Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0a34bb7b by Moritz Muehlenhoff at 2022-02-14T17:36:57+01:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -947,10 +947,14 @@ CVE-2022-0563
RESERVED
CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function
within ...)
- tiff 4.3.0-4
+ [bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
NOTE: Fixed by:
https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b
CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function
within ...)
- tiff 4.3.0-4
+ [bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
NOTE: Fixed by:
https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef
CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to
1.2.11. ...)
@@ -6245,6 +6249,8 @@ CVE-2022-23184 (In affected Octopus Server versions when
the server HTTP and HTT
NOT-FOR-US: Octopus Server
CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time
of use ...)
- tomcat9 <unfixed>
+ [bullseye] - tomcat9 <postponed> (Minor issue, fix along in future DSA)
+ [buster] - tomcat9 <postponed> (Minor issue, fix along in future DSA)
- tomcat8 <removed>
[stretch] - tomcat8 <postponed> (Minor issue; local race condition)
NOTE: https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9
@@ -11754,15 +11760,15 @@ CVE-2021-45389 (StarWind SAN & NAS build 1578 and
StarWind Command Center Bu
CVE-2021-45388
REJECTED
CVE-2021-45387 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4()
at tree.c ...)
- - tcpreplay 4.4.0-1
- [stretch] - tcpreplay <no-dsa> (Minor issue)
+ - tcpreplay 4.4.0-1 (unimportant)
NOTE: https://github.com/appneta/tcpreplay/issues/687
NOTE: Fixed by:
https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87
(v4.4.0)
+ NOTE: Crash in CLI tool, no security impact
CVE-2021-45386 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6()
at tree.c ...)
- - tcpreplay 4.4.0-1
- [stretch] - tcpreplay <no-dsa> (Minor issue)
+ - tcpreplay 4.4.0-1 (unimportant)
NOTE: https://github.com/appneta/tcpreplay/issues/687
NOTE: Fixed by:
https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87
(v4.4.0)
+ NOTE: Crash in CLI tool, no security impact
CVE-2021-45385 (A Null Pointer Dereference vulnerability exits in ffjpeg
d5cfd49 (2021 ...)
NOT-FOR-US: ffjpeg
CVE-2021-45384
@@ -16488,6 +16494,8 @@ CVE-2022-21713 (Grafana is an open-source platform for
monitoring and observabil
- grafana <removed>
CVE-2022-21712 (twisted is an event-driven networking engine written in
Python. In aff ...)
- twisted <unfixed>
+ [bullseye] - twisted <no-dsa> (Minor issue)
+ [buster] - twisted <no-dsa> (Minor issue)
NOTE:
https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx
NOTE:
https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2
(twisted-22.1.0rc1)
CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework
that parse ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a34bb7b9a203b0774caf929b791b199f1a991cc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a34bb7b9a203b0774caf929b791b199f1a991cc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
