Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
918a2392 by Utkarsh Gupta at 2022-11-27T14:10:46+05:30
Mark CVE-2009-1143/open-vm-tools as postponed for buster
- - - - -
1fba0734 by Utkarsh Gupta at 2022-11-27T14:10:47+05:30
Mark CVE-2022-396{4,5}/ffmpeg as postponed for buster
- - - - -
d34e07f6 by Utkarsh Gupta at 2022-11-27T14:10:47+05:30
Add lava to dla-needed
- - - - -
e8fe3b20 by Utkarsh Gupta at 2022-11-27T14:10:47+05:30
Add pngcheck to dla-needed
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2234,10 +2234,12 @@ CVE-2022-3966 (A vulnerability, which was classified as
critical, has been found
CVE-2022-3965 (A vulnerability classified as problematic was found in ffmpeg.
This vu ...)
- ffmpeg <unfixed>
[bullseye] - ffmpeg <postponed> (Wait until it lands in 4.1.x)
+ [buster] - ffmpeg <postponed> (Wait until it lands in 4.1.x)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/13c13109759090b7f7182480d075e13b36ed8edd
CVE-2022-3964 (A vulnerability classified as problematic has been found in
ffmpeg. Th ...)
- ffmpeg <unfixed>
[bullseye] - ffmpeg <postponed> (Wait until it lands in 4.1.x)
+ [buster] - ffmpeg <postponed> (Wait until it lands in 4.1.x)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/92f9b28ed84a77138105475beba16c146bdaf984
CVE-2022-45197
RESERVED
@@ -544432,6 +544434,7 @@ CVE-2009-1144 (Untrusted search path vulnerability in
the Gentoo package of Xpdf
CVE-2009-1143 (An issue was discovered in open-vm-tools 2009.03.18-154848.
Local user ...)
- open-vm-tools 2:12.0.0-1
[bullseye] - open-vm-tools <no-dsa> (Minor issue; mount.vmhgfs not suid
root in Debian)
+ [buster] - open-vm-tools <postponed> (Minor issue; mount.vmhgfs not
suid root in Debian)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=372070
NOTE: Removing hgfsmounter/mount.vmhgfs:
https://github.com/vmware/open-vm-tools/commit/61331a189a0eeb76f014db28288b06c0323bc0b9
(stable-12.0.0)
CVE-2009-1142 (An issue was discovered in open-vm-tools 2009.03.18-154848.
Local user ...)
=====================================
data/dla-needed.txt
=====================================
@@ -112,6 +112,9 @@ kopanocore
krb5 (Chris Lamb)
NOTE: 20221117: Programming language: C.
--
+lava
+ NOTE: 20221127: Programming language: Python.
+--
libapreq2
NOTE: 20221031: Programming language: C.
--
@@ -249,6 +252,9 @@ pluxml
NOTE: 20220913: Programming language: PHP.
NOTE: 20220913: Special attention: orphaned package.
--
+pngcheck
+ NOTE: 20221127: Programming language: C.
+--
protobuf
NOTE: 20221031: Programming language: Several.
NOTE: 20221031: Note the 'Note' that one of the CVEs affects the generated
code and must therefore get special attention from the application developer
using protobuf.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1efc6d893859bc3052b4d8017cc2caf411f3e63d...e8fe3b20dd7c213bff3b4f969acab04d97d66eff
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1efc6d893859bc3052b4d8017cc2caf411f3e63d...e8fe3b20dd7c213bff3b4f969acab04d97d66eff
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
