Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5ab6f8f3 by Moritz Muehlenhoff at 2022-11-02T10:04:12+01:00
bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -6239,6 +6239,7 @@ CVE-2022-3480
RESERVED
CVE-2022-3479 (A vulnerability found in nss. By this security vulnerability,
nss clie ...)
- nss <unfixed> (bug #1021786)
+ [bullseye] - nss <no-dsa> (Minor issue)
[buster] - nss <not-affected> (The vulnerable code was introduced later)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1774654
CVE-2022-42907
@@ -6268,6 +6269,7 @@ CVE-2022-3478
RESERVED
CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2
allows arbi ...)
- powerline-gitstatus 1.3.2-1
+ [bullseye] - powerline-gitstatus <no-dsa> (Minor issue)
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/pull/46
CVE-2022-42896
@@ -16052,9 +16054,9 @@ CVE-2022-38858 (Certain The MPlayer Project products
are vulnerable to Buffer Ov
CVE-2022-38857
RESERVED
CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
- - mplayer <unfixed> (bug #1021013)
+ - mplayer <unfixed> (unimportant; bug #1021013)
NOTE: https://trac.mplayerhq.hu/ticket/2395
- TODO: Fixed by other fixes, but not pin pointed upstream, try to
isolate revision to fix issue
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
- mplayer <unfixed> (unimportant)
NOTE: https://trac.mplayerhq.hu/ticket/2392
@@ -16947,10 +16949,11 @@ CVE-2022-38602
CVE-2022-38601
RESERVED
CVE-2022-38600 (Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via
vf.c and vf ...)
- - mplayer <unfixed> (bug #1021013)
+ - mplayer <unfixed> (unimportant; bug #1021013)
NOTE: https://trac.mplayerhq.hu/ticket/2390#comment:2
NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/59792bad144c11b21b27171a93a36e3fbd21eb5e
(r38380)
NOTE: Followup:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8
(r38392)
+ NOTE: Memory leak in CLI tool, no security impact
CVE-2022-38599
RESERVED
CVE-2022-38598
@@ -27639,6 +27642,7 @@ CVE-2022-34668 (NVFLARE, versions prior to 2.1.4,
contains a vulnerability that
CVE-2022-34667
RESERVED
- nvidia-cuda-toolkit <unfixed> (bug #1021625)
+ [bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
[buster] - nvidia-cuda-toolkit <no-dsa> (Minor issue)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5373
CVE-2022-34666
@@ -69432,36 +69436,42 @@ CVE-2021-44928
RESERVED
CVE-2021-44927 (A null pointer dereference vulnerability exists in gpac 1.1.0
in the g ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1960
NOTE:
https://github.com/gpac/gpac/commit/eaea647cc7dec7b452c17e72f4ce46be35348c92
(v2.0.0)
CVE-2021-44926 (A null pointer dereference vulnerability exists in gpac
1.1.0-DEV in t ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1961
NOTE:
https://github.com/gpac/gpac/commit/f73da86bf32992f62b9ff2b9c9e853e3c97edf8e
(v2.0.0)
CVE-2021-44925 (A null pointer dereference vulnerability exists in gpac 1.1.0
in the g ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1967
NOTE:
https://github.com/gpac/gpac/commit/a5a8dbcdd95666f763fe59ab65154ae9271a18f2
(v2.0.0)
CVE-2021-44924 (An infinite loop vulnerability exists in gpac 1.1.0 in the
gf_log func ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1959
NOTE:
https://github.com/gpac/gpac/commit/e2acb1511d1e69115141ea3080afd1cce6a15497
(v2.0.0)
CVE-2021-44923 (A null pointer dereference vulnerability exists in gpac 1.1.0
in the g ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1962
NOTE:
https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229
(v2.0.0)
CVE-2021-44922 (A null pointer dereference vulnerability exists in gpac 1.1.0
in the B ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1969
@@ -69469,18 +69479,21 @@ CVE-2021-44922 (A null pointer dereference
vulnerability exists in gpac 1.1.0 in
NOTE:
https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a
(v2.0.0)
CVE-2021-44921 (A null pointer dereference vulnerability exists in gpac 1.1.0
in the g ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1964
NOTE:
https://github.com/gpac/gpac/commit/5b4a6417a90223f1ef6c0b41b055716f7bfbbca2
(v2.0.0)
CVE-2021-44920 (An invalid memory address dereference vulnerability exists in
gpac 1.1 ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1957
NOTE:
https://github.com/gpac/gpac/commit/339fe399e7c8eab748bab76e9e6a9da7e117eeb4
(v2.0.0)
CVE-2021-44919 (A Null Pointer Dereference vulnerability exists in the
gf_sg_vrml_mf_a ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1963
@@ -69488,6 +69501,7 @@ CVE-2021-44919 (A Null Pointer Dereference
vulnerability exists in the gf_sg_vrm
NOTE:
https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229
(v2.0.0)
CVE-2021-44918 (A Null Pointer Dereference vulnerability exists in gpac 1.1.0
in the g ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1968
=====================================
data/dsa-needed.txt
=====================================
@@ -37,6 +37,8 @@ multipath-tools
--
openexr
--
+php7.4
+--
php-horde-mime-viewer
--
php-horde-turba
@@ -66,3 +68,5 @@ sofia-sip
sox
patch needed for CVE-2021-40426, check with upstream
--
+xen
+--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab6f8f34abb629753f0ca1fb4e9bf6ba7f66e1e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab6f8f34abb629753f0ca1fb4e9bf6ba7f66e1e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
