Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
25dfd340 by Moritz Muehlenhoff at 2022-09-27T14:16:42+02:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -548,9 +548,10 @@ CVE-2022-41338
CVE-2022-41337
RESERVED
CVE-2022-3297 (Use After Free in GitHub repository vim/vim prior to 9.0.0579.
...)
- - vim <unfixed>
+ - vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c
NOTE:
https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c
(v9.0.0579)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-3296 (Stack-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0. ...)
- vim <unfixed>
NOTE: https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077
@@ -633,8 +634,8 @@ CVE-2022-3278 (NULL Pointer Dereference in GitHub
repository vim/vim prior to 9.
CVE-2022-3277 [unrestricted creation of security groups]
RESERVED
- neutron <unfixed>
+ [bullseye] - neutron <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129193
- TODO: details missing on RH bugzilla entry
CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 allows prototype
poisoning in t ...)
- node-hoek 9.0.3+~5.0.0+~4.0.0-1
[buster] - node-hoek <not-affected> (Vulnerable code not present)
@@ -6382,16 +6383,18 @@ CVE-2022-38861 (The MPlayer Project mplayer
SVN-r38374-13.0.1 is vulnerable to m
NOTE: https://trac.mplayerhq.hu/ticket/2407
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/2622e7fbe3605a2f3b4f74900197fefeedc0d2e1
(r38402)
CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide
By Zero ...)
- - mplayer <unfixed>
+ - mplayer <unfixed> (unimportant)
NOTE: https://trac.mplayerhq.hu/ticket/2402
NOTE: Duplicate of https://trac.mplayerhq.hu/ticket/2401
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/62fe0c63cf4fba91efd29bbc85309280e1a99a47
(r38389)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-38859
RESERVED
CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
- - mplayer <unfixed>
+ - mplayer <unfixed> (unimportant)
NOTE: https://trac.mplayerhq.hu/ticket/2396
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/92e0d0b1a04dfdd4ac741e0d07005e3ece2c92ca
(r38385)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-38857
RESERVED
CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
@@ -27633,6 +27636,7 @@ CVE-2022-31034 (Argo CD is a declarative, GitOps
continuous delivery tool for Ku
NOT-FOR-US: Argo CD
CVE-2022-31033 (The Mechanize library is used for automating interaction with
websites ...)
- ruby-mechanize 2.8.5-1 (bug #1014809)
+ [bullseye] - ruby-mechanize <no-dsa> (Minor issue)
NOTE:
https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9
NOTE: Prerequisite to clear credential headers when redirecting to
cross site
NOTE:
https://github.com/sparklemotion/mechanize/commit/17e5381032c90caf240ac3d2e52b353f40c18d83
(v2.8.0)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25dfd340d1e0e9597da9f9a3c267237e46007974
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25dfd340d1e0e9597da9f9a3c267237e46007974
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
