[Git][security-tracker-team/security-tracker][master] 7 commits: nothing todo for openexr

Thorsten Alteholz Sun, 25 Apr 2021 02:28:26 -0700


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2ab79e93 by Thorsten Alteholz at 2021-04-25T11:10:37+02:00
nothing todo for openexr

- - - - -
7684a804 by Thorsten Alteholz at 2021-04-25T11:10:38+02:00
mark CVE-2021-23169 as not-affected for Stretch

- - - - -
dd60ef55 by Thorsten Alteholz at 2021-04-25T11:10:38+02:00
add gpac

- - - - -
f130c54c by Thorsten Alteholz at 2021-04-25T11:10:39+02:00
mark CVE-2021-20208 as no-dsa for Stretch

- - - - -
6f06631c by Thorsten Alteholz at 2021-04-25T11:11:57+02:00
mark CVE-2021-29470 as not-affected for Stretch

- - - - -
91235228 by Thorsten Alteholz at 2021-04-25T11:16:54+02:00
mark CVE-2020-15078 as no-dsa for Stretch

- - - - -
8c89194d by Thorsten Alteholz at 2021-04-25T11:24:04+02:00
mark CVE-2021-31597 as no-dsa

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -406,6 +406,7 @@ CVE-2021-31598 (An issue was discovered in libezxml.a in 
ezXML 0.8.6. The functi
 CVE-2021-31597 (The xmlhttprequest-ssl package before 1.6.1 for Node.js 
disables SSL c ...)
        - node-xmlhttprequest-ssl <unfixed>
        [buster] - node-xmlhttprequest-ssl <ignored> (Minor issue, should 
possibly be removed from stable as well)
+       [stretch] - node-xmlhttprequest-ssl <no-dsa> (Minor issue)
        NOTE: 
https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2
        NOTE: 
https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt
 CVE-2021-31596
@@ -546,6 +547,7 @@ CVE-2021-23169 [Heap-buffer-overflow in 
Imf_2_5::copyIntoFrameBuffer]
        RESERVED
        - openexr <unfixed>
        [buster] - openexr <not-affected> (Vulnerable code not present)
+       [stretch] - openexr <not-affected> (Vulnerable code not present)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28051
        NOTE: 
https://github.com/AcademySoftwareFoundation/openexr/commit/ae6d203892cc9311917a7f4f05354ef792b3e58e
 CVE-2020-36324 (Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows 
Reflect ...)
@@ -5127,6 +5129,7 @@ CVE-2021-29471
 CVE-2021-29470 (Exiv2 is a command-line utility and C++ library for reading, 
writing,  ...)
        - exiv2 <unfixed>
        [buster] - exiv2 <no-dsa> (Minor issue)
+       [stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj
        NOTE: https://github.com/Exiv2/exiv2/pull/1581
 CVE-2021-29469 (Node-redis is a Node.js Redis client. Before version 3.1.1, 
when a cli ...)
@@ -28136,6 +28139,7 @@ CVE-2021-20209
 CVE-2021-20208 (A flaw was found in cifs-utils in versions before 6.13. A user 
when mo ...)
        - cifs-utils <unfixed> (bug #987308)
        [buster] - cifs-utils <no-dsa> (Minor issue)
+       [stretch] - cifs-utils <no-dsa> (Minor issue)
        NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14651
        NOTE: 
https://lists.samba.org/archive/samba-technical/2021-April/136467.html
        NOTE: 
https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=e461afd8cfa6d0781ae0c5c10e89b6ef1ca6da32
@@ -67205,6 +67209,7 @@ CVE-2020-15078
        RESERVED
        - openvpn <unfixed> (bug #987380)
        [buster] - openvpn <no-dsa> (Minor issue)
+       [stretch] - openvpn <no-dsa> (Minor issue)
        NOTE: 
https://github.com/OpenVPN/openvpn/commit/f7b3bf067ffce72e7de49a4174fd17a3a83f0573
 (v2.5.2)
        NOTE: 
https://github.com/OpenVPN/openvpn/commit/3d18e308c4e7e6f7ab7c2826c70d2d07b031c18a
 (v2.5.2)
        NOTE: 
https://github.com/OpenVPN/openvpn/commit/3aca477a1b58714754fea3a26d0892fffc51db6b
 (v2.5.2)


=====================================
data/dla-needed.txt
=====================================
@@ -62,6 +62,8 @@ golang-gogoprotobuf
   NOTE: 20210318: The generated code is in many other go packages.
   NOTE: 20210329: See discussion at 
https://lists.debian.org/debian-lts/2021/03/msg00011.html
 --
+gpac (Thorsten Alteholz)
+--
 gsoap (Abhijith PA)
   NOTE: 20210420: upstream only responded with suggestion to upgrade (abhijith)
 --
@@ -85,8 +87,6 @@ nvidia-graphics-drivers
   NOTE: package is in non-free but also in packages-to-support
   NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in 
Stretch, no fix available for CVE-2021-1077
 --
-openexr
---
 ring (Thorsten Alteholz)
 --
 ruby-actionpack-page-caching



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d1e0af3f09c5a79977457a9dad0f1a86f9c86151...8c89194d7eea2f8ad5f53d72f38ca27f5cbdaa41

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d1e0af3f09c5a79977457a9dad0f1a86f9c86151...8c89194d7eea2f8ad5f53d72f38ca27f5cbdaa41
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 7 commits: nothing todo for openexr

Reply via email to