Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3512b536 by Moritz Muehlenhoff at 2022-04-27T20:07:08+02:00 buster/bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -137,6 +137,7 @@ CVE-2022-1475 RESERVED {DSA-5124-1} - ffmpeg 7:4.4.2-1 + [buster] - ffmpeg <not-affected> (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/9651 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f (n4.4.2) @@ -3535,6 +3536,8 @@ CVE-2022-28507 RESERVED CVE-2022-28506 (There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RG ...) - giflib <unfixed> + [bullseye] - giflib <no-dsa> (Minor issue) + [buster] - giflib <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/giflib/bugs/159/ CVE-2022-28505 RESERVED @@ -32864,6 +32867,8 @@ CVE-2021-43454 (An Unquoted Service Path vulnerability exists in AnyTXT Searcher NOT-FOR-US: AnyTXT Searcher for Windows CVE-2021-43453 (A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 ...) - iotjs <unfixed> + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4808 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4754 NOTE: Fixed by; https://github.com/jerryscript-project/jerryscript/commit/efe63a5bbc5106164a08ee2eb415a7a701f5311f @@ -35529,6 +35534,8 @@ CVE-2021-42783 (Missing Authentication for Critical Function vulnerability in de NOT-FOR-US: D-Link CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before version 0.22. ...) - opensc 0.22.0-1 + [bullseye] - opensc <no-dsa> (Minor issue) + [buster] - opensc <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016448 NOTE: https://github.com/OpenSC/OpenSC/commit/1252aca9f10771ef5ba8405e73cf2da50827958f (0.22.0-rc1) NOTE: https://github.com/OpenSC/OpenSC/commit/456ac566938a1da774db06126a2fa6c0cba514b3 (0.22.0) @@ -35537,6 +35544,8 @@ CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before version NOTE: https://github.com/OpenSC/OpenSC/commit/ae1cf0be90396fb6c0be95829bf0d3eecbd2fd1c (0.22.0-rc1) CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before version 0.22.0 ...) - opensc 0.22.0-1 + [bullseye] - opensc <no-dsa> (Minor issue) + [buster] - opensc <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016439 NOTE: https://github.com/OpenSC/OpenSC/commit/05648b0604bf3e498e8d42dff3c6e7c56a5bf749 (0.22.0-rc1) NOTE: https://github.com/OpenSC/OpenSC/commit/17d8980cde7be597afc366b7e311d0d7cadcb1f4 (0.22.0-rc1) @@ -35545,16 +35554,22 @@ CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before version NOTE: https://github.com/OpenSC/OpenSC/commit/cae5c71f90cc5b364efe14040923fd5aa3b5dd90 (0.22.0-rc1) CVE-2021-42780 (A use after return issue was found in Opensc before version 0.22.0 in ...) - opensc 0.22.0-1 + [bullseye] - opensc <no-dsa> (Minor issue) + [buster] - opensc <no-dsa> (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/5df913b7f57ad89b9832555d24c08d23a534311e (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016139 CVE-2021-42779 (A heap use after free issue was found in Opensc before version 0.22.0 ...) - opensc 0.22.0-1 + [bullseye] - opensc <no-dsa> (Minor issue) + [buster] - opensc <no-dsa> (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/1db88374bb7706a115d5c3617c6f16115c33bf27 (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016086 CVE-2021-42778 (A heap double free issue was found in Opensc before version 0.22.0 in ...) - opensc 0.22.0-1 + [bullseye] - opensc <no-dsa> (Minor issue) + [buster] - opensc <no-dsa> (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/f015746d22d249642c19674298a18ad824db0ed7 (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016083 @@ -39363,6 +39378,8 @@ CVE-2021-41752 (Stack overflow vulnerability in Jerryscript before commit e1ce7d TODO: check - could be only a test artifact CVE-2021-41751 (Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:9 ...) - iotjs <unfixed> + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4797 NOTE: https://github.com/jerryscript-project/jerryscript/commit/4912e3b739f4d00e51a46d883b020d2208be28a2 CVE-2021-41750 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3512b5365abb644838344dbd42577359943fdb1d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3512b5365abb644838344dbd42577359943fdb1d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits