diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2022-01-09 20:06:52 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-01-09 20:06:52 +0100 |
| commit | f6bf1612701684e094b80bf8d25df461d96f9b27 (patch) | |
| tree | f76a52af022fd9fde4d6bf1b5e3110d55d43aede | |
| parent | cac7c1c6ec1974dc24ae5e50e1f217af74b23899 (diff) | |
buster/bullseye triage
| -rw-r--r-- | data/CVE/list | 8 | ||||
| -rw-r--r-- | data/dsa-needed.txt | 2 |
2 files changed, 8 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list index 7f02f3c217..b906e44830 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -9,6 +9,8 @@ CVE-2022-22845 RESERVED CVE-2022-22844 (LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c i ...) - tiff <unfixed> + [bullseye] - tiff <no-dsa> (Minor issue) + [buster] - tiff <no-dsa> (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/355 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/287 CVE-2022-22843 @@ -1569,9 +1571,9 @@ CVE-2021-46062 CVE-2021-46061 RESERVED CVE-2021-46060 (A NULL Pointer Dereference vulnerability exists in GNU inetutils 2.2 v ...) - - inetutils <unfixed> + - inetutils <unfixed> (unimportant) NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00017.html - TODO: check details + NOTE: Crash in CLI tool, no security impact CVE-2021-46059 (A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim ...) - vim 2:8.2.3995-1 [bullseye] - vim <no-dsa> (Minor issue) @@ -1967,6 +1969,8 @@ CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertib TODO: check correctness of commit, might not affect any Debian released version CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-o ...) - qtsvg-opensource-src 5.15.2-4 (bug #1002991) + [bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue) + [buster] - qtsvg-opensource-src <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 631708776e..53fc73b72f 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -24,6 +24,8 @@ condor -- faad2/oldstable (jmm) -- +librecad +-- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v4.19.y versions. |