Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
237bccab by Moritz Muehlenhoff at 2022-11-09T14:13:56+01:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,6 +9,7 @@ CVE-2022-45061 (An issue was discovered in Python before
3.11.1. An unnecessary
- python3.11 <unfixed>
- python3.10 <unfixed>
- python3.9 <unfixed>
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
- python3.7 <removed>
NOTE: https://github.com/python/cpython/issues/98433
NOTE: https://github.com/python/cpython/pull/99092
@@ -70366,6 +70367,7 @@ CVE-2021-45267 (An invalid memory address dereference
vulnerability exists in gp
NOTE:
https://github.com/gpac/gpac/commit/29f31f431b18278b94c659452562e8a027436487
(v2.0.0)
CVE-2021-45266 (A null pointer dereference vulnerability exists in gpac 1.1.0
via the ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1985
@@ -70376,12 +70378,14 @@ CVE-2021-45264
RESERVED
CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the
gf_svg_dele ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1975
NOTE:
https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9
(v2.0.0)
CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the
gf_sg_comma ...)
- gpac 2.0.0+dfsg1-2
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1980
@@ -75022,12 +75026,12 @@ CVE-2021-3970 (A potential vulnerability in
LenovoVariable SMI Handler due to in
CVE-2021-3969 (A Time of Check Time of Use (TOCTOU) vulnerability was reported
in IMC ...)
NOT-FOR-US: Lenovo
CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
- - vim 2:8.2.3995-1 (bug #1001900)
- [bullseye] - vim <no-dsa> (Minor issue)
+ - vim 2:8.2.3995-1 (unimportant; bug #1001900)
[buster] - vim <not-affected> (The vulnerable code is not present)
[stretch] - vim <not-affected> (The vulnerable code is not present)
NOTE: https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528/
NOTE:
https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69
(v8.2.3610)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-21741 (Tensorflow is an Open Source Machine Learning Framework. ###
Impact An ...)
- tensorflow <itp> (bug #804612)
CVE-2022-21740 (Tensorflow is an Open Source Machine Learning Framework. The
implement ...)
@@ -77963,16 +77967,16 @@ CVE-2021-43358 (Sunnet eHRD has inadequate filtering
for special characters in U
NOT-FOR-US: Sunnet eHRD
CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable ...)
{DLA-3182-1 DLA-2947-1}
- - vim 2:8.2.3995-1
- [bullseye] - vim <no-dsa> (Minor issue)
+ - vim 2:8.2.3995-1 (unimportant)
NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
NOTE: Fixed by:
https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732
(v8.2.3582)
+ NOTE: Crash in CLI tool, no security impact
CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...)
{DLA-3182-1 DLA-2947-1}
- - vim 2:8.2.3995-1
- [bullseye] - vim <no-dsa> (Minor issue)
+ - vim 2:8.2.3995-1 (unimportant)
NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0
NOTE: Fixed by:
https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e
(v8.2.3581)
+ NOTE: Crash in CLI tool, no security impact
CVE-2021-43357
RESERVED
CVE-2021-43350 (An unauthenticated Apache Traffic Control Traffic Ops user can
send a ...)
@@ -79915,12 +79919,11 @@ CVE-2021-3904 (grav is vulnerable to Improper
Neutralization of Input During Web
NOT-FOR-US: Grav CMS
CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
{DLA-3053-1}
- - vim 2:8.2.3565-1
- [bullseye] - vim <no-dsa> (Minor issue)
- [buster] - vim <no-dsa> (Minor issue)
+ - vim 2:8.2.3565-1 (unimportant)
NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
NOTE:
https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
NOTE: PoC crashes starting with
https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8
(v8.2.0149)
+ NOTE: Crash in CLI tool, no security impact
CVE-2020-36503 (The Connections Business Directory WordPress plugin before 9.7
does no ...)
NOT-FOR-US: WordPress plugin
CVE-2021-43010 (In Safedog Apache v4.0.30255, attackers can bypass this
product for SQ ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/237bccabc56a947264a896c3149525543048dd75
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/237bccabc56a947264a896c3149525543048dd75
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
