summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMoritz Muehlenhoff <jmm@debian.org>2022-01-26 11:54:03 +0100
committerMoritz Muehlenhoff <jmm@debian.org>2022-01-26 11:55:52 +0100
commit8a54b2ffb25ffb5e300ed0e5573427f8891caac0 (patch)
tree517cf98c810c2b308507aefe558ef276e68d7f8c
parent5014d8fe2272223dcb9cddb0a1e945a64fc44a06 (diff)
buster/bullseye triage
remove node-matrix-js-sdk for CVE-2021-44538, seems unrelated
Diffstat
-rw-r--r--data/CVE/list.20213
-rw-r--r--data/CVE/list.202213
-rw-r--r--data/dsa-needed.txt2
3 files changed, 17 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index a6449a2d97..8666d093b5 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -3051,6 +3051,8 @@ CVE-2021-45341 (A buffer overflow vulnerability in CDataMoji of the jwwlib compo
NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/f3502963eaf379a429bc9da73c1224c5db649997
CVE-2021-45340 (In Libsixel prior to and including v1.10.3, a NULL pointer dereference ...)
- libsixel <unfixed> (bug #1004377)
+ [bullseye] - libsixel <no-dsa> (Minor issue)
+ [buster] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/libsixel/libsixel/issues/51
NOTE: Fixed by: https://github.com/libsixel/libsixel/pull/52
CVE-2021-45339 (Privilege escalation vulnerability in Avast Antivirus prior to 20.4 al ...)
@@ -5290,7 +5292,6 @@ CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7
- olm 3.2.8~dfsg-1 (bug #1001664)
[bullseye] - olm <no-dsa> (Minor issue)
[buster] - olm <not-affected> (Vulnerable code introduced later)
- - node-matrix-js-sdk <unfixed>
- thunderbird 1:91.4.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-44538
NOTE: https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk/
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index 901220c1c8..6652d50731 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -116,6 +116,8 @@ CVE-2022-23936
RESERVED
CVE-2022-23935 (lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ / ...)
- libimage-exiftool-perl 12.38+dfsg-1
+ [bullseye] - libimage-exiftool-perl <no-dsa> (Minor issue)
+ [buster] - libimage-exiftool-perl <no-dsa> (Minor issue)
NOTE: https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582 (12.38)
CVE-2022-23934
RESERVED
@@ -2777,35 +2779,46 @@ CVE-2022-22896
RESERVED
CVE-2022-22895 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...)
- iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4850
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4882
CVE-2022-22894 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...)
- iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899
CVE-2022-22893 (Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_lo ...)
- iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4901
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4945
CVE-2022-22892 (There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_valu ...)
- iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4872
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878
CVE-2022-22891 (Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via e ...)
- iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4871
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4885
CVE-2022-22890 (There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT &am ...)
- iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4849
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4847
CVE-2022-22889
RESERVED
CVE-2022-22888 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...)
- iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4877
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4848
CVE-2022-22887
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index 3aa941f08b..5cc4f3971f 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -28,6 +28,8 @@ linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v4.19.y versions.
--
+minetest
+--
ndpi/oldstable
--
nodejs (jmm)

© 2014-2024 Faster IT GmbH | imprint | privacy policy