diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2022-02-15 10:58:52 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-02-15 11:06:57 +0100 |
commit | b6164c24ce1b0d670495040c9cf38eed4cb6a444 (patch) | |
tree | 26621e797a6972720ddfe1d6f5bc2ea7f00ebb18 | |
parent | 754a4fce0a53c6387980f2f201bebdb3bae53c08 (diff) |
buster/bullseye triage
-rw-r--r-- | data/CVE/2021.list | 1 | ||||
-rw-r--r-- | data/CVE/2022.list | 11 |
2 files changed, 11 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 10fbd5ff12..9ec0af22fa 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -4282,6 +4282,7 @@ CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input Du CVE-2021-4115 [file descriptor leak allows an unprivileged user to cause a crash] RESERVED - policykit-1 <unfixed> (bug #1005784) + [bullseye] - policykit-1 <no-dsa> (Minor issue) [buster] - policykit-1 <not-affected> (Vulnerable code not present, patch introducing issue not backported) [stretch] - policykit-1 <not-affected> (Vulnerable code not present, patch introducing issue not backported) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2007534 diff --git a/data/CVE/2022.list b/data/CVE/2022.list index b7783ecab2..4b23bea65b 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -456,6 +456,8 @@ CVE-2022-24981 RESERVED CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 ...) - wireshark <unfixed> + [bullseye] - wireshark <no-dsa> (Minor issue) + [buster] - wireshark <no-dsa> (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17813 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-01.html CVE-2022-0585 @@ -464,14 +466,20 @@ CVE-2022-0584 RESERVED CVE-2022-0583 (Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3 ...) - wireshark <unfixed> + [bullseye] - wireshark <no-dsa> (Minor issue) + [buster] - wireshark <no-dsa> (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17840 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-03.html CVE-2022-0582 (Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to ...) - wireshark <unfixed> + [bullseye] - wireshark <no-dsa> (Minor issue) + [buster] - wireshark <no-dsa> (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17882 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-04.html CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3. ...) - wireshark <unfixed> + [bullseye] - wireshark <no-dsa> (Minor issue) + [buster] - wireshark <no-dsa> (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17935 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-05.html CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to 22.2.0 ...) @@ -1073,10 +1081,11 @@ CVE-2022-23104 RESERVED CVE-2022-0563 [partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline] RESERVED - - util-linux <unfixed> + - util-linux <unfixed> (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053151 NOTE: https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u NOTE: https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 + NOTE: util-linux in Debian not built with readline support CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within ...) - tiff 4.3.0-4 [bullseye] - tiff <no-dsa> (Minor issue) |