Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a3e800df by Moritz Muehlenhoff at 2022-07-09T00:03:00+02:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19228,10 +19228,11 @@ CVE-2022-28354
CVE-2022-28353
RESERVED
CVE-2022-1210 (A vulnerability classified as problematic was found in LibTIFF
4.3.0. ...)
- - tiff <unfixed>
+ - tiff <unfixed> (unimportant)
[bullseye] - tiff <no-dsa> (Minor issue)
[buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/402
+ NOTE: Crash in CLI tool, no security impact
CVE-2021-46782 (The Pricing Table by Supsystic WordPress plugin before 1.9.5
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-46781 (The Coming Soon by Supsystic WordPress plugin before 1.7.6
does not sa ...)
@@ -22735,11 +22736,9 @@ CVE-2022-0989 (An unprivileged user could use the
functionality of the NS WooCom
CVE-2022-0988 (Delta Electronics DIAEnergie (Version 1.7.5 and prior) is
vulnerable t ...)
NOT-FOR-US: Delta Electronics
CVE-2022-0987 (A flaw was found in PackageKit in the way some of the methods
exposed ...)
- - packagekit <unfixed>
- [bullseye] - packagekit <no-dsa> (Minor issue)
- [buster] - packagekit <no-dsa> (Minor issue)
- [stretch] - packagekit <no-dsa> (Minor issue)
+ - packagekit <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064315
+ NOTE: Negligible security impact
CVE-2022-0986 (Reflected Cross-site Scripting (XSS) Vulnerability in GitHub
repositor ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-0985 (Insufficient capability checks could allow users with the
moodle/site: ...)
@@ -39230,13 +39229,11 @@ CVE-2021-45928 (libjxl b02d6b9, as used in libvips
8.11 through 8.11.2 and other
NOTE: Introduced by: https://github.com/libjxl/libjxl/pull/205 (v0.6)
NOTE: Fixed by:
https://github.com/libjxl/libjxl/commit/1c05e110d69b457696366fb4e762057b6855349b
(v0.6)
CVE-2021-45927 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer
overflow (at 0 ...)
- - mdbtools <undetermined>
+ NOTE: Apparently an ozz-fuzz false positive
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36187
- TODO: check, possibly fixed in 0.9.3, but unclear fixing commit,
related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
CVE-2021-45926 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer
overflow (at 0 ...)
- - mdbtools <undetermined>
+ NOTE: Apparently an ozz-fuzz false positive
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972
- TODO: check, possibly fixed in 0.9.3, but unclear fixing commit,
related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
CVE-2021-4196
RESERVED
CVE-2021-4195
@@ -267533,11 +267530,13 @@ CVE-2018-12689 (phpLDAPadmin 1.2.2 allows LDAP
injection via a crafted server_id
NOTE: Non-security issue as demostrated in
https://bugs.debian.org/902186
NOTE: and disputed as security issue. Should be properly rejected by
MITRE.
CVE-2018-12688 (tinyexr 0.9.5 has a segmentation fault in the wav2Decode
function. ...)
- - tinyexr <undetermined>
+ - tinyexr <unfixed>
+ [bullseye] - tinyexr <no-dsa> (Minor issue)
NOTE: https://github.com/syoyo/tinyexr/issues/83
CVE-2018-12687 (tinyexr 0.9.5 has an assertion failure in DecodePixelData in
tinyexr.h ...)
- - tinyexr <undetermined>
+ - tinyexr <unfixed> (unimportant)
NOTE: https://github.com/syoyo/tinyexr/issues/84
+ NOTE: Negligible security impact
CVE-2018-12686
RESERVED
CVE-2018-12685
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3e800df0374c72f3e01148fa91b1935474be74a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3e800df0374c72f3e01148fa91b1935474be74a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
