[Git][security-tracker-team/security-tracker][master] 2 commits: various bugs

Moritz Muehlenhoff Sat, 06 Mar 2021 12:18:05 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a736b065 by Moritz Mühlenhoff at 2021-03-06T21:17:39+01:00
various bugs

- - - - -
e466c26f by Moritz Mühlenhoff at 2021-03-06T21:17:41+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2021-28044
 CVE-2021-28043
        RESERVED
 CVE-2021-28042 (Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows 
Directory Tra ...)
-       TODO: check
+       NOT-FOR-US: Deutsche Post Mailoptimizer
 CVE-2021-3423
        RESERVED
 CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be 
relevant ...)
@@ -25,27 +25,27 @@ CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a 
double free that may be re
 CVE-2021-28040 (An issue was discovered in OSSEC 3.6.0. An uncontrolled 
recursion vuln ...)
        - ossec-hids <itp> (bug #361954)
 CVE-2021-28037 (An issue was discovered in the internment crate before 0.4.2 
for Rust. ...)
-       TODO: check
+       NOT-FOR-US: Rust crate internment
 CVE-2021-28036 (An issue was discovered in the quinn crate before 0.7.0 for 
Rust. It m ...)
-       TODO: check
+       NOT-FOR-US: Rust crate quinn
 CVE-2021-28035 (An issue was discovered in the stack_dst crate before 0.6.1 
for Rust.  ...)
-       TODO: check
+       NOT-FOR-US: Rust crate stack_dst
 CVE-2021-28034 (An issue was discovered in the stack_dst crate before 0.6.1 
for Rust.  ...)
-       TODO: check
+       NOT-FOR-US: Rust crate stack_dst
 CVE-2021-28033 (An issue was discovered in the byte_struct crate before 0.6.1 
for Rust ...)
-       TODO: check
+       NOT-FOR-US: Rust crate byte_struct
 CVE-2021-28032 (An issue was discovered in the nano_arena crate before 0.5.2 
for Rust. ...)
-       TODO: check
+       NOT-FOR-US: Rust crate nano_arena
 CVE-2021-28031 (An issue was discovered in the scratchpad crate before 1.3.1 
for Rust. ...)
-       TODO: check
+       NOT-FOR-US: Rust crate scratchpad
 CVE-2021-28030 (An issue was discovered in the truetype crate before 0.30.1 
for Rust.  ...)
-       TODO: check
+       NOT-FOR-US: Rust crate truetype
 CVE-2021-28029 (An issue was discovered in the toodee crate before 0.3.0 for 
Rust. The ...)
-       TODO: check
+       NOT-FOR-US: Rust crate toodee
 CVE-2021-28028 (An issue was discovered in the toodee crate before 0.3.0 for 
Rust. Row ...)
-       TODO: check
+       NOT-FOR-US: Rust crate toodee
 CVE-2021-28027 (An issue was discovered in the bam crate before 0.1.3 for 
Rust. There  ...)
-       TODO: check
+       NOT-FOR-US: Rust crate bam
 CVE-2021-28026 (jpeg-xl v0.3.2 is affected by a heap buffer overflow in 
/lib/jxl/coeff ...)
        - jpeg-xl <itp> (bug #948862)
 CVE-2021-28025
@@ -9553,7 +9553,7 @@ CVE-2021-23898
 CVE-2021-23897
        RESERVED
 CVE-2021-25900 (An issue was discovered in the smallvec crate before 0.6.14 
and 1.x be ...)
-       - rust-smallvec <unfixed>
+       - rust-smallvec <unfixed> (bug #984665)
        NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0003.html
        NOTE: https://github.com/servo/rust-smallvec/issues/252
 CVE-2021-3127
@@ -15335,7 +15335,7 @@ CVE-2019-25009 (An issue was discovered in the http 
crate before 0.1.20 for Rust
        - rust-http <unfixed>
        NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0034.html
 CVE-2019-25008 (An issue was discovered in the http crate before 0.1.20 for 
Rust. Head ...)
-       - rust-http <unfixed>
+       - rust-http <unfixed> (bug #969896)
        NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0033.html
 CVE-2019-25007 (An issue was discovered in the streebog crate before 0.8.0 for 
Rust. T ...)
        NOT-FOR-US: streebog rust crate
@@ -74209,7 +74209,7 @@ CVE-2020-9490 (Apache HTTP Server versions 2.4.20 to 
2.4.43. A specially crafted
        NOTE: 
https://github.com/apache/httpd/commit/a61223e9cb906110f35ec144b93fee9eb80ad6e4
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2030
 CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit 
in Tika' ...)
-       - tika <unfixed>
+       - tika <unfixed> (bug #984666)
        [bullseye] - tika <no-dsa> (Minor issue)
        [buster] - tika <no-dsa> (Minor issue)
        [jessie] - tika <ignored> (the fix is too invasive to backport)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0baaf4a49cc766af0c50e00266bb97bac62dfa24...e466c26fa7aa30d78c669f0353d879490d53be34

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0baaf4a49cc766af0c50e00266bb97bac62dfa24...e466c26fa7aa30d78c669f0353d879490d53be34
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: various bugs

Reply via email to