE-2021-3447 (A flaw was found in several ansible modules, where parameters
containi ...)
- ansible <unfixed> (bug #1014721)
+ [bullseye] - ansible <no-dsa> (Minor issue)
+ [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939349
CVE-2021-3446 (A flaw was found in libtpms in versions before 0.8.2. The
commonly use ...)
- libtpms 0.8.2-1 (bug #986799)
@@ -223002,6 +223008,8 @@ CVE-2019-9837 (Doorkeeper::OpenidConnect (aka the
OpenID Connect extension for D
NOTE:
https://github.com/doorkeeper-gem/doorkeeper-openid_connect/pull/66
CVE-2019-9836 (Secure Encrypted Virtualization (SEV) on Advanced Micro Devices
(AMD) ...)
- amd64-microcode 3.20220411.1 (bug #970395)
+ [bullseye] - amd64-microcode <no-dsa> (Minor issue)
+ [buster] - amd64-microcode <no-dsa> (Minor issue)
NOTE: https://seclists.org/fulldisclosure/2019/Jun/46
CVE-2019-9835 (The receiver (aka bridge) component of Fujitsu Wireless
Keyboard Set L ...)
NOT-FOR-US: Fujitsu Wireless Keyboard Set LX901 GK900 devices
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95af129517bafdc93b341e034302398063884e67
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95af129517bafdc93b341e034302398063884e67
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
