From f6bf1612701684e094b80bf8d25df461d96f9b27 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 9 Jan 2022 20:06:52 +0100
Subject: buster/bullseye triage

---
 data/CVE/list       | 8 ++++++--
 data/dsa-needed.txt | 2 ++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/data/CVE/list b/data/CVE/list
index 7f02f3c217..b906e44830 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9,6 +9,8 @@ CVE-2022-22845
 	RESERVED
 CVE-2022-22844 (LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c i ...)
 	- tiff <unfixed>
+	[bullseye] - tiff <no-dsa> (Minor issue)
+	[buster] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/355
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/287
 CVE-2022-22843
@@ -1569,9 +1571,9 @@ CVE-2021-46062
 CVE-2021-46061
 	RESERVED
 CVE-2021-46060 (A NULL Pointer Dereference vulnerability exists in GNU inetutils 2.2 v ...)
-	- inetutils <unfixed>
+	- inetutils <unfixed> (unimportant)
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00017.html
-	TODO: check details
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-46059 (A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim ...)
 	- vim 2:8.2.3995-1
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -1967,6 +1969,8 @@ CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertib
 	TODO: check correctness of commit, might not affect any Debian released version
 CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-o ...)
 	- qtsvg-opensource-src 5.15.2-4 (bug #1002991)
+	[bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue)
+	[buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index 631708776e..53fc73b72f 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -24,6 +24,8 @@ condor
 --
 faad2/oldstable (jmm)
 --
+librecad
+--
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v4.19.y versions.
-- 
cgit v1.2.3