Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fc43cf84 by Chris Lamb at 2022-08-16T08:17:34-07:00
Triage CVE-2020-8287 in http-parser for buster LTS.
- - - - -
913c5e79 by Chris Lamb at 2022-08-16T08:17:51-07:00
Triage CVE-2021-41556 in squirrel3 for buster LTS.
- - - - -
506f373e by Chris Lamb at 2022-08-16T08:18:14-07:00
Triage CVE-2022-38223 in w3m for buster LTS.
- - - - -
9ab01064 by Chris Lamb at 2022-08-16T08:18:45-07:00
Triage CVE-2021-23385 in flask-security for buster LTS.
- - - - -
ec45dbf5 by Chris Lamb at 2022-08-16T08:19:07-07:00
Triage CVE-2016-3709 in libxml2 for buster LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -315,6 +315,7 @@ CVE-2022-38224
CVE-2022-38223 (There is an out-of-bounds write in checkType located in etc.c
in w3m 0 ...)
- w3m <unfixed>
[bullseye] - w3m <no-dsa> (Minor issue)
+ [buster] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/242
CVE-2022-38222 (There is a use-after-free issue in JBIG2Stream::close()
located in JBI ...)
TODO: check
@@ -63746,6 +63747,7 @@ CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T
is affected by Stored Cros
CVE-2021-41556 (sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1
allows an ou ...)
- squirrel3 <unfixed> (bug #1016212)
[bullseye] - squirrel3 <no-dsa> (Minor issue)
+ [buster] - squirrel3 <no-dsa> (Minor issue)
NOTE:
https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98
(v3.2)
NOTE: https://blog.sonarsource.com/squirrel-vm-sandbox-escape/
CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central
21.3.3.815 (a ...)
@@ -109543,6 +109545,7 @@ CVE-2021-23386 (This affects the package dns-packet
before 5.2.2. It creates buf
CVE-2021-23385 (This affects all versions of package Flask-Security. When
using the ge ...)
- flask-security <unfixed>
[bullseye] - flask-security <no-dsa> (Minor issue)
+ [buster] - flask-security <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234
CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are
vulnerable to ...)
NOT-FOR-US: Node koa-remove-trailing-slashes before
@@ -178901,6 +178904,7 @@ CVE-2020-8287 (Node.js versions before 10.23.1,
12.20.1, 14.15.4, 15.5.1 allow t
{DSA-4826-1}
- http-parser 2.9.4-5 (bug #1016690)
[bullseye] - http-parser <no-dsa> (Minor issue)
+ [buster] - http-parser <no-dsa> (Minor issue)
- nodejs 12.20.1~dfsg-1 (bug #979364)
[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security
support)
NOTE: https://nodejs.org/en/blog/release/v10.23.1/
@@ -382139,6 +382143,7 @@ CVE-2016-3710 (The VGA module in QEMU improperly
performs bounds checking on ban
CVE-2016-3709 (Possible cross-site scripting vulnerability in libxml after
commit 960 ...)
- libxml2 2.9.12+dfsg-3
[bullseye] - libxml2 <no-dsa> (Minor issue)
+ [buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://mail.gnome.org/archives/xml/2018-January/msg00010.html
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769760
NOTE: Introduced by:
https://github.com/GNOME/libxml2/commit/960f0e275616cadc29671a218d7fb9b69eb35588
(v2.9.2-rc1)c
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/688aaa541ecd1651306d77bbe44f5fefa74cd54e...ec45dbf532b0ccce3f239922c5e5e98dbd0b9bd1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/688aaa541ecd1651306d77bbe44f5fefa74cd54e...ec45dbf532b0ccce3f239922c5e5e98dbd0b9bd1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
