Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9835c586 by Moritz Mühlenhoff at 2022-06-04T19:48:50+02:00 buster/bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -6572,6 +6572,8 @@ CVE-2022-1538 RESERVED CVE-2022-1537 (file.copy operations in GruntJS are vulnerable to a TOCTOU race condit ...) - grunt 1.5.3-1 + [bullseye] - grunt <no-dsa> (Minor issue) + [buster] - grunt <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d/ NOTE: https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae (v1.5.3) CVE-2022-1536 (A vulnerability has been found in automad up to 1.10.9 and classified ...) @@ -31512,6 +31514,8 @@ CVE-2021-45768 RESERVED CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1982 NOTE: https://github.com/gpac/gpac/commit/830548acd030467e857f4cf0b79af8ebf1e04dde (v2.0.0) @@ -31521,16 +31525,22 @@ CVE-2021-45765 RESERVED CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1971 NOTE: https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb (v2.0.0) CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1974 NOTE: https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec (v2.0.0) CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1978 NOTE: https://github.com/gpac/gpac/commit/6d647f6e458c9b727eae1a8077d27fa433ced788 (v2.0.0) @@ -31538,6 +31548,8 @@ CVE-2021-45761 (ROPium v3.1 was discovered to contain an invalid memory address NOT-FOR-US: ROPium CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1966 NOTE: https://github.com/gpac/gpac/commit/5041fcbaa904a89d280561905a163171b3828cea (v2.0.0) @@ -33150,6 +33162,8 @@ CVE-2021-45298 RESERVED CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1973 NOTE: https://github.com/gpac/gpac/commit/fb13af36286b9d898e332e8762a286eb83bd1770 (v2.0.0) @@ -43575,18 +43589,24 @@ CVE-2021-42615 RESERVED CVE-2021-42614 (A use after free in info_width_internal in bk_info.c in Halibut 1.2 al ...) - halibut 1.3-1 + [bullseye] - halibut <no-dsa> (Minor issue) + [buster] - halibut <no-dsa> (Minor issue) NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-info-uaf NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors: NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3) NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=edaf724febe2f9c890ef1cfdf24a78d5c1da2b32 (1.3) CVE-2021-42613 (A double free in cleanup_index in index.c in Halibut 1.2 allows an att ...) - halibut 1.3-1 + [bullseye] - halibut <no-dsa> (Minor issue) + [buster] - halibut <no-dsa> (Minor issue) NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-winhelp-df NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors: NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3) NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=edaf724febe2f9c890ef1cfdf24a78d5c1da2b32 (1.3) CVE-2021-42612 (A use after free in cleanup_index in index.c in Halibut 1.2 allows an ...) - halibut 1.3-1 + [bullseye] - halibut <no-dsa> (Minor issue) + [buster] - halibut <no-dsa> (Minor issue) NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-text-uaf NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors: NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9835c58682ec675fa64c3755c2f8f8caa3f8dbb9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9835c58682ec675fa64c3755c2f8f8caa3f8dbb9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits