Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cfb4f210 by Moritz Muehlenhoff at 2021-04-06T19:31:23+02:00
buster triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -439,6 +439,7 @@ CVE-2021-30002 (An issue was discovered in the Linux kernel
before 5.11.3 when a
CVE-2021-3482 [heap-based buffer overflow in Jp2Image::readMetadata() in
jp2image.cpp]
RESERVED
- exiv2 <unfixed>
+ [buster] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/1522
CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted
svg file]
RESERVED
@@ -1962,6 +1963,7 @@ CVE-2021-3469
CVE-2021-3468 [Local DoS by event-busy-loop from writing long lines to
/run/avahi-daemon/socket]
RESERVED
- avahi <unfixed> (bug #984938)
+ [buster] - avahi <no-dsa> (Minor issue)
NOTE: https://github.com/lathiat/avahi/pull/330
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3
CVE-2021-29262
@@ -15661,6 +15663,7 @@ CVE-2021-23336 (The package python/cpython from 0 and
before 3.6.13, from 3.7.0
- python3.5 <removed>
- python2.7 <unfixed>
[bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by
security support)
+ [buster] - python2.7 <no-dsa> (Minor issue)
- pypy3 7.3.3+dfsg-3
[buster] - pypy3 <no-dsa> (Minor issue)
NOTE: https://github.com/python/cpython/pull/24297
@@ -20130,6 +20133,7 @@ CVE-2020-35922 (An issue was discovered in the mio
crate before 0.7.6 for Rust.
TODO: check
CVE-2020-35920 (An issue was discovered in the socket2 crate before 0.3.16 for
Rust. I ...)
- rust-socket2 0.3.19-1
+ [buster] - rust-socket2 <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0079.html
NOTE: https://github.com/rust-lang/socket2-rs/issues/119
CVE-2020-35918 (An issue was discovered in the branca crate before 0.10.0 for
Rust. De ...)
@@ -23649,8 +23653,9 @@ CVE-2021-20310
CVE-2021-20309
RESERVED
CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow
attackers ...)
- - htmldoc <unfixed>
+ - htmldoc <unfixed> (unimportant)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/423
+ NOTE: Crash in CLI tool, no security impact
CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in
libpano1 ...)
- libpano13 2.9.20~rc3+dfsg-1 (bug #985249)
[buster] - libpano13 2.9.19+dfsg-3+deb10u1
@@ -23659,6 +23664,7 @@ CVE-2021-20306
RESERVED
CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where
several Net ...)
- nettle 3.7.2-1 (bug #985652)
+ [buster] - nettle <no-dsa> (Minor issue)
NOTE:
https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html
NOTE: New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical:
NOTE:
https://git.lysator.liu.se/nettle/nettle/-/commit/a63893791280d441c713293491da97c79c0950fe
@@ -23932,11 +23938,12 @@ CVE-2021-20244 (A flaw was found in ImageMagick in
MagickCore/visual-effects.c.
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d
NOTE: In IM6 the code seems to be in magick/fx.c
CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An
attacker wh ...)
- - imagemagick <undetermined>
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/3193
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/9751bd619872c8e58609fbed56c4827afa083b40
- TODO: check
+ NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745
(resize.c hunk)
CVE-2021-20242
REJECTED
CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker
who submi ...)
@@ -40200,6 +40207,7 @@ CVE-2020-25694 (A flaw was found in PostgreSQL versions
before 13.1, before 12.5
CVE-2020-25693 (A flaw was found in CImg in versions prior to 2.9.3. Integer
overflows ...)
{DLA-2462-1}
- cimg 2.9.4+dfsg-2 (bug #973770)
+ [buster] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/dtschump/CImg/pull/295
NOTE: https://bugs.launchpad.net/ubuntu/+source/cimg/+bug/1900983
NOTE: Fixed by:
https://github.com/dtschump/CImg/commit/4f184f89f9ab6785a6c90fd238dbaa6d901d3505
@@ -70559,6 +70567,7 @@ CVE-2020-12365 (Untrusted pointer dereference in some
Intel(R) Graphics Drivers
CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for
Windows* ...)
- linux <unfixed>
- firmware-nonfree 20210208-1
+ [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
NOTE: Short of details:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the
NOTE: firmware is required. The new firmware requires a kernel patch
@@ -70567,6 +70576,7 @@ CVE-2020-12364 (Null pointer reference in some Intel(R)
Graphics Drivers for Win
CVE-2020-12363 (Improper input validation in some Intel(R) Graphics Drivers
for Window ...)
- linux <unfixed>
- firmware-nonfree 20210208-1
+ [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
NOTE: Short of details:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the
NOTE: firmware is required. The new firmware requires a kernel patch
@@ -70575,6 +70585,7 @@ CVE-2020-12363 (Improper input validation in some
Intel(R) Graphics Drivers for
CVE-2020-12362 (Integer overflow in the firmware for some Intel(R) Graphics
Drivers fo ...)
- linux <unfixed>
- firmware-nonfree 20210208-1
+ [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
NOTE: Short of details:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the
NOTE: firmware is required. The new firmware requires a kernel patch
=====================================
data/dsa-needed.txt
=====================================
@@ -25,6 +25,8 @@ linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v4.19.y versions.
--
+netty9
+--
python-bleach
--
python-pysaml2 (jmm)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfb4f210fec4c71a5d80b21d6a014d8cf77b270a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfb4f210fec4c71a5d80b21d6a014d8cf77b270a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
