buster/bullseye triage

2 files changed, 12 insertions, 4 deletions

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 8dda8cf42a..7c2c5fa2b0 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -3338,15 +3338,15 @@ CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Bu
 CVE-2021-45388
 	REJECTED
 CVE-2021-45387 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c ...)
-	- tcpreplay 4.4.0-1
-	[stretch] - tcpreplay <no-dsa> (Minor issue)
+	- tcpreplay 4.4.0-1 (unimportant)
 	NOTE: https://github.com/appneta/tcpreplay/issues/687
 	NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-45386 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c ...)
-	- tcpreplay 4.4.0-1
-	[stretch] - tcpreplay <no-dsa> (Minor issue)
+	- tcpreplay 4.4.0-1 (unimportant)
 	NOTE: https://github.com/appneta/tcpreplay/issues/687
 	NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-45385 (A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021 ...)
 	NOT-FOR-US: ffjpeg
 CVE-2021-45384
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index eafb3c672e..cbc99ae98d 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -943,10 +943,14 @@ CVE-2022-0563
 	RESERVED
 CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within  ...)
 	- tiff 4.3.0-4
+	[bullseye] - tiff <no-dsa> (Minor issue)
+	[buster] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b
 CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function within  ...)
 	- tiff 4.3.0-4
+	[bullseye] - tiff <no-dsa> (Minor issue)
+	[buster] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef
 CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
@@ -5248,6 +5252,8 @@ CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTT
 	NOT-FOR-US: Octopus Server
 CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use  ...)
 	- tomcat9 <unfixed>
+	[bullseye] - tomcat9 <postponed> (Minor issue, fix along in future DSA)
+	[buster] - tomcat9 <postponed> (Minor issue, fix along in future DSA)
 	- tomcat8 <removed>
 	[stretch] - tomcat8 <postponed> (Minor issue; local race condition)
 	NOTE: https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9
@@ -9091,6 +9097,8 @@ CVE-2022-21713 (Grafana is an open-source platform for monitoring and observabil
 	- grafana <removed>
 CVE-2022-21712 (twisted is an event-driven networking engine written in Python. In aff ...)
 	- twisted <unfixed>
+	[bullseye] - twisted <no-dsa> (Minor issue)
+	[buster] - twisted <no-dsa> (Minor issue)
 	NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx
 	NOTE: https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2 (twisted-22.1.0rc1)
 CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...)