From a092097465fb1c8804410feb6d8811be1e84294f Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Thu, 19 May 2022 14:31:54 +0200 Subject: buster/bullseye triage --- data/CVE/list | 63 +++++++++++++++++++++++++++++++++++------------------ data/dsa-needed.txt | 2 ++ 2 files changed, 44 insertions(+), 21 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 197b0faefe..9ba9d501b5 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -539,9 +539,10 @@ CVE-2022-1773 CVE-2022-1772 RESERVED CVE-2022-1771 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - - vim + - vim (unimportant) NOTE: https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb NOTE: https://github.com/vim/vim/commit/51f0bfb88a3554ca2dde777d78a59880d1ee37a8 (v8.2.4975) + NOTE: Crash in CLI tool, no security impact CVE-2019-25061 (The random_password_generator (aka RandomPasswordGenerator) gem throug ...) NOT-FOR-US: bvsatyaram/random_password_generator CVE-2022-30973 @@ -3061,10 +3062,11 @@ CVE-2022-30069 CVE-2022-30068 RESERVED CVE-2022-30067 (GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a ...) - - gimp + - gimp (unimportant) NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/8120 NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/4f99f1fcfd892ead19831b5adcd38a99d71214b6 (master) NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/8cd6d05232795ac31076013db1c6be3dc67e8e09 (gimp-2-10) + NOTE: Crash in GUI application, no security impact CVE-2022-30066 RESERVED CVE-2022-30065 (A use-after-free in Busybox 1.35-x's awk applet leads to denial of ser ...) @@ -32764,99 +32766,118 @@ CVE-2021-44511 RESERVED CVE-2021-44510 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44509 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44508 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44507 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44506 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44505 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44504 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44503 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44502 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44501 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44500 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44499 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44498 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44497 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44496 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44495 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44494 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44493 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44492 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS ...) - fis-gtm (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 - TODO: check upstream to find out which changes affect which CVE CVE-2021-44491 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...) NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 TODO: check - unclear if affects only YottaDB diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index f16ddc13b9..db1931999b 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -20,6 +20,8 @@ cifs-utils (carnil) -- condor/oldstable (apo) -- +curl +-- epiphany-browser -- freecad (aron) -- cgit v1.2.3