bullseyre/buster triage

3 files changed, 31 insertions, 0 deletions

diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index cefd65a17c..7d45270572 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -13065,6 +13065,7 @@ CVE-2018-16473 (A path traversal in takeapeek module versions <=0.2.2 allows
 	NOT-FOR-US: takeapeek
 CVE-2018-16472 (A prototype pollution attack in cached-path-relative versions <=1.0 ...)
 	- node-cached-path-relative 1.0.2-1
+	[buster] - node-cached-path-relative <no-dsa> (Minor issue)
 	NOTE: https://hackerone.com/reports/390847
 	NOTE: https://github.com/ashaffer/cached-path-relative/issues/3
 	NOTE: Fixed by: https://github.com/ashaffer/cached-path-relative/commit/a43cffec84ed0e9eceecb43b534b6937a8028fc0
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 02a15dc916..3b5ade3529 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -8772,11 +8772,15 @@ CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in U
 	NOT-FOR-US: Sunnet eHRD
 CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable ...)
 	- vim 2:8.2.3995-1
+	[bullseye] - vim <no-dsa> (Minor issue)
+	[buster] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
 	NOTE: Fixed by: https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 (v8.2.3582)
 CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	- vim 2:8.2.3995-1
+	[bullseye] - vim <no-dsa> (Minor issue)
+	[buster] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0
 	NOTE: Fixed by: https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e (v8.2.3581)
@@ -25558,17 +25562,25 @@ CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in G
 	NOTE: https://github.com/gpac/gpac/commit/828188475084db87cebc34208b6bd2509709845e
 CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect access con ...)
 	- libde265 <unfixed>
+	[bullseye] - libde265 <no-dsa> (Minor issue)
+	[buster] - libde265 <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libde265/issues/302
 CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion. ...)
 	- libde265 <unfixed>
+	[bullseye] - libde265 <no-dsa> (Minor issue)
+	[buster] - libde265 <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libde265/issues/301
 CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
 	NOT-FOR-US: Bitdefender
 CVE-2021-36409 (There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at ...)
 	- libde265 <unfixed>
+	[bullseye] - libde265 <no-dsa> (Minor issue)
+	[buster] - libde265 <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libde265/issues/300
 CVE-2021-36408 (An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-f ...)
 	- libde265 <unfixed>
+	[bullseye] - libde265 <no-dsa> (Minor issue)
+	[buster] - libde265 <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libde265/issues/299
 CVE-2021-36407
 	RESERVED
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 777afb0ed9..6d0bee9a8d 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -799,6 +799,8 @@ CVE-2022-0415
 	RESERVED
 CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows attacke ...)
 	- xterm 370-2 (bug #1004689)
+	[bullseye] - xterm <no-dsa> (Minor issue)
+	[buster] - xterm <no-dsa> (Minor issue)
 	NOTE: https://twitter.com/nickblack/status/1487731459398025216
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/2
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/3
@@ -1069,6 +1071,11 @@ CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
 CVE-2022-0391 [urllib.parse does not sanitize URLs containing ASCII newline and tabs]
 	RESERVED
 	- python3.9 3.9.7-1
+	[bullseye] - python3.9 <no-dsa> (Minor issue)
+	- python3.7 <removed>
+	[buster] - python3.7 <no-dsa> (Minor issue)
+	- python3.5 <removed>
+	- python3.4 <removed>
 	NOTE: https://bugs.python.org/issue43882
 	NOTE: Fixed by: https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 (v3.10.0b1)
 	NOTE: Followup for 3.10.x: https://github.com/python/cpython/commit/24f1d1a8a2c4aa58a606b4b6d5fa4305a3b91705 (v3.10.0b2)
@@ -2495,11 +2502,15 @@ CVE-2022-23453
 CVE-2022-23452
 	RESERVED
 	- barbican <unfixed>
+	[bullseye] - barbican <no-dsa> (Minor issue)
+	[buster] - barbican <no-dsa> (Minor issue)
 	NOTE: https://storyboard.openstack.org/#!/story/2009297
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025090
 CVE-2022-23451
 	RESERVED
 	- barbican <unfixed>
+	[bullseye] - barbican <no-dsa> (Minor issue)
+	[buster] - barbican <no-dsa> (Minor issue)
 	NOTE: https://storyboard.openstack.org/#!/story/2009253
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025089
 CVE-2022-23450
@@ -3798,16 +3809,19 @@ CVE-2022-23036
 	RESERVED
 CVE-2022-23035 (Insufficient cleanup of passed-through device IRQs The management of I ...)
 	- xen <unfixed>
+	[bullseye] - xen <postponed> (Fix along with next DSA round)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-395.html
 CVE-2022-23034 (A PV guest could DoS Xen while unmapping a grant To address XSA-380, r ...)
 	- xen <unfixed>
+	[bullseye] - xen <postponed> (Fix along with next DSA round)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-394.html
 CVE-2022-23033 (arm: guest_physmap_remove_page not removing the p2m mappings The funct ...)
 	- xen <unfixed>
+	[bullseye] - xen <postponed> (Fix along with next DSA round)
 	[buster] - xen <not-affected> (Vulnerable code introduced later)
 	[stretch] - xen <not-affected> (Vulnerable code introduced later)
 	NOTE: https://xenbits.xen.org/xsa/advisory-393.html
@@ -7266,12 +7280,16 @@ CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution frame
 	NOTE: 1.12.4 added further changes to avoid regressions for some workflows
 CVE-2022-21681 (Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...)
 	- node-marked 4.0.12+ds+~4.0.1-1
+	[bullseye] - node-marked <no-dsa> (Minor issue)
+	[buster] - node-marked <no-dsa> (Minor issue)
 	NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj
 	NOTE: https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5
 	NOTE: https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0 (4.0.10)
 	NOTE: https://github.com/markedjs/marked/releases/tag/v4.0.10
 CVE-2022-21680 (Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...)
 	- node-marked 4.0.12+ds+~4.0.1-1
+	[bullseye] - node-marked <no-dsa> (Minor issue)
+	[buster] - node-marked <no-dsa> (Minor issue)
 	NOTE: https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0 (4.0.10)
 	NOTE: https://github.com/markedjs/marked/releases/tag/v4.0.10
 	NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf