Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
03378f2f by Moritz Muehlenhoff at 2022-12-12T18:56:26+01:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3113,7 +3113,7 @@ CVE-2022-4135 (Heap buffer overflow in GPU in Google
Chrome prior to 107.0.5304.
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-4134
RESERVED
- - glance <unfixed>
+ NOTE: There's no code fix, just an update on best practices
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2147462
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0090
NOTE: https://bugs.launchpad.net/ossn/+bug/1990157
@@ -4929,6 +4929,7 @@ CVE-2022-45284
RESERVED
CVE-2022-45283 (GPAC MP4box v2.0.0 was discovered to contain a stack overflow
in the s ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2295
NOTE:
https://github.com/gpac/gpac/commit/0fc714872ba4536a1190f93aa278b6e08f8c60df
@@ -13877,6 +13878,7 @@ CVE-2022-42962
RESERVED
CVE-2022-42961 (An issue was discovered in wolfSSL before 5.5.0. A fault
injection att ...)
- wolfssl 5.5.3-1 (bug #1023574)
+ [bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable
CVE-2022-42960 (EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3,
2.0.4, 2.1.1 ...)
NOT-FOR-US: EqualWeb Accessibility Widget
@@ -14028,10 +14030,12 @@ CVE-2022-3511 (The Awesome Support WordPress plugin
before 6.1.2 does not ensure
NOT-FOR-US: WordPress plugin
CVE-2022-3510 (A parsing issue similar to CVE-2022-3171, but with Message-Type
Extens ...)
- protobuf <unfixed>
+ [bullseye] - protobuf <no-dsa> (Minor issue)
NOTE:
https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48
CVE-2022-3509 (A parsing issue similar to CVE-2022-3171, but with textformat
in proto ...)
[experimental] - protobuf 3.21.7-1
- protobuf 3.21.9-3
+ [bullseye] - protobuf <no-dsa> (Minor issue)
NOTE:
https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9
(v21.7, v3.21.7)
CVE-2022-3508
RESERVED
@@ -14152,6 +14156,7 @@ CVE-2022-42907
RESERVED
CVE-2022-42905 (In wolfSSL before 5.5.2, if callback functions are enabled
(via the WO ...)
- wolfssl 5.5.3-1
+ [bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE: Fixed in 5.5.2
(https://www.wolfssl.com/docs/security-vulnerabilities/)
CVE-2022-42904 (Zoho ManageEngine ADManager Plus through 7151 allows
authenticated adm ...)
NOT-FOR-US: Zoho ManageEngine
@@ -23489,6 +23494,7 @@ CVE-2022-39174
RESERVED
CVE-2022-39173 (In wolfSSL before 5.5.1, malicious clients can cause a buffer
overflow ...)
- wolfssl 5.5.3-1 (bug #1021021)
+ [bullseye] - wolfssl <no-dsa> (Minor issue)
CVE-2022-39172
RESERVED
CVE-2022-39171
@@ -33855,6 +33861,7 @@ CVE-2022-35410 (mat2 (aka metadata anonymisation
toolkit) before 0.13.0 allows .
NOTE: https://dustri.org/b/mat2-0130.html
CVE-2022-35409 (An issue was discovered in Mbed TLS before 2.28.1 and 3.x
before 3.2.0 ...)
- mbedtls 2.28.1-1
+ [bullseye] - mbedtls <no-dsa> (Minor issue)
NOTE:
https://github.com/Mbed-TLS/mbedtls-docs/blob/5e9790353d2d9e41e85262eebe52fd90bb49f1e0/security-advisories/advisories/mbedtls-security-advisory-2022-07.md
NOTE:
https://github.com/Mbed-TLS/mbedtls/commit/f333dfab4a6c2d8a604a61558a8f783145161de4
(v2.28.1)
NOTE:
https://github.com/Mbed-TLS/mbedtls/commit/e5af9fabf7d68e3807b6ea78792794b8352dbba2
(v2.28.1)
@@ -43639,6 +43646,7 @@ CVE-2022-1942 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
CVE-2022-1941 (A parsing vulnerability for the MessageSet type in the
ProtocolBuffers ...)
[experimental] - protobuf 3.20.2-1
- protobuf 3.21.9-3
+ [bullseye] - protobuf <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/09/27/1
NOTE:
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf
NOTE:
https://github.com/protocolbuffers/protobuf/commit/806d7e4ce6f1fd0545cae226b94cb0249ea495c7
(v3.20.2)
@@ -61286,6 +61294,7 @@ CVE-2022-24440 (The package cocoapods-downloader before
1.6.0, from 1.6.2 and be
NOT-FOR-US: cocoapods-downloader
CVE-2022-24439 (All versions of package gitpython are vulnerable to Remote
Code Execut ...)
- python-git <unfixed>
+ [bullseye] - python-git <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858
NOTE: https://github.com/gitpython-developers/GitPython/issues/1515
CVE-2022-24438
@@ -78784,6 +78793,7 @@ CVE-2021-44733 (A use-after-free exists in
drivers/tee/tee_shm.c in the TEE subs
CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain
out-of-memory condi ...)
[experimental] - mbedtls 2.28.0-0.1
- mbedtls 2.28.0-0.3 (bug #1002631)
+ [bullseye] - mbedtls <no-dsa> (Minor issue)
NOTE:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12
NOTE:
https://github.com/ARMmbed/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc
(mbedtls-2.16.12)
CVE-2021-44731 (A race condition existed in the snapd 2.54.2 snap-confine
binary when ...)
@@ -83256,6 +83266,7 @@ CVE-2021-43667 (A vulnerability has been detected in
HyperLedger Fabric v1.4.0,
NOT-FOR-US: HyperLedger
CVE-2021-43666 (A Denial of Service vulnerability exists in mbed TLS 3.0.0 and
earlier ...)
- mbedtls 2.28.0-1
+ [bullseye] - mbedtls <no-dsa> (Minor issue)
NOTE: https://github.com/ARMmbed/mbedtls/issues/5136
NOTE: Backport 2.16: https://github.com/ARMmbed/mbedtls/pull/5311
CVE-2021-43665
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03378f2f23a5174a20aa686adcbf67c15a9df4f1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03378f2f23a5174a20aa686adcbf67c15a9df4f1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
