[Git][security-tracker-team/security-tracker][master] bullseye triage

Tue, 29 Nov 2022 00:25:14 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f8915d75 by Moritz Muehlenhoff at 2022-11-29T09:24:46+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -950,10 +950,10 @@ CVE-2022-45898
 CVE-2022-4144 [QXL: qxl_phys2virt unsafe address translation can lead to 
out-of-bounds read]
        RESERVED
        - qemu <unfixed>
+       [bullseye] - qemu <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2148506
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html
        NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1336
-       TODO: check details
 CVE-2022-4143
        RESERVED
 CVE-2022-4142
@@ -4157,10 +4157,12 @@ CVE-2022-44794 (An issue was discovered in Object First 
1.0.7.712. Management pr
        NOT-FOR-US: Object First
 CVE-2022-44793 (handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c 
in Net-S ...)
        - net-snmp <unfixed> (bug #1024020)
+       [bullseye] - net-snmp <no-dsa> (Minor issue)
        NOTE: https://github.com/net-snmp/net-snmp/issues/475
        NOTE: 
https://gist.github.com/menglong2234/d07a65b5028145c9f4e1d1db8c4c202f
 CVE-2022-44792 (handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in 
Net-SNMP  ...)
        - net-snmp <unfixed> (bug #1024020)
+       [bullseye] - net-snmp <no-dsa> (Minor issue)
        NOTE: https://github.com/net-snmp/net-snmp/issues/474
        NOTE: 
https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428
 CVE-2022-44791
@@ -15353,6 +15355,7 @@ CVE-2022-3325 (Improper access control in the GitLab 
CE/EE API affecting all ver
 CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior 
to 9.0. ...)
        {DLA-3182-1}
        - vim 2:9.0.0626-1
+       [bullseye] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c/
        NOTE: 
https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb 
(v9.0.0598)
 CVE-2022-3323 (An SQL injection vulnerability in Advantech iView 5.7.04.6469. 
The spe ...)
@@ -21993,8 +21996,7 @@ CVE-2022-38863 (Certain The MPlayer Project products 
are vulnerable to Buffer Ov
        NOTE: 
https://git.ffmpeg.org/gitweb/mplayer.git/commit/b5e745b4bfab2835103a060094fae3c6cc1ba17d
 (r38393)
        NOTE: Crash in CLI tool, no security impact
 CVE-2022-38862 (Certain The MPlayer Project products are vulnerable to Buffer 
Overflow ...)
-       - mplayer <unfixed> (bug #1021013)
-       [bullseye] - mplayer <no-dsa> (Minor issue)
+       NOTE: Unreproducible issue, probably a bug in the reporter's ASAN setup
        NOTE: https://trac.mplayerhq.hu/ticket/2400
        NOTE: https://trac.mplayerhq.hu/ticket/2404
 CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to 
memory  ...)
@@ -35599,6 +35601,7 @@ CVE-2022-33980 (Apache Commons Configuration performs 
variable interpolation, al
 CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 
...)
        {DLA-3204-1}
        - vim 2:9.0.0135-1 (bug #1015984)
+       [bullseye] - vim <no-dsa> (Minor issue)
        [stretch] - vim <postponed> (Minor issue)
        NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352
        NOTE: 
https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d 
(v8.2.5126)
@@ -43635,6 +43638,7 @@ CVE-2022-31009 (wire-ios is an iOS client for the Wire 
secure messaging applicat
        NOT-FOR-US: wire-ios
 CVE-2022-31008 (RabbitMQ is a multi-protocol messaging and streaming broker. 
In affect ...)
        - rabbitmq-server 3.10.8-1
+       [bullseye] - rabbitmq-server <no-dsa> (Minor issue)
        [buster] - rabbitmq-server <not-affected> (Vulnerable code introduced 
later)
        NOTE: 
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-v9gv-xp36-jgj8
        NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/4841



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8915d750e02b409853c4b5680a4968c8b996dd6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8915d750e02b409853c4b5680a4968c8b996dd6
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to