Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: d82dbd02 by Moritz Muehlenhoff at 2022-11-16T11:04:49+01:00 bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -9888,6 +9888,7 @@ CVE-2022-3462 (The Highlight Focus WordPress plugin through 1.1 does not sanitis NOT-FOR-US: WordPress plugin CVE-2022-42889 (Apache Commons Text performs variable interpolation, allowing properti ...) - commons-text 1.10.0-1 (bug #1021787) + [bullseye] - commons-text <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/4 NOTE: https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/ NOTE: https://blogs.apache.org/security/entry/cve-2022-42889 @@ -62120,12 +62121,12 @@ CVE-2022-0395 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelpe CVE-2022-0394 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...) - - vim 2:8.2.4659-1 - [bullseye] - vim <no-dsa> (Minor issue) + - vim 2:8.2.4659-1 (unimportant) [buster] - vim <not-affected> (The vulnerable code is not present) [stretch] - vim <not-affected> (The vulnerable code is not present) NOTE: https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba NOTE: https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323 (v8.2.4233) + NOTE: Crash in CLI tool, no security impact CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...) NOT-FOR-US: Insyde CVE-2022-24064 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -62728,10 +62729,10 @@ CVE-2022-21184 (An information disclosure vulnerability exists in the License re NOT-FOR-US: Bachmann Visutec GmbH Atvise CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...) {DLA-3182-1 DLA-2947-1} - - vim 2:8.2.4659-1 - [bullseye] - vim <no-dsa> (Minor issue) + - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9/ NOTE: https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa (v8.2.4217) + NOTE: Crash in CLI tool, no security impact CVE-2022-0367 (A heap-based buffer overflow flaw was found in libmodbus in function m ...) {DLA-3098-1} - libmodbus 3.1.6-2.1 (bug #1021270) @@ -63650,17 +63651,16 @@ CVE-2022-0320 (The Essential Addons for Elementor WordPress plugin before 5.0.5 NOT-FOR-US: WordPress plugin CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to 8.2. ...) {DLA-3182-1 DLA-2947-1} - - vim 2:8.2.4659-1 - [bullseye] - vim <no-dsa> (Minor issue) + - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b NOTE: https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9 (v8.2.4154) + NOTE: Crash in CLI tool, no security impact CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...) - - vim 2:8.2.4659-1 (bug #1004859) - [bullseye] - vim <no-dsa> (Minor issue) - [buster] - vim <no-dsa> (Minor issue) + - vim 2:8.2.4659-1 (bug #1004859; unimportant) [stretch] - vim <postponed> (Fix introduces a test regression) NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08 NOTE: https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc (v8.2.4151) + NOTE: Crash in CLI tool, no security impact CVE-2022-0317 (An improper input validation vulnerability in go-attestation before 0. ...) NOT-FOR-US: go-attestation CVE-2022-0316 @@ -67546,9 +67546,10 @@ CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5. CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) NOT-FOR-US: Airspan Networks CVE-2022-0137 (A heap buffer overflow in image_set_mask function of HTMLDOC before 1. ...) - - htmldoc 1.9.15-1 + - htmldoc 1.9.15-1 (unimportant) NOTE: https://github.com/michaelrsweet/htmldoc/issues/461 NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b (v1.9.15) + NOTE: Crash in CLI tool, no security impact CVE-2022-0136 (A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 ...) - gitlab <unfixed> CVE-2022-0135 (An out-of-bounds write issue was found in the VirGL virtual OpenGL ren ...) ===================================== data/dsa-needed.txt ===================================== @@ -26,6 +26,8 @@ heimdal (carnil) -- jackson-databind (apo) -- +krb5 +-- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v5.10.y versions View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d82dbd02c3402cb2149ccaf630fd5e523dd377f1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d82dbd02c3402cb2149ccaf630fd5e523dd377f1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits