From 8a54b2ffb25ffb5e300ed0e5573427f8891caac0 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 26 Jan 2022 11:54:03 +0100
Subject: buster/bullseye triage remove node-matrix-js-sdk for CVE-2021-44538,
 seems unrelated

---
 data/CVE/list.2021  |  3 ++-
 data/CVE/list.2022  | 13 +++++++++++++
 data/dsa-needed.txt |  2 ++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index a6449a2d97..8666d093b5 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -3051,6 +3051,8 @@ CVE-2021-45341 (A buffer overflow vulnerability in CDataMoji of the jwwlib compo
 	NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/f3502963eaf379a429bc9da73c1224c5db649997
 CVE-2021-45340 (In Libsixel prior to and including v1.10.3, a NULL pointer dereference ...)
 	- libsixel <unfixed> (bug #1004377)
+	[bullseye] - libsixel <no-dsa> (Minor issue)
+	[buster] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/libsixel/libsixel/issues/51
 	NOTE: Fixed by: https://github.com/libsixel/libsixel/pull/52
 CVE-2021-45339 (Privilege escalation vulnerability in Avast Antivirus prior to 20.4 al ...)
@@ -5290,7 +5292,6 @@ CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7
 	- olm 3.2.8~dfsg-1 (bug #1001664)
 	[bullseye] - olm <no-dsa> (Minor issue)
 	[buster] - olm <not-affected> (Vulnerable code introduced later)
-	- node-matrix-js-sdk <unfixed>
 	- thunderbird 1:91.4.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-44538
 	NOTE: https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk/
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index 901220c1c8..6652d50731 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -116,6 +116,8 @@ CVE-2022-23936
 	RESERVED
 CVE-2022-23935 (lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ / ...)
 	- libimage-exiftool-perl 12.38+dfsg-1
+	[bullseye] - libimage-exiftool-perl <no-dsa> (Minor issue)
+	[buster] - libimage-exiftool-perl <no-dsa> (Minor issue)
 	NOTE: https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582 (12.38)
 CVE-2022-23934
 	RESERVED
@@ -2777,35 +2779,46 @@ CVE-2022-22896
 	RESERVED
 CVE-2022-22895 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...)
 	- iotjs <unfixed> (bug #1004298)
+	[bullseye] - iotjs <no-dsa> (Minor issue)
 	[buster] - iotjs <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4850
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4882
 CVE-2022-22894 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...)
 	- iotjs <unfixed> (bug #1004298)
+	[bullseye] - iotjs <no-dsa> (Minor issue)
+	[buster] - iotjs <no-dsa> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890
 	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899
 CVE-2022-22893 (Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_lo ...)
 	- iotjs <unfixed> (bug #1004298)
+	[bullseye] - iotjs <no-dsa> (Minor issue)
+	[buster] - iotjs <no-dsa> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4901
 	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4945
 CVE-2022-22892 (There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_valu ...)
 	- iotjs <unfixed> (bug #1004298)
+	[bullseye] - iotjs <no-dsa> (Minor issue)
 	[buster] - iotjs <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4872
 	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878
 CVE-2022-22891 (Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via e ...)
 	- iotjs <unfixed> (bug #1004298)
+	[bullseye] - iotjs <no-dsa> (Minor issue)
 	[buster] - iotjs <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4871
 	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4885
 CVE-2022-22890 (There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT &am ...)
 	- iotjs <unfixed> (bug #1004298)
+	[bullseye] - iotjs <no-dsa> (Minor issue)
+	[buster] - iotjs <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4849
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4847
 CVE-2022-22889
 	RESERVED
 CVE-2022-22888 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...)
 	- iotjs <unfixed> (bug #1004298)
+	[bullseye] - iotjs <no-dsa> (Minor issue)
+	[buster] - iotjs <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4877
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4848
 CVE-2022-22887
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index 3aa941f08b..5cc4f3971f 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -28,6 +28,8 @@ linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v4.19.y versions.
 --
+minetest
+--
 ndpi/oldstable
 --
 nodejs (jmm)
-- 
cgit v1.2.3