diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2022-02-14 17:36:57 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-02-14 17:36:57 +0100 |
commit | c1208d4bec5b661af5c2778a22fe4fc42e9fdb58 (patch) | |
tree | 8838645ae2d56e61f46e6fe04f503aa41863be9d | |
parent | 249ccd96bc0d049de21e2fb5974a7f5351d1007d (diff) |
buster/bullseye triage
-rw-r--r-- | data/CVE/list.2021 | 8 | ||||
-rw-r--r-- | data/CVE/list.2022 | 8 |
2 files changed, 12 insertions, 4 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 8dda8cf42a..7c2c5fa2b0 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -3338,15 +3338,15 @@ CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Bu CVE-2021-45388 REJECTED CVE-2021-45387 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c ...) - - tcpreplay 4.4.0-1 - [stretch] - tcpreplay <no-dsa> (Minor issue) + - tcpreplay 4.4.0-1 (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/687 NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0) + NOTE: Crash in CLI tool, no security impact CVE-2021-45386 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c ...) - - tcpreplay 4.4.0-1 - [stretch] - tcpreplay <no-dsa> (Minor issue) + - tcpreplay 4.4.0-1 (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/687 NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0) + NOTE: Crash in CLI tool, no security impact CVE-2021-45385 (A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021 ...) NOT-FOR-US: ffjpeg CVE-2021-45384 diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index eafb3c672e..cbc99ae98d 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -943,10 +943,14 @@ CVE-2022-0563 RESERVED CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within ...) - tiff 4.3.0-4 + [bullseye] - tiff <no-dsa> (Minor issue) + [buster] - tiff <no-dsa> (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function within ...) - tiff 4.3.0-4 + [bullseye] - tiff <no-dsa> (Minor issue) + [buster] - tiff <no-dsa> (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...) @@ -5248,6 +5252,8 @@ CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTT NOT-FOR-US: Octopus Server CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use ...) - tomcat9 <unfixed> + [bullseye] - tomcat9 <postponed> (Minor issue, fix along in future DSA) + [buster] - tomcat9 <postponed> (Minor issue, fix along in future DSA) - tomcat8 <removed> [stretch] - tomcat8 <postponed> (Minor issue; local race condition) NOTE: https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9 @@ -9091,6 +9097,8 @@ CVE-2022-21713 (Grafana is an open-source platform for monitoring and observabil - grafana <removed> CVE-2022-21712 (twisted is an event-driven networking engine written in Python. In aff ...) - twisted <unfixed> + [bullseye] - twisted <no-dsa> (Minor issue) + [buster] - twisted <no-dsa> (Minor issue) NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx NOTE: https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2 (twisted-22.1.0rc1) CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...) |