Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: a3e800df by Moritz Muehlenhoff at 2022-07-09T00:03:00+02:00 buster/bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -19228,10 +19228,11 @@ CVE-2022-28354 CVE-2022-28353 RESERVED CVE-2022-1210 (A vulnerability classified as problematic was found in LibTIFF 4.3.0. ...) - - tiff <unfixed> + - tiff <unfixed> (unimportant) [bullseye] - tiff <no-dsa> (Minor issue) [buster] - tiff <no-dsa> (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/402 + NOTE: Crash in CLI tool, no security impact CVE-2021-46782 (The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not ...) NOT-FOR-US: WordPress plugin CVE-2021-46781 (The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sa ...) @@ -22735,11 +22736,9 @@ CVE-2022-0989 (An unprivileged user could use the functionality of the NS WooCom CVE-2022-0988 (Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable t ...) NOT-FOR-US: Delta Electronics CVE-2022-0987 (A flaw was found in PackageKit in the way some of the methods exposed ...) - - packagekit <unfixed> - [bullseye] - packagekit <no-dsa> (Minor issue) - [buster] - packagekit <no-dsa> (Minor issue) - [stretch] - packagekit <no-dsa> (Minor issue) + - packagekit <unfixed> (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064315 + NOTE: Negligible security impact CVE-2022-0986 (Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repositor ...) NOT-FOR-US: Hestia Control Panel CVE-2022-0985 (Insufficient capability checks could allow users with the moodle/site: ...) @@ -39230,13 +39229,11 @@ CVE-2021-45928 (libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other NOTE: Introduced by: https://github.com/libjxl/libjxl/pull/205 (v0.6) NOTE: Fixed by: https://github.com/libjxl/libjxl/commit/1c05e110d69b457696366fb4e762057b6855349b (v0.6) CVE-2021-45927 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...) - - mdbtools <undetermined> + NOTE: Apparently an ozz-fuzz false positive NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36187 - TODO: check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52? CVE-2021-45926 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...) - - mdbtools <undetermined> + NOTE: Apparently an ozz-fuzz false positive NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972 - TODO: check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52? CVE-2021-4196 RESERVED CVE-2021-4195 @@ -267533,11 +267530,13 @@ CVE-2018-12689 (phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id NOTE: Non-security issue as demostrated in https://bugs.debian.org/902186 NOTE: and disputed as security issue. Should be properly rejected by MITRE. CVE-2018-12688 (tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. ...) - - tinyexr <undetermined> + - tinyexr <unfixed> + [bullseye] - tinyexr <no-dsa> (Minor issue) NOTE: https://github.com/syoyo/tinyexr/issues/83 CVE-2018-12687 (tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h ...) - - tinyexr <undetermined> + - tinyexr <unfixed> (unimportant) NOTE: https://github.com/syoyo/tinyexr/issues/84 + NOTE: Negligible security impact CVE-2018-12686 RESERVED CVE-2018-12685 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3e800df0374c72f3e01148fa91b1935474be74a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3e800df0374c72f3e01148fa91b1935474be74a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits