[Git][security-tracker-team/security-tracker][master] bullseye triage

Tue, 20 Sep 2022 03:29:15 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
719ca565 by Moritz Mühlenhoff at 2022-09-20T12:28:45+02:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -988,6 +988,7 @@ CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an 
industrial energy man
        NOT-FOR-US: Delta
 CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an 
applica ...)
        - imagemagick <unfixed>
+       [bullseye] - imagemagick <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126824
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750
@@ -1529,6 +1530,7 @@ CVE-2022-40469
        RESERVED
 CVE-2022-40468 (Tinyproxy commit 84f203f and earlier does not process HTTP 
request lin ...)
        - tinyproxy <unfixed>
+       [bullseye] - tinyproxy <no-dsa> (Minor issue)
        NOTE: https://github.com/tinyproxy/tinyproxy/issues/457
        NOTE: 
https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
 CVE-2022-40467
@@ -5187,21 +5189,24 @@ CVE-2022-38868
 CVE-2022-38867
        RESERVED
 CVE-2022-38866 (Certain The MPlayer Project products are vulnerable to Buffer 
Overflow ...)
-       - mplayer <unfixed>
+       - mplayer <unfixed> (unimportant)
        NOTE: https://trac.mplayerhq.hu/ticket/2403#comment:2
        NOTE: 
https://git.ffmpeg.org/gitweb/mplayer.git/commit/373517da3bb5781726565eb3114a2697b13f00f2
 (r38388)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-38865 (Certain The MPlayer Project products are vulnerable to Divide 
By Zero  ...)
-       - mplayer <unfixed>
+       - mplayer <unfixed> (unimportant)
        NOTE: https://trac.mplayerhq.hu/ticket/2401
        NOTE: 
https://git.ffmpeg.org/gitweb/mplayer.git/commit/33d9295663c37a37216633d7e3f07e7155da6144
 (r38386)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-38864 (Certain The MPlayer Project products are vulnerable to Buffer 
Overflow ...)
        - mplayer <unfixed>
        NOTE: https://trac.mplayerhq.hu/ticket/2406
        NOTE: 
https://git.ffmpeg.org/gitweb/mplayer.git/commit/36546389ef9fb6b0e0540c5c3f212534c34b0e94
 (r38391)
 CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer 
Overflow ...)
-       - mplayer <unfixed>
+       - mplayer <unfixed> (unimportant)
        NOTE: https://trac.mplayerhq.hu/ticket/2405
        NOTE: 
https://git.ffmpeg.org/gitweb/mplayer.git/commit/b5e745b4bfab2835103a060094fae3c6cc1ba17d
 (r38393)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-38862 (Certain The MPlayer Project products are vulnerable to Buffer 
Overflow ...)
        - mplayer <unfixed>
        NOTE: https://trac.mplayerhq.hu/ticket/2400
@@ -10471,6 +10476,7 @@ CVE-2022-2567 (The Form Builder CP WordPress plugin 
before 1.2.32 does not sanit
 CVE-2022-2566
        RESERVED
        - ffmpeg 7:5.1.1-1
+       [bullseye] - ffmpeg <postponed> (Minor issue, wait until it lands in 
4.3.x)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126833
        NOTE: 
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6f53f0d09ea4c9c7f7354f018a87ef840315207d
 (n5.1.1)
 CVE-2022-2565 (The Simple Payment Donations &amp; Subscriptions WordPress 
plugin befo ...)
@@ -150230,6 +150236,7 @@ CVE-2020-22670
        RESERVED
 CVE-2020-22669 (Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at 
PL1) has a  ...)
        - modsecurity-crs <unfixed>
+       [bullseye] - modsecurity-crs <no-dsa> (Minor issue)
        NOTE: https://github.com/coreruleset/coreruleset/pull/1793
        NOTE: 
https://github.com/coreruleset/coreruleset/commit/1a6e9e097587cecc038f1a1a76fc067c7797bbcd
 (v3.3.1-rc1)
        NOTE: 
https://github.com/coreruleset/coreruleset/commit/909cab560b56f998faee88dd8a7aa9cf086d2d9f
 (v3.3.1-rc1)


=====================================
data/dsa-needed.txt
=====================================
@@ -60,3 +60,7 @@ sofia-sip
 sox
   patch needed for CVE-2021-40426, check with upstream
 --
+webkit2gtk
+--
+wpewebkit
+--



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/719ca565913246f9e1b5a0378c25297d8145e0c0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/719ca565913246f9e1b5a0378c25297d8145e0c0
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to