Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 62406382 by Moritz Muehlenhoff at 2022-07-08T11:23:00+02:00 buster/bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -3854,10 +3854,16 @@ CVE-2022-2122 RESERVED CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer derefer ...) - dcmtk <unfixed> (bug #1014044) + [bullseye] - dcmtk <no-dsa> (Minor issue) + [buster] - dcmtk <no-dsa> (Minor issue) CVE-2022-2120 (OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) i ...) - dcmtk <unfixed> (bug #1014044) + [bullseye] - dcmtk <no-dsa> (Minor issue) + [buster] - dcmtk <no-dsa> (Minor issue) CVE-2022-2119 (OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SC ...) - dcmtk <unfixed> (bug #1014044) + [bullseye] - dcmtk <no-dsa> (Minor issue) + [buster] - dcmtk <no-dsa> (Minor issue) CVE-2022-2118 RESERVED CVE-2014-125025 (A vulnerability classified as problematic has been found in FFmpeg 2.0 ...) @@ -9669,7 +9675,6 @@ CVE-2022-31627 CVE-2022-31626 (In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...) - php8.1 8.1.7-1 (bug #1014533) - php7.4 <removed> - [bullseye] - php7.4 <postponed> (Minor issue, fix along with next security release) - php7.3 <removed> [buster] - php7.3 <postponed> (Minor issue, fix along with next security release) - php7.0 <removed> @@ -9679,7 +9684,6 @@ CVE-2022-31626 (In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1. CVE-2022-31625 (In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...) - php8.1 8.1.7-1 (bug #1014533) - php7.4 <removed> - [bullseye] - php7.4 <postponed> (Minor issue, fix along with next security release) - php7.3 <removed> [buster] - php7.3 <postponed> (Minor issue, fix along with next security release) - php7.0 <removed> @@ -12637,9 +12641,12 @@ CVE-2022-XXXX [RUSTSEC-2022-0022] NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0022.html CVE-2022-XXXX [RUSTSEC-2022-0021] - rust-crossbeam-queue <unfixed> + [bullseye] - rust-crossbeam-queue <no-dsa> (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0021.html CVE-2022-XXXX [RUSTSEC-2022-0019] - rust-crossbeam-channel <unfixed> + [bullseye] - rust-crossbeam-channel <no-dsa> (Minor issue) + [buster] - rust-crossbeam-channel <no-dsa> (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0019.html CVE-2022-XXXX [RUSTSEC-2022-0020] - rust-crossbeam <unfixed> @@ -28141,9 +28148,11 @@ CVE-2022-25256 (SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonA CVE-2022-25255 (In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux ...) - qt6-base <unfixed> - qtbase-opensource-src 5.15.2+dfsg-15 + [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue) [buster] - qtbase-opensource-src <ignored> (Breaks existing behaviour and upstream also skipped from 5.12 branch) [stretch] - qtbase-opensource-src <not-affected> (Vulnerable code introduced later) - qtbase-opensource-src-gles <unfixed> + [bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue) [buster] - qtbase-opensource-src-gles <ignored> (Breaks existing behaviour and upstream also skipped from 5.12 branch) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/393113 NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/394914 @@ -63332,13 +63341,19 @@ CVE-2021-38579 RESERVED CVE-2021-38578 (Existing CommBuffer checks in SmmEntryPoint will not catch underflow w ...) - edk2 <unfixed> (bug #1014468) + [bullseye] - edk2 <no-dsa> (Minor issue) + [buster] - edk2 <no-dsa> (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3387 (private) NOTE: https://edk2.groups.io/g/devel/message/90516 CVE-2021-38577 (Heap Overflow in BaseBmpSupportLib. ...) - edk2 <unfixed> (bug #1014468) + [bullseye] - edk2 <no-dsa> (Minor issue) + [buster] - edk2 <no-dsa> (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3360 (private) CVE-2021-38576 (A BIOS bug in firmware for a particular PC model leaves the Platform a ...) - edk2 <unfixed> (bug #1014468) + [bullseye] - edk2 <no-dsa> (Minor issue) + [buster] - edk2 <no-dsa> (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3499 (private) CVE-2021-38575 (NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. ...) - edk2 2021.08-1 @@ -74941,6 +74956,7 @@ CVE-2021-33881 (On NXP MIFARE Ultralight and NTAG cards, an attacker can interru NOT-FOR-US: NXP CVE-2021-33880 (The aaugustin websockets library before 9.1 for Python has an Observab ...) - python-websockets 9.1-1 (bug #989561) + [bullseye] - python-websockets <no-dsa> (Minor issue) [buster] - python-websockets <not-affected> (Vulnerable code introduced in 8.0) [stretch] - python-websockets <not-affected> (Vulnerable code introduced in 8.0) NOTE: https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0 @@ -90418,6 +90434,8 @@ CVE-2021-28022 (Blind SQL injection in the login form in ServiceTonic Helpdesk s NOT-FOR-US: ServiceTonic CVE-2021-28021 (Buffer overflow vulnerability in function stbi__extend_receive in stb_ ...) - libstb <unfixed> (bug #1014530) + [bullseye] - libstb <no-dsa> (Minor issue) + [buster] - libstb <no-dsa> (Minor issue) NOTE: https://github.com/nothings/stb/issues/1108 NOTE: https://github.com/nothings/stb/commit/86b7570cfba845e8209c6aec2d15e487bb1d8bb4 CVE-2021-28020 ===================================== data/dsa-needed.txt ===================================== @@ -24,6 +24,8 @@ freecad (aron) -- kicad (jmm) -- +kopanocore/oldstable +-- librecad -- libpgjava (apo) @@ -40,6 +42,8 @@ netatalk nodejs/oldstable one of the upstream fixes doesn't address the security issue -- +php7.4 +-- php-horde-mime-viewer -- php-horde-turba @@ -62,5 +66,9 @@ unzip unclear information, initial report indicates writable memory corruption, but some identified patch is just for a NULL deref, needs more clarification -- +webkit2gtk (berto) +-- +wpewebkit/stable (berto) +-- xen (jmm) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/624063824b83ea8f3c0915ecc510cc55702bbede -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/624063824b83ea8f3c0915ecc510cc55702bbede You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits