diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2022-07-05 13:58:25 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-07-05 13:58:25 +0200 |
| commit | 870809503daeedbaddd825dff6f1c46113aec776 (patch) | |
| tree | 4fcc957619e69d49a1f210e6e0ec566bce674f50 | |
| parent | 3ab16cc0085e0ac6b523c206fcfbc438d2240e32 (diff) | |
buster/bullseye triage
add reference for openssl issue
| -rw-r--r-- | data/CVE/list | 99 | ||||
| -rw-r--r-- | data/embedded-code-copies | 1 |
2 files changed, 36 insertions, 64 deletions
diff --git a/data/CVE/list b/data/CVE/list index 4ae8c1ad9c..e328e8e604 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -898,6 +898,7 @@ CVE-2022-2274 (The OpenSSL 3.0.4 release introduced a serious bug in the RSA imp [buster] - openssl <not-affected> (Vulnerable code not present) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345 NOTE: https://github.com/openssl/openssl/issues/18625 + NOTE: https://www.openssl.org/news/secadv/20220705.txt CVE-2022-2273 RESERVED CVE-2022-2272 @@ -13816,10 +13817,11 @@ CVE-2022-30047 (Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection v CVE-2022-30046 RESERVED CVE-2022-30045 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) - - mapcache <unfixed> (bug #1014389) + - mapcache <unfixed> (unimportant; bug #1014389) - navit <unfixed> (bug #1014390) - scilab <unfixed> (bug #1014391) NOTE: https://sourceforge.net/p/ezxml/bugs/29/ + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2022-30044 RESERVED CVE-2022-30043 @@ -80464,9 +80466,7 @@ CVE-2021-31599 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 a NOT-FOR-US: Hitachi CVE-2021-31598 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - - mapcache <unfixed> (bug #989363) - [bullseye] - mapcache <no-dsa> (Minor issue) - [buster] - mapcache <no-dsa> (Minor issue) + - mapcache <unfixed> (unimportant; bug #989363) [stretch] - mapcache <no-dsa> (Minor issue) - scilab <unfixed> (bug #989364) [bullseye] - scilab <no-dsa> (Minor issue) @@ -80479,6 +80479,7 @@ CVE-2021-31598 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/28/ + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2021-31597 (The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL c ...) - node-xmlhttprequest-ssl <unfixed> [buster] - node-xmlhttprequest-ssl <ignored> (Minor issue, should possibly be removed from stable as well) @@ -81114,10 +81115,7 @@ CVE-2021-31349 (The usage of an internal HTTP header created an authentication b NOT-FOR-US: Juniper CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - - mapcache <unfixed> (bug #989363) - [bullseye] - mapcache <no-dsa> (Minor issue) - [buster] - mapcache <no-dsa> (Minor issue) - [stretch] - mapcache <no-dsa> (Minor issue) + - mapcache <unfixed> (unimportant; bug #989363) - scilab <unfixed> (bug #989364) [bullseye] - scilab <no-dsa> (Minor issue) [buster] - scilab <no-dsa> (Minor issue) @@ -81129,12 +81127,10 @@ CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/27/ + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - - mapcache <unfixed> (bug #989363) - [bullseye] - mapcache <no-dsa> (Minor issue) - [buster] - mapcache <no-dsa> (Minor issue) - [stretch] - mapcache <no-dsa> (Minor issue) + - mapcache <unfixed> (unimportant; bug #989363) - scilab <unfixed> (bug #989364) [bullseye] - scilab <no-dsa> (Minor issue) [buster] - scilab <no-dsa> (Minor issue) @@ -81146,6 +81142,7 @@ CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/27/ + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2021-31346 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) NOT-FOR-US: Siemens CVE-2021-31345 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) @@ -81433,10 +81430,7 @@ CVE-2021-31230 RESERVED CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - - mapcache <unfixed> (bug #989363) - [bullseye] - mapcache <no-dsa> (Minor issue) - [buster] - mapcache <no-dsa> (Minor issue) - [stretch] - mapcache <no-dsa> (Minor issue) + - mapcache <unfixed> (unimportant; bug #989363) - scilab <unfixed> (bug #989364) [bullseye] - scilab <no-dsa> (Minor issue) [buster] - scilab <no-dsa> (Minor issue) @@ -81448,6 +81442,7 @@ CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/26/ + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2021-31228 (An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnera ...) NOT-FOR-US: HCC embedded InterNiche CVE-2021-31227 (An issue was discovered in HCC embedded InterNiche 4.0.1. A potential ...) @@ -83551,10 +83546,7 @@ CVE-2021-30486 (SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injectio NOT-FOR-US: SysAid CVE-2021-30485 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - - mapcache <unfixed> (bug #989363) - [bullseye] - mapcache <no-dsa> (Minor issue) - [buster] - mapcache <no-dsa> (Minor issue) - [stretch] - mapcache <no-dsa> (Minor issue) + - mapcache <unfixed> (unimportant; bug #989363) - scilab <unfixed> (bug #989364) [bullseye] - scilab <no-dsa> (Minor issue) [buster] - scilab <no-dsa> (Minor issue) @@ -83566,6 +83558,7 @@ CVE-2021-30485 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/25 + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2021-30484 RESERVED CVE-2021-30483 (isomorphic-git before 1.8.2 allows Directory Traversal via a crafted r ...) @@ -94275,10 +94268,7 @@ CVE-2021-26224 (Cross-site scripting (XSS) vulnerability in SourceCodester Fanta CVE-2021-26223 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...) NOT-FOR-US: SourceCodester CASAP Automated Enrollment System CVE-2021-26222 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ...) - - mapcache <unfixed> (bug #989363) - [bullseye] - mapcache <no-dsa> (Minor issue) - [buster] - mapcache <no-dsa> (Minor issue) - [stretch] - mapcache <no-dsa> (Minor issue) + - mapcache <unfixed> (unimportant; bug #989363) - scilab <unfixed> (bug #989364) [bullseye] - scilab <no-dsa> (Minor issue) [buster] - scilab <no-dsa> (Minor issue) @@ -94291,11 +94281,9 @@ CVE-2021-26222 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/22/ + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2021-26221 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ...) - - mapcache <unfixed> (bug #989363) - [bullseye] - mapcache <no-dsa> (Minor issue) - [buster] - mapcache <no-dsa> (Minor issue) - [stretch] - mapcache <no-dsa> (Minor issue) + - mapcache <unfixed> (unimportant; bug #989363) - scilab <unfixed> (bug #989364) [bullseye] - scilab <no-dsa> (Minor issue) [buster] - scilab <no-dsa> (Minor issue) @@ -94308,11 +94296,9 @@ CVE-2021-26221 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/21/ + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2021-26220 (The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to O ...) - - mapcache <unfixed> (bug #989363) - [bullseye] - mapcache <no-dsa> (Minor issue) - [buster] - mapcache <no-dsa> (Minor issue) - [stretch] - mapcache <no-dsa> (Minor issue) + - mapcache <unfixed> (unimportant; bug #989363) - scilab <unfixed> (bug #989364) [bullseye] - scilab <no-dsa> (Minor issue) [buster] - scilab <no-dsa> (Minor issue) @@ -94325,6 +94311,7 @@ CVE-2021-26220 (The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerabl [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/223/ + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2021-26219 RESERVED CVE-2021-26218 @@ -178744,10 +178731,7 @@ CVE-2019-20203 (The Authorized Addresses feature in the Postie plugin 1.9.40 for CVE-2020-5179 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 7.4.3 devices CVE-2019-20202 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - - mapcache <unfixed> (bug #989363) - [bullseye] - mapcache <no-dsa> (Minor issue) - [buster] - mapcache <no-dsa> (Minor issue) - [stretch] - mapcache <no-dsa> (Minor issue) + - mapcache <unfixed> (unimportant; bug #989363) - scilab <unfixed> (bug #989364) [bullseye] - scilab <no-dsa> (Minor issue) [buster] - scilab <no-dsa> (Minor issue) @@ -178760,11 +178744,9 @@ CVE-2019-20202 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/17/ + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_ ...) - - mapcache <unfixed> (bug #989363) - [bullseye] - mapcache <no-dsa> (Minor issue) - [buster] - mapcache <no-dsa> (Minor issue) - [stretch] - mapcache <no-dsa> (Minor issue) + - mapcache <unfixed> (unimportant; bug #989363) - scilab <unfixed> (bug #989364) [bullseye] - scilab <no-dsa> (Minor issue) [buster] - scilab <no-dsa> (Minor issue) @@ -178777,11 +178759,9 @@ CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_ [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/16/ + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2019-20200 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - - mapcache <unfixed> (bug #989363) - [bullseye] - mapcache <no-dsa> (Minor issue) - [buster] - mapcache <no-dsa> (Minor issue) - [stretch] - mapcache <no-dsa> (Minor issue) + - mapcache <unfixed> (unimportant; bug #989363) - scilab <unfixed> (bug #989364) [bullseye] - scilab <no-dsa> (Minor issue) [buster] - scilab <no-dsa> (Minor issue) @@ -178794,11 +178774,9 @@ CVE-2019-20200 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/19/ + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2019-20199 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - - mapcache <unfixed> (bug #989363) - [bullseye] - mapcache <no-dsa> (Minor issue) - [buster] - mapcache <no-dsa> (Minor issue) - [stretch] - mapcache <no-dsa> (Minor issue) + - mapcache <unfixed> (unimportant; bug #989363) - scilab <unfixed> (bug #989364) [bullseye] - scilab <no-dsa> (Minor issue) [buster] - scilab <no-dsa> (Minor issue) @@ -178811,11 +178789,9 @@ CVE-2019-20199 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/18/ + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2019-20198 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - - mapcache <unfixed> (bug #989363) - [bullseye] - mapcache <no-dsa> (Minor issue) - [buster] - mapcache <no-dsa> (Minor issue) - [stretch] - mapcache <no-dsa> (Minor issue) + - mapcache <unfixed> (unimportant; bug #989363) - scilab <unfixed> (bug #989364) [bullseye] - scilab <no-dsa> (Minor issue) [buster] - scilab <no-dsa> (Minor issue) @@ -178828,6 +178804,7 @@ CVE-2019-20198 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/20/ + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2020-5178 RESERVED CVE-2020-5177 @@ -181908,10 +181885,7 @@ CVE-2019-20009 (An issue was discovered in GNU LibreDWG before 0.93. Crafted inp CVE-2019-20008 (In Archery before 1.3, inserting an XSS payload into a project name (e ...) NOT-FOR-US: Archery CVE-2019-20007 (An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezx ...) - - mapcache <unfixed> (bug #989363) - [bullseye] - mapcache <no-dsa> (Minor issue) - [buster] - mapcache <no-dsa> (Minor issue) - [stretch] - mapcache <no-dsa> (Minor issue) + - mapcache <unfixed> (unimportant; bug #989363) - scilab <unfixed> (bug #989364) [bullseye] - scilab <no-dsa> (Minor issue) [buster] - scilab <no-dsa> (Minor issue) @@ -181924,11 +181898,9 @@ CVE-2019-20007 (An issue was discovered in ezXML 0.8.2 through 0.8.6. The functi [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/13/ + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2019-20006 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - - mapcache <unfixed> (bug #989363) - [bullseye] - mapcache <no-dsa> (Minor issue) - [buster] - mapcache <no-dsa> (Minor issue) - [stretch] - mapcache <no-dsa> (Minor issue) + - mapcache <unfixed> (unimportant; bug #989363) - scilab <unfixed> (bug #989364) [bullseye] - scilab <no-dsa> (Minor issue) [buster] - scilab <no-dsa> (Minor issue) @@ -181941,11 +181913,9 @@ CVE-2019-20006 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/15/ + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - - mapcache <unfixed> (bug #989363) - [bullseye] - mapcache <no-dsa> (Minor issue) - [buster] - mapcache <no-dsa> (Minor issue) - [stretch] - mapcache <no-dsa> (Minor issue) + - mapcache <unfixed> (unimportant; bug #989363) - scilab <unfixed> (bug #989364) [bullseye] - scilab <no-dsa> (Minor issue) [buster] - scilab <no-dsa> (Minor issue) @@ -181958,6 +181928,7 @@ CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi [bullseye] - netcdf-parallel <no-dsa> (Minor issue) [buster] - netcdf-parallel <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/14/ + NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2019-20004 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the ...) NOT-FOR-US: Intelbras CVE-2019-20003 (Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored ...) diff --git a/data/embedded-code-copies b/data/embedded-code-copies index 2660d24628..5ee2aaeb0f 100644 --- a/data/embedded-code-copies +++ b/data/embedded-code-copies @@ -3495,6 +3495,7 @@ ezxml (not packaged in Debian; no ITP) - netcdf-parallel <unfixed> (embed; bug #989361) - navit <not-affected> (embed; bug #989362) - mapcache <unfixed> (embed; bug #989363) + NOTE: mapcache only uses ezxml to parse config file, doesn't trust any trust boundary, no need to file bugs - scilab <unfixed> (embed; bug #989364) libstb |