Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3db1fe1a by Moritz Muehlenhoff at 2022-01-26T11:55:52+01:00 buster/bullseye triage remove node-matrix-js-sdk for CVE-2021-44538, seems unrelated - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -131,6 +131,8 @@ CVE-2022-23936 RESERVED CVE-2022-23935 (lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ / ...) - libimage-exiftool-perl 12.38+dfsg-1 + [bullseye] - libimage-exiftool-perl <no-dsa> (Minor issue) + [buster] - libimage-exiftool-perl <no-dsa> (Minor issue) NOTE: https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582 (12.38) CVE-2022-23934 RESERVED @@ -3432,35 +3434,46 @@ CVE-2022-22896 RESERVED CVE-2022-22895 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...) - iotjs <unfixed> (bug #1004298) + [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4850 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4882 CVE-2022-22894 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...) - iotjs <unfixed> (bug #1004298) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899 CVE-2022-22893 (Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_lo ...) - iotjs <unfixed> (bug #1004298) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4901 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4945 CVE-2022-22892 (There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_valu ...) - iotjs <unfixed> (bug #1004298) + [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4872 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878 CVE-2022-22891 (Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via e ...) - iotjs <unfixed> (bug #1004298) + [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4871 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4885 CVE-2022-22890 (There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT &am ...) - iotjs <unfixed> (bug #1004298) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4849 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4847 CVE-2022-22889 RESERVED CVE-2022-22888 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...) - iotjs <unfixed> (bug #1004298) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4877 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4848 CVE-2022-22887 @@ -8143,6 +8156,8 @@ CVE-2021-45341 (A buffer overflow vulnerability in CDataMoji of the jwwlib compo NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/f3502963eaf379a429bc9da73c1224c5db649997 CVE-2021-45340 (In Libsixel prior to and including v1.10.3, a NULL pointer dereference ...) - libsixel <unfixed> (bug #1004377) + [bullseye] - libsixel <no-dsa> (Minor issue) + [buster] - libsixel <no-dsa> (Minor issue) NOTE: https://github.com/libsixel/libsixel/issues/51 NOTE: Fixed by: https://github.com/libsixel/libsixel/pull/52 CVE-2021-45339 (Privilege escalation vulnerability in Avast Antivirus prior to 20.4 al ...) @@ -10914,7 +10929,6 @@ CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7 - olm 3.2.8~dfsg-1 (bug #1001664) [bullseye] - olm <no-dsa> (Minor issue) [buster] - olm <not-affected> (Vulnerable code introduced later) - - node-matrix-js-sdk <unfixed> - thunderbird 1:91.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-44538 NOTE: https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk/ ===================================== data/dsa-needed.txt ===================================== @@ -28,6 +28,8 @@ linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v4.19.y versions. -- +minetest +-- ndpi/oldstable -- nodejs (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3db1fe1ab2c140906022a463cf18046ebbdd8aca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3db1fe1ab2c140906022a463cf18046ebbdd8aca You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits