Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 25dfd340 by Moritz Muehlenhoff at 2022-09-27T14:16:42+02:00 bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -548,9 +548,10 @@ CVE-2022-41338 CVE-2022-41337 RESERVED CVE-2022-3297 (Use After Free in GitHub repository vim/vim prior to 9.0.0579. ...) - - vim <unfixed> + - vim <unfixed> (unimportant) NOTE: https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c NOTE: https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c (v9.0.0579) + NOTE: Crash in CLI tool, no security impact CVE-2022-3296 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...) - vim <unfixed> NOTE: https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 @@ -633,8 +634,8 @@ CVE-2022-3278 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9. CVE-2022-3277 [unrestricted creation of security groups] RESERVED - neutron <unfixed> + [bullseye] - neutron <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129193 - TODO: details missing on RH bugzilla entry CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in t ...) - node-hoek 9.0.3+~5.0.0+~4.0.0-1 [buster] - node-hoek <not-affected> (Vulnerable code not present) @@ -6382,16 +6383,18 @@ CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to m NOTE: https://trac.mplayerhq.hu/ticket/2407 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2622e7fbe3605a2f3b4f74900197fefeedc0d2e1 (r38402) CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide By Zero ...) - - mplayer <unfixed> + - mplayer <unfixed> (unimportant) NOTE: https://trac.mplayerhq.hu/ticket/2402 NOTE: Duplicate of https://trac.mplayerhq.hu/ticket/2401 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/62fe0c63cf4fba91efd29bbc85309280e1a99a47 (r38389) + NOTE: Crash in CLI tool, no security impact CVE-2022-38859 RESERVED CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) - - mplayer <unfixed> + - mplayer <unfixed> (unimportant) NOTE: https://trac.mplayerhq.hu/ticket/2396 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/92e0d0b1a04dfdd4ac741e0d07005e3ece2c92ca (r38385) + NOTE: Crash in CLI tool, no security impact CVE-2022-38857 RESERVED CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) @@ -27633,6 +27636,7 @@ CVE-2022-31034 (Argo CD is a declarative, GitOps continuous delivery tool for Ku NOT-FOR-US: Argo CD CVE-2022-31033 (The Mechanize library is used for automating interaction with websites ...) - ruby-mechanize 2.8.5-1 (bug #1014809) + [bullseye] - ruby-mechanize <no-dsa> (Minor issue) NOTE: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9 NOTE: Prerequisite to clear credential headers when redirecting to cross site NOTE: https://github.com/sparklemotion/mechanize/commit/17e5381032c90caf240ac3d2e52b353f40c18d83 (v2.8.0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25dfd340d1e0e9597da9f9a3c267237e46007974 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25dfd340d1e0e9597da9f9a3c267237e46007974 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits