bullseye triage

Moritz Muehlenhoff (@jmm) Wed, 27 Apr 2022 11:07:41 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3512b536 by Moritz Muehlenhoff at 2022-04-27T20:07:08+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -137,6 +137,7 @@ CVE-2022-1475
        RESERVED
        {DSA-5124-1}
        - ffmpeg 7:4.4.2-1
+       [buster] - ffmpeg <not-affected> (Vulnerable code not present)
        NOTE: https://trac.ffmpeg.org/ticket/9651
        NOTE: 
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8
        NOTE: 
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f
 (n4.4.2)
@@ -3535,6 +3536,8 @@ CVE-2022-28507
        RESERVED
 CVE-2022-28506 (There is a heap-buffer-overflow in GIFLIB 5.2.1 function 
DumpScreen2RG ...)
        - giflib <unfixed>
+       [bullseye] - giflib <no-dsa> (Minor issue)
+       [buster] - giflib <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/giflib/bugs/159/
 CVE-2022-28505
        RESERVED
@@ -32864,6 +32867,8 @@ CVE-2021-43454 (An Unquoted Service Path vulnerability 
exists in AnyTXT Searcher
        NOT-FOR-US: AnyTXT Searcher for Windows
 CVE-2021-43453 (A Heap-based Buffer Overflow vulnerability exists in 
JerryScript 2.4.0 ...)
        - iotjs <unfixed>
+       [bullseye] - iotjs <no-dsa> (Minor issue)
+       [buster] - iotjs <no-dsa> (Minor issue)
        NOTE: https://github.com/jerryscript-project/jerryscript/pull/4808
        NOTE: https://github.com/jerryscript-project/jerryscript/issues/4754
        NOTE: Fixed by; 
https://github.com/jerryscript-project/jerryscript/commit/efe63a5bbc5106164a08ee2eb415a7a701f5311f
@@ -35529,6 +35534,8 @@ CVE-2021-42783 (Missing Authentication for Critical 
Function vulnerability in de
        NOT-FOR-US: D-Link
 CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before 
version 0.22. ...)
        - opensc 0.22.0-1
+       [bullseye] - opensc <no-dsa> (Minor issue)
+       [buster] - opensc <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016448
        NOTE: 
https://github.com/OpenSC/OpenSC/commit/1252aca9f10771ef5ba8405e73cf2da50827958f
 (0.22.0-rc1)
        NOTE: 
https://github.com/OpenSC/OpenSC/commit/456ac566938a1da774db06126a2fa6c0cba514b3
 (0.22.0)
@@ -35537,6 +35544,8 @@ CVE-2021-42782 (Stack buffer overflow issues were found 
in Opensc before version
        NOTE: 
https://github.com/OpenSC/OpenSC/commit/ae1cf0be90396fb6c0be95829bf0d3eecbd2fd1c
 (0.22.0-rc1)
 CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before 
version 0.22.0 ...)
        - opensc 0.22.0-1
+       [bullseye] - opensc <no-dsa> (Minor issue)
+       [buster] - opensc <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016439
        NOTE: 
https://github.com/OpenSC/OpenSC/commit/05648b0604bf3e498e8d42dff3c6e7c56a5bf749
 (0.22.0-rc1)
        NOTE: 
https://github.com/OpenSC/OpenSC/commit/17d8980cde7be597afc366b7e311d0d7cadcb1f4
 (0.22.0-rc1)
@@ -35545,16 +35554,22 @@ CVE-2021-42781 (Heap buffer overflow issues were 
found in Opensc before version
        NOTE: 
https://github.com/OpenSC/OpenSC/commit/cae5c71f90cc5b364efe14040923fd5aa3b5dd90
 (0.22.0-rc1)
 CVE-2021-42780 (A use after return issue was found in Opensc before version 
0.22.0 in  ...)
        - opensc 0.22.0-1
+       [bullseye] - opensc <no-dsa> (Minor issue)
+       [buster] - opensc <no-dsa> (Minor issue)
        NOTE: 
https://github.com/OpenSC/OpenSC/commit/5df913b7f57ad89b9832555d24c08d23a534311e
 (0.22.0-rc1)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016139
 CVE-2021-42779 (A heap use after free issue was found in Opensc before version 
0.22.0  ...)
        - opensc 0.22.0-1
+       [bullseye] - opensc <no-dsa> (Minor issue)
+       [buster] - opensc <no-dsa> (Minor issue)
        NOTE: 
https://github.com/OpenSC/OpenSC/commit/1db88374bb7706a115d5c3617c6f16115c33bf27
 (0.22.0-rc1)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016086
 CVE-2021-42778 (A heap double free issue was found in Opensc before version 
0.22.0 in  ...)
        - opensc 0.22.0-1
+       [bullseye] - opensc <no-dsa> (Minor issue)
+       [buster] - opensc <no-dsa> (Minor issue)
        NOTE: 
https://github.com/OpenSC/OpenSC/commit/f015746d22d249642c19674298a18ad824db0ed7
 (0.22.0-rc1)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016083
@@ -39363,6 +39378,8 @@ CVE-2021-41752 (Stack overflow vulnerability in 
Jerryscript before commit e1ce7d
        TODO: check - could be only a test artifact
 CVE-2021-41751 (Buffer overflow vulnerability in file 
ecma-builtin-array-prototype.c:9 ...)
        - iotjs <unfixed>
+       [bullseye] - iotjs <no-dsa> (Minor issue)
+       [buster] - iotjs <no-dsa> (Minor issue)
        NOTE: https://github.com/jerryscript-project/jerryscript/pull/4797
        NOTE: 
https://github.com/jerryscript-project/jerryscript/commit/4912e3b739f4d00e51a46d883b020d2208be28a2
 CVE-2021-41750



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3512b5365abb644838344dbd42577359943fdb1d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3512b5365abb644838344dbd42577359943fdb1d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Reply via email to