Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: f3079bb2 by Sylvain Beucler at 2023-08-12T17:54:16+02:00 CVE-2022-38223/w3m: reference follow-up fix - - - - - 0e990e9d by Sylvain Beucler at 2023-08-12T17:56:56+02:00 dla: add w3m - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -72163,8 +72163,8 @@ CVE-2022-38223 (There is an out-of-bounds write in checkType located in etc.c in [bullseye] - w3m 0.5.3+git20210102-6+deb11u1 [buster] - w3m <no-dsa> (Minor issue) NOTE: https://github.com/tats/w3m/issues/242 - NOTE: https://github.com/tats/w3m/commit/419ca82d57c72242817b55e2eaa4cdbf6916e7fa - NOTE: Possibly incomplete fix: https://github.com/tats/w3m/issues/268 + NOTE: Initial fix: https://github.com/tats/w3m/commit/419ca82d57c72242817b55e2eaa4cdbf6916e7fa + NOTE: Follow-up fix: https://github.com/tats/w3m/commit/25fb402cea405b263466c627f32513d186a38ade CVE-2022-38222 (There is a use-after-free issue in JBIG2Stream::close() located in JBI ...) - xpdf <not-affected> (Debian uses poppler, which is not affected) CVE-2022-38221 (A buffer overflow in the FTcpListener thread in The Isle Evrima (the d ...) ===================================== data/dla-needed.txt ===================================== @@ -35,7 +35,7 @@ cinder datatables.js (guilhem) NOTE: 20230809: Added by Front-Desk (Beuc) NOTE: 20230809: Experimental issue-based workflow: please follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/29 - NOTE: 20230809: Follow fixes from 11.2 (1 CVE) (Beuc/front-desk) + NOTE: 20230809: Follow fixes from bullseye 11.2 (1 CVE) (Beuc/front-desk) -- docker.io NOTE: 20230303: Added by Front-Desk (Beuc) @@ -59,7 +59,7 @@ flask flask-security NOTE: 20230811: Added by Front-Desk (Beuc) NOTE: 20230811: Experimental issue-based workflow: please follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/37 - NOTE: 20230811: Follow fixes from 11.7 (1 CVE) (Beuc/front-desk) + NOTE: 20230811: Follow fixes from bullseye 11.7 (1 CVE) (Beuc/front-desk) -- gawk (Adrian Bunk) NOTE: 20230806: Added by Front-Desk (gladk) @@ -249,6 +249,11 @@ suricata (Adrian Bunk) unrar-nonfree (Markus Koschany) NOTE: 20230808: Added by Front-Desk (Beuc) -- +w3m + NOTE: 20230812: Added by Front-Desk (Beuc) + NOTE: 20230812: Experimental issue-based workflow: please follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/42 + NOTE: 20230812: Follow fixes from bullseye 11.7 (1 CVE) (Beuc/front-desk) +-- zabbix (tobi) NOTE: 20230731: Added by Front-Desk (apo) NOTE: 20230812: WIP, patches backported but largerly untested. Will continue after VAC. (tobi) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/353458534ed653448b1c5aa5a21a9386257b4268...0e990e9dc8cfac76e0a89e1877300f92af617507 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/353458534ed653448b1c5aa5a21a9386257b4268...0e990e9dc8cfac76e0a89e1877300f92af617507 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits