Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits: fc43cf84 by Chris Lamb at 2022-08-16T08:17:34-07:00 Triage CVE-2020-8287 in http-parser for buster LTS. - - - - - 913c5e79 by Chris Lamb at 2022-08-16T08:17:51-07:00 Triage CVE-2021-41556 in squirrel3 for buster LTS. - - - - - 506f373e by Chris Lamb at 2022-08-16T08:18:14-07:00 Triage CVE-2022-38223 in w3m for buster LTS. - - - - - 9ab01064 by Chris Lamb at 2022-08-16T08:18:45-07:00 Triage CVE-2021-23385 in flask-security for buster LTS. - - - - - ec45dbf5 by Chris Lamb at 2022-08-16T08:19:07-07:00 Triage CVE-2016-3709 in libxml2 for buster LTS. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -315,6 +315,7 @@ CVE-2022-38224 CVE-2022-38223 (There is an out-of-bounds write in checkType located in etc.c in w3m 0 ...) - w3m <unfixed> [bullseye] - w3m <no-dsa> (Minor issue) + [buster] - w3m <no-dsa> (Minor issue) NOTE: https://github.com/tats/w3m/issues/242 CVE-2022-38222 (There is a use-after-free issue in JBIG2Stream::close() located in JBI ...) TODO: check @@ -63746,6 +63747,7 @@ CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cros CVE-2021-41556 (sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an ou ...) - squirrel3 <unfixed> (bug #1016212) [bullseye] - squirrel3 <no-dsa> (Minor issue) + [buster] - squirrel3 <no-dsa> (Minor issue) NOTE: https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98 (v3.2) NOTE: https://blog.sonarsource.com/squirrel-vm-sandbox-escape/ CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...) @@ -109543,6 +109545,7 @@ CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buf CVE-2021-23385 (This affects all versions of package Flask-Security. When using the ge ...) - flask-security <unfixed> [bullseye] - flask-security <no-dsa> (Minor issue) + [buster] - flask-security <no-dsa> (Minor issue) NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234 CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to ...) NOT-FOR-US: Node koa-remove-trailing-slashes before @@ -178901,6 +178904,7 @@ CVE-2020-8287 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow t {DSA-4826-1} - http-parser 2.9.4-5 (bug #1016690) [bullseye] - http-parser <no-dsa> (Minor issue) + [buster] - http-parser <no-dsa> (Minor issue) - nodejs 12.20.1~dfsg-1 (bug #979364) [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/release/v10.23.1/ @@ -382139,6 +382143,7 @@ CVE-2016-3710 (The VGA module in QEMU improperly performs bounds checking on ban CVE-2016-3709 (Possible cross-site scripting vulnerability in libxml after commit 960 ...) - libxml2 2.9.12+dfsg-3 [bullseye] - libxml2 <no-dsa> (Minor issue) + [buster] - libxml2 <no-dsa> (Minor issue) NOTE: https://mail.gnome.org/archives/xml/2018-January/msg00010.html NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769760 NOTE: Introduced by: https://github.com/GNOME/libxml2/commit/960f0e275616cadc29671a218d7fb9b69eb35588 (v2.9.2-rc1)c View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/688aaa541ecd1651306d77bbe44f5fefa74cd54e...ec45dbf532b0ccce3f239922c5e5e98dbd0b9bd1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/688aaa541ecd1651306d77bbe44f5fefa74cd54e...ec45dbf532b0ccce3f239922c5e5e98dbd0b9bd1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits