Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker
Commits: 918a2392 by Utkarsh Gupta at 2022-11-27T14:10:46+05:30 Mark CVE-2009-1143/open-vm-tools as postponed for buster - - - - - 1fba0734 by Utkarsh Gupta at 2022-11-27T14:10:47+05:30 Mark CVE-2022-396{4,5}/ffmpeg as postponed for buster - - - - - d34e07f6 by Utkarsh Gupta at 2022-11-27T14:10:47+05:30 Add lava to dla-needed - - - - - e8fe3b20 by Utkarsh Gupta at 2022-11-27T14:10:47+05:30 Add pngcheck to dla-needed - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -2234,10 +2234,12 @@ CVE-2022-3966 (A vulnerability, which was classified as critical, has been found CVE-2022-3965 (A vulnerability classified as problematic was found in ffmpeg. This vu ...) - ffmpeg <unfixed> [bullseye] - ffmpeg <postponed> (Wait until it lands in 4.1.x) + [buster] - ffmpeg <postponed> (Wait until it lands in 4.1.x) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/13c13109759090b7f7182480d075e13b36ed8edd CVE-2022-3964 (A vulnerability classified as problematic has been found in ffmpeg. Th ...) - ffmpeg <unfixed> [bullseye] - ffmpeg <postponed> (Wait until it lands in 4.1.x) + [buster] - ffmpeg <postponed> (Wait until it lands in 4.1.x) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/92f9b28ed84a77138105475beba16c146bdaf984 CVE-2022-45197 RESERVED @@ -544432,6 +544434,7 @@ CVE-2009-1144 (Untrusted search path vulnerability in the Gentoo package of Xpdf CVE-2009-1143 (An issue was discovered in open-vm-tools 2009.03.18-154848. Local user ...) - open-vm-tools 2:12.0.0-1 [bullseye] - open-vm-tools <no-dsa> (Minor issue; mount.vmhgfs not suid root in Debian) + [buster] - open-vm-tools <postponed> (Minor issue; mount.vmhgfs not suid root in Debian) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=372070 NOTE: Removing hgfsmounter/mount.vmhgfs: https://github.com/vmware/open-vm-tools/commit/61331a189a0eeb76f014db28288b06c0323bc0b9 (stable-12.0.0) CVE-2009-1142 (An issue was discovered in open-vm-tools 2009.03.18-154848. Local user ...) ===================================== data/dla-needed.txt ===================================== @@ -112,6 +112,9 @@ kopanocore krb5 (Chris Lamb) NOTE: 20221117: Programming language: C. -- +lava + NOTE: 20221127: Programming language: Python. +-- libapreq2 NOTE: 20221031: Programming language: C. -- @@ -249,6 +252,9 @@ pluxml NOTE: 20220913: Programming language: PHP. NOTE: 20220913: Special attention: orphaned package. -- +pngcheck + NOTE: 20221127: Programming language: C. +-- protobuf NOTE: 20221031: Programming language: Several. NOTE: 20221031: Note the 'Note' that one of the CVEs affects the generated code and must therefore get special attention from the application developer using protobuf. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1efc6d893859bc3052b4d8017cc2caf411f3e63d...e8fe3b20dd7c213bff3b4f969acab04d97d66eff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1efc6d893859bc3052b4d8017cc2caf411f3e63d...e8fe3b20dd7c213bff3b4f969acab04d97d66eff You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits