Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5ab6f8f3 by Moritz Muehlenhoff at 2022-11-02T10:04:12+01:00 bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -6239,6 +6239,7 @@ CVE-2022-3480 RESERVED CVE-2022-3479 (A vulnerability found in nss. By this security vulnerability, nss clie ...) - nss <unfixed> (bug #1021786) + [bullseye] - nss <no-dsa> (Minor issue) [buster] - nss <not-affected> (The vulnerable code was introduced later) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1774654 CVE-2022-42907 @@ -6268,6 +6269,7 @@ CVE-2022-3478 RESERVED CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbi ...) - powerline-gitstatus 1.3.2-1 + [bullseye] - powerline-gitstatus <no-dsa> (Minor issue) NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45 NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/pull/46 CVE-2022-42896 @@ -16052,9 +16054,9 @@ CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer Ov CVE-2022-38857 RESERVED CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) - - mplayer <unfixed> (bug #1021013) + - mplayer <unfixed> (unimportant; bug #1021013) NOTE: https://trac.mplayerhq.hu/ticket/2395 - TODO: Fixed by other fixes, but not pin pointed upstream, try to isolate revision to fix issue + NOTE: Crash in CLI tool, no security impact CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) - mplayer <unfixed> (unimportant) NOTE: https://trac.mplayerhq.hu/ticket/2392 @@ -16947,10 +16949,11 @@ CVE-2022-38602 CVE-2022-38601 RESERVED CVE-2022-38600 (Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf ...) - - mplayer <unfixed> (bug #1021013) + - mplayer <unfixed> (unimportant; bug #1021013) NOTE: https://trac.mplayerhq.hu/ticket/2390#comment:2 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/59792bad144c11b21b27171a93a36e3fbd21eb5e (r38380) NOTE: Followup: https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8 (r38392) + NOTE: Memory leak in CLI tool, no security impact CVE-2022-38599 RESERVED CVE-2022-38598 @@ -27639,6 +27642,7 @@ CVE-2022-34668 (NVFLARE, versions prior to 2.1.4, contains a vulnerability that CVE-2022-34667 RESERVED - nvidia-cuda-toolkit <unfixed> (bug #1021625) + [bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported) [buster] - nvidia-cuda-toolkit <no-dsa> (Minor issue) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5373 CVE-2022-34666 @@ -69432,36 +69436,42 @@ CVE-2021-44928 RESERVED CVE-2021-44927 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1960 NOTE: https://github.com/gpac/gpac/commit/eaea647cc7dec7b452c17e72f4ce46be35348c92 (v2.0.0) CVE-2021-44926 (A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in t ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1961 NOTE: https://github.com/gpac/gpac/commit/f73da86bf32992f62b9ff2b9c9e853e3c97edf8e (v2.0.0) CVE-2021-44925 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1967 NOTE: https://github.com/gpac/gpac/commit/a5a8dbcdd95666f763fe59ab65154ae9271a18f2 (v2.0.0) CVE-2021-44924 (An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log func ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1959 NOTE: https://github.com/gpac/gpac/commit/e2acb1511d1e69115141ea3080afd1cce6a15497 (v2.0.0) CVE-2021-44923 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1962 NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229 (v2.0.0) CVE-2021-44922 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the B ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1969 @@ -69469,18 +69479,21 @@ CVE-2021-44922 (A null pointer dereference vulnerability exists in gpac 1.1.0 in NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a (v2.0.0) CVE-2021-44921 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1964 NOTE: https://github.com/gpac/gpac/commit/5b4a6417a90223f1ef6c0b41b055716f7bfbbca2 (v2.0.0) CVE-2021-44920 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1957 NOTE: https://github.com/gpac/gpac/commit/339fe399e7c8eab748bab76e9e6a9da7e117eeb4 (v2.0.0) CVE-2021-44919 (A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_a ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1963 @@ -69488,6 +69501,7 @@ CVE-2021-44919 (A Null Pointer Dereference vulnerability exists in the gf_sg_vrm NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229 (v2.0.0) CVE-2021-44918 (A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the g ...) - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1968 ===================================== data/dsa-needed.txt ===================================== @@ -37,6 +37,8 @@ multipath-tools -- openexr -- +php7.4 +-- php-horde-mime-viewer -- php-horde-turba @@ -66,3 +68,5 @@ sofia-sip sox patch needed for CVE-2021-40426, check with upstream -- +xen +-- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab6f8f34abb629753f0ca1fb4e9bf6ba7f66e1e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab6f8f34abb629753f0ca1fb4e9bf6ba7f66e1e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits