[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Fri, 17 Mar 2023 03:27:24 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fd95911a by Moritz Muehlenhoff at 2023-03-17T11:26:51+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -44832,8 +44832,8 @@ CVE-2022-38457 (A use-after-free(UAF) vulnerability was 
found in function 'vmw_c
        [buster] - linux <not-affected> (Vulnerable code not present)
        NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2074
 CVE-2022-38096 (A NULL pointer dereference vulnerability was found in vmwgfx 
driver in ...)
-       - linux <unfixed>
-       NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2073
+       NOTE: PoC has been removed, original reporter is unresponsive and not 
reproducible
+       NOTE: It's unclear whether this was a really issue in the first place
 CVE-2022-36402 (An integer overflow vulnerability was found in vmwgfx driver 
in driver ...)
        - linux <undetermined>
        NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2072
@@ -217650,6 +217650,7 @@ CVE-2020-12695 (The Open Connectivity Foundation UPnP 
specification before 2020-
        [buster] - gupnp 1.0.5-0+deb10u1
        - minidlna 1.2.1+dfsg-3 (bug #976594)
        - pupnp-1.8 <unfixed> (bug #983206)
+       [bookworm] - pupnp-1.8 <no-dsa> (Minor issue)
        [bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
        [buster] - pupnp-1.8 <no-dsa> (Minor issue)
        - libupnp <removed>
@@ -229842,6 +229843,7 @@ CVE-2020-8555 (The Kubernetes kube-controller-manager 
in versions v1.0-1.14, ver
        NOTE: https://github.com/kubernetes/kubernetes/issues/91542
 CVE-2020-8554 (Kubernetes API server in all versions allow an attacker who is 
able to ...)
        - kubernetes <unfixed> (bug #990793)
+       [bookworm] - kubernetes <not-affected> (Kubernetes in Bullseye only 
ships the client)
        [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only 
ships the client)
        NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/5
        NOTE: https://github.com/kubernetes/kubernetes/issues/97076



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd95911a49076f04baa4c3156d90fdbcebe2bab3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd95911a49076f04baa4c3156d90fdbcebe2bab3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to