Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: cfb4f210 by Moritz Muehlenhoff at 2021-04-06T19:31:23+02:00 buster triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -439,6 +439,7 @@ CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a CVE-2021-3482 [heap-based buffer overflow in Jp2Image::readMetadata() in jp2image.cpp] RESERVED - exiv2 <unfixed> + [buster] - exiv2 <no-dsa> (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/1522 CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file] RESERVED @@ -1962,6 +1963,7 @@ CVE-2021-3469 CVE-2021-3468 [Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket] RESERVED - avahi <unfixed> (bug #984938) + [buster] - avahi <no-dsa> (Minor issue) NOTE: https://github.com/lathiat/avahi/pull/330 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3 CVE-2021-29262 @@ -15661,6 +15663,7 @@ CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 3.7.0 - python3.5 <removed> - python2.7 <unfixed> [bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support) + [buster] - python2.7 <no-dsa> (Minor issue) - pypy3 7.3.3+dfsg-3 [buster] - pypy3 <no-dsa> (Minor issue) NOTE: https://github.com/python/cpython/pull/24297 @@ -20130,6 +20133,7 @@ CVE-2020-35922 (An issue was discovered in the mio crate before 0.7.6 for Rust. TODO: check CVE-2020-35920 (An issue was discovered in the socket2 crate before 0.3.16 for Rust. I ...) - rust-socket2 0.3.19-1 + [buster] - rust-socket2 <no-dsa> (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0079.html NOTE: https://github.com/rust-lang/socket2-rs/issues/119 CVE-2020-35918 (An issue was discovered in the branca crate before 0.10.0 for Rust. De ...) @@ -23649,8 +23653,9 @@ CVE-2021-20310 CVE-2021-20309 RESERVED CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow attackers ...) - - htmldoc <unfixed> + - htmldoc <unfixed> (unimportant) NOTE: https://github.com/michaelrsweet/htmldoc/issues/423 + NOTE: Crash in CLI tool, no security impact CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in libpano1 ...) - libpano13 2.9.20~rc3+dfsg-1 (bug #985249) [buster] - libpano13 2.9.19+dfsg-3+deb10u1 @@ -23659,6 +23664,7 @@ CVE-2021-20306 RESERVED CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where several Net ...) - nettle 3.7.2-1 (bug #985652) + [buster] - nettle <no-dsa> (Minor issue) NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html NOTE: New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical: NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/a63893791280d441c713293491da97c79c0950fe @@ -23932,11 +23938,12 @@ CVE-2021-20244 (A flaw was found in ImageMagick in MagickCore/visual-effects.c. NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d NOTE: In IM6 the code seems to be in magick/fx.c CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An attacker wh ...) - - imagemagick <undetermined> + - imagemagick <unfixed> + [bullseye] - imagemagick <ignored> (Minor issue) [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/pull/3193 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/9751bd619872c8e58609fbed56c4827afa083b40 - TODO: check + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745 (resize.c hunk) CVE-2021-20242 REJECTED CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker who submi ...) @@ -40200,6 +40207,7 @@ CVE-2020-25694 (A flaw was found in PostgreSQL versions before 13.1, before 12.5 CVE-2020-25693 (A flaw was found in CImg in versions prior to 2.9.3. Integer overflows ...) {DLA-2462-1} - cimg 2.9.4+dfsg-2 (bug #973770) + [buster] - cimg <no-dsa> (Minor issue) NOTE: https://github.com/dtschump/CImg/pull/295 NOTE: https://bugs.launchpad.net/ubuntu/+source/cimg/+bug/1900983 NOTE: Fixed by: https://github.com/dtschump/CImg/commit/4f184f89f9ab6785a6c90fd238dbaa6d901d3505 @@ -70559,6 +70567,7 @@ CVE-2020-12365 (Untrusted pointer dereference in some Intel(R) Graphics Drivers CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for Windows* ...) - linux <unfixed> - firmware-nonfree 20210208-1 + [buster] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the NOTE: firmware is required. The new firmware requires a kernel patch @@ -70567,6 +70576,7 @@ CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for Win CVE-2020-12363 (Improper input validation in some Intel(R) Graphics Drivers for Window ...) - linux <unfixed> - firmware-nonfree 20210208-1 + [buster] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the NOTE: firmware is required. The new firmware requires a kernel patch @@ -70575,6 +70585,7 @@ CVE-2020-12363 (Improper input validation in some Intel(R) Graphics Drivers for CVE-2020-12362 (Integer overflow in the firmware for some Intel(R) Graphics Drivers fo ...) - linux <unfixed> - firmware-nonfree 20210208-1 + [buster] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the NOTE: firmware is required. The new firmware requires a kernel patch ===================================== data/dsa-needed.txt ===================================== @@ -25,6 +25,8 @@ linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v4.19.y versions. -- +netty9 +-- python-bleach -- python-pysaml2 (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfb4f210fec4c71a5d80b21d6a014d8cf77b270a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfb4f210fec4c71a5d80b21d6a014d8cf77b270a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits