Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 719ca565 by Moritz Mühlenhoff at 2022-09-20T12:28:45+02:00 bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -988,6 +988,7 @@ CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy man NOT-FOR-US: Delta CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...) - imagemagick <unfixed> + [bullseye] - imagemagick <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126824 NOTE: https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750 @@ -1529,6 +1530,7 @@ CVE-2022-40469 RESERVED CVE-2022-40468 (Tinyproxy commit 84f203f and earlier does not process HTTP request lin ...) - tinyproxy <unfixed> + [bullseye] - tinyproxy <no-dsa> (Minor issue) NOTE: https://github.com/tinyproxy/tinyproxy/issues/457 NOTE: https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7 CVE-2022-40467 @@ -5187,21 +5189,24 @@ CVE-2022-38868 CVE-2022-38867 RESERVED CVE-2022-38866 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) - - mplayer <unfixed> + - mplayer <unfixed> (unimportant) NOTE: https://trac.mplayerhq.hu/ticket/2403#comment:2 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/373517da3bb5781726565eb3114a2697b13f00f2 (r38388) + NOTE: Crash in CLI tool, no security impact CVE-2022-38865 (Certain The MPlayer Project products are vulnerable to Divide By Zero ...) - - mplayer <unfixed> + - mplayer <unfixed> (unimportant) NOTE: https://trac.mplayerhq.hu/ticket/2401 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/33d9295663c37a37216633d7e3f07e7155da6144 (r38386) + NOTE: Crash in CLI tool, no security impact CVE-2022-38864 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) - mplayer <unfixed> NOTE: https://trac.mplayerhq.hu/ticket/2406 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/36546389ef9fb6b0e0540c5c3f212534c34b0e94 (r38391) CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) - - mplayer <unfixed> + - mplayer <unfixed> (unimportant) NOTE: https://trac.mplayerhq.hu/ticket/2405 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/b5e745b4bfab2835103a060094fae3c6cc1ba17d (r38393) + NOTE: Crash in CLI tool, no security impact CVE-2022-38862 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) - mplayer <unfixed> NOTE: https://trac.mplayerhq.hu/ticket/2400 @@ -10471,6 +10476,7 @@ CVE-2022-2567 (The Form Builder CP WordPress plugin before 1.2.32 does not sanit CVE-2022-2566 RESERVED - ffmpeg 7:5.1.1-1 + [bullseye] - ffmpeg <postponed> (Minor issue, wait until it lands in 4.3.x) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126833 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6f53f0d09ea4c9c7f7354f018a87ef840315207d (n5.1.1) CVE-2022-2565 (The Simple Payment Donations & Subscriptions WordPress plugin befo ...) @@ -150230,6 +150236,7 @@ CVE-2020-22670 RESERVED CVE-2020-22669 (Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a ...) - modsecurity-crs <unfixed> + [bullseye] - modsecurity-crs <no-dsa> (Minor issue) NOTE: https://github.com/coreruleset/coreruleset/pull/1793 NOTE: https://github.com/coreruleset/coreruleset/commit/1a6e9e097587cecc038f1a1a76fc067c7797bbcd (v3.3.1-rc1) NOTE: https://github.com/coreruleset/coreruleset/commit/909cab560b56f998faee88dd8a7aa9cf086d2d9f (v3.3.1-rc1) ===================================== data/dsa-needed.txt ===================================== @@ -60,3 +60,7 @@ sofia-sip sox patch needed for CVE-2021-40426, check with upstream -- +webkit2gtk +-- +wpewebkit +-- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/719ca565913246f9e1b5a0378c25297d8145e0c0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/719ca565913246f9e1b5a0378c25297d8145e0c0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits