Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0a34bb7b by Moritz Muehlenhoff at 2022-02-14T17:36:57+01:00 buster/bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -947,10 +947,14 @@ CVE-2022-0563 RESERVED CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within ...) - tiff 4.3.0-4 + [bullseye] - tiff <no-dsa> (Minor issue) + [buster] - tiff <no-dsa> (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function within ...) - tiff 4.3.0-4 + [bullseye] - tiff <no-dsa> (Minor issue) + [buster] - tiff <no-dsa> (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...) @@ -6245,6 +6249,8 @@ CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTT NOT-FOR-US: Octopus Server CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use ...) - tomcat9 <unfixed> + [bullseye] - tomcat9 <postponed> (Minor issue, fix along in future DSA) + [buster] - tomcat9 <postponed> (Minor issue, fix along in future DSA) - tomcat8 <removed> [stretch] - tomcat8 <postponed> (Minor issue; local race condition) NOTE: https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9 @@ -11754,15 +11760,15 @@ CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Bu CVE-2021-45388 REJECTED CVE-2021-45387 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c ...) - - tcpreplay 4.4.0-1 - [stretch] - tcpreplay <no-dsa> (Minor issue) + - tcpreplay 4.4.0-1 (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/687 NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0) + NOTE: Crash in CLI tool, no security impact CVE-2021-45386 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c ...) - - tcpreplay 4.4.0-1 - [stretch] - tcpreplay <no-dsa> (Minor issue) + - tcpreplay 4.4.0-1 (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/687 NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0) + NOTE: Crash in CLI tool, no security impact CVE-2021-45385 (A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021 ...) NOT-FOR-US: ffjpeg CVE-2021-45384 @@ -16488,6 +16494,8 @@ CVE-2022-21713 (Grafana is an open-source platform for monitoring and observabil - grafana <removed> CVE-2022-21712 (twisted is an event-driven networking engine written in Python. In aff ...) - twisted <unfixed> + [bullseye] - twisted <no-dsa> (Minor issue) + [buster] - twisted <no-dsa> (Minor issue) NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx NOTE: https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2 (twisted-22.1.0rc1) CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a34bb7b9a203b0774caf929b791b199f1a991cc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a34bb7b9a203b0774caf929b791b199f1a991cc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits