Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d82dbd02 by Moritz Muehlenhoff at 2022-11-16T11:04:49+01:00
bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -9888,6 +9888,7 @@ CVE-2022-3462 (The Highlight Focus WordPress plugin
through 1.1 does not sanitis
NOT-FOR-US: WordPress plugin
CVE-2022-42889 (Apache Commons Text performs variable interpolation, allowing
properti ...)
- commons-text 1.10.0-1 (bug #1021787)
+ [bullseye] - commons-text <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/4
NOTE:
https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/
NOTE: https://blogs.apache.org/security/entry/cve-2022-42889
@@ -62120,12 +62121,12 @@ CVE-2022-0395 (Cross-site Scripting (XSS) - Stored in
Packagist remdex/livehelpe
CVE-2022-0394 (Cross-site Scripting (XSS) - Stored in Packagist
remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
...)
- - vim 2:8.2.4659-1
- [bullseye] - vim <no-dsa> (Minor issue)
+ - vim 2:8.2.4659-1 (unimportant)
[buster] - vim <not-affected> (The vulnerable code is not present)
[stretch] - vim <not-affected> (The vulnerable code is not present)
NOTE: https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba
NOTE:
https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323
(v8.2.4233)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with
kernel ...)
NOT-FOR-US: Insyde
CVE-2022-24064 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
@@ -62728,10 +62729,10 @@ CVE-2022-21184 (An information disclosure
vulnerability exists in the License re
NOT-FOR-US: Bachmann Visutec GmbH Atvise
CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
...)
{DLA-3182-1 DLA-2947-1}
- - vim 2:8.2.4659-1
- [bullseye] - vim <no-dsa> (Minor issue)
+ - vim 2:8.2.4659-1 (unimportant)
NOTE: https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9/
NOTE:
https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa
(v8.2.4217)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-0367 (A heap-based buffer overflow flaw was found in libmodbus in
function m ...)
{DLA-3098-1}
- libmodbus 3.1.6-2.1 (bug #1021270)
@@ -63650,17 +63651,16 @@ CVE-2022-0320 (The Essential Addons for Elementor
WordPress plugin before 5.0.5
NOT-FOR-US: WordPress plugin
CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to 8.2. ...)
{DLA-3182-1 DLA-2947-1}
- - vim 2:8.2.4659-1
- [bullseye] - vim <no-dsa> (Minor issue)
+ - vim 2:8.2.4659-1 (unimportant)
NOTE: https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b
NOTE:
https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9
(v8.2.4154)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...)
- - vim 2:8.2.4659-1 (bug #1004859)
- [bullseye] - vim <no-dsa> (Minor issue)
- [buster] - vim <no-dsa> (Minor issue)
+ - vim 2:8.2.4659-1 (bug #1004859; unimportant)
[stretch] - vim <postponed> (Fix introduces a test regression)
NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08
NOTE:
https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc
(v8.2.4151)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-0317 (An improper input validation vulnerability in go-attestation
before 0. ...)
NOT-FOR-US: go-attestation
CVE-2022-0316
@@ -67546,9 +67546,10 @@ CVE-2022-0139 (Use After Free in GitHub repository
radareorg/radare2 prior to 5.
CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device
versions prior ...)
NOT-FOR-US: Airspan Networks
CVE-2022-0137 (A heap buffer overflow in image_set_mask function of HTMLDOC
before 1. ...)
- - htmldoc 1.9.15-1
+ - htmldoc 1.9.15-1 (unimportant)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/461
NOTE: Fixed by:
https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b
(v1.9.15)
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-0136 (A vulnerability was discovered in GitLab versions 10.5 to
14.5.4, 14.6 ...)
- gitlab <unfixed>
CVE-2022-0135 (An out-of-bounds write issue was found in the VirGL virtual
OpenGL ren ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -26,6 +26,8 @@ heimdal (carnil)
--
jackson-databind (apo)
--
+krb5
+--
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v5.10.y versions
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d82dbd02c3402cb2149ccaf630fd5e523dd377f1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d82dbd02c3402cb2149ccaf630fd5e523dd377f1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
