Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2ab79e93 by Thorsten Alteholz at 2021-04-25T11:10:37+02:00 nothing todo for openexr - - - - - 7684a804 by Thorsten Alteholz at 2021-04-25T11:10:38+02:00 mark CVE-2021-23169 as not-affected for Stretch - - - - - dd60ef55 by Thorsten Alteholz at 2021-04-25T11:10:38+02:00 add gpac - - - - - f130c54c by Thorsten Alteholz at 2021-04-25T11:10:39+02:00 mark CVE-2021-20208 as no-dsa for Stretch - - - - - 6f06631c by Thorsten Alteholz at 2021-04-25T11:11:57+02:00 mark CVE-2021-29470 as not-affected for Stretch - - - - - 91235228 by Thorsten Alteholz at 2021-04-25T11:16:54+02:00 mark CVE-2020-15078 as no-dsa for Stretch - - - - - 8c89194d by Thorsten Alteholz at 2021-04-25T11:24:04+02:00 mark CVE-2021-31597 as no-dsa - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -406,6 +406,7 @@ CVE-2021-31598 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi CVE-2021-31597 (The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL c ...) - node-xmlhttprequest-ssl <unfixed> [buster] - node-xmlhttprequest-ssl <ignored> (Minor issue, should possibly be removed from stable as well) + [stretch] - node-xmlhttprequest-ssl <no-dsa> (Minor issue) NOTE: https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2 NOTE: https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt CVE-2021-31596 @@ -546,6 +547,7 @@ CVE-2021-23169 [Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer] RESERVED - openexr <unfixed> [buster] - openexr <not-affected> (Vulnerable code not present) + [stretch] - openexr <not-affected> (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28051 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ae6d203892cc9311917a7f4f05354ef792b3e58e CVE-2020-36324 (Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflect ...) @@ -5127,6 +5129,7 @@ CVE-2021-29471 CVE-2021-29470 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 <unfixed> [buster] - exiv2 <no-dsa> (Minor issue) + [stretch] - exiv2 <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj NOTE: https://github.com/Exiv2/exiv2/pull/1581 CVE-2021-29469 (Node-redis is a Node.js Redis client. Before version 3.1.1, when a cli ...) @@ -28136,6 +28139,7 @@ CVE-2021-20209 CVE-2021-20208 (A flaw was found in cifs-utils in versions before 6.13. A user when mo ...) - cifs-utils <unfixed> (bug #987308) [buster] - cifs-utils <no-dsa> (Minor issue) + [stretch] - cifs-utils <no-dsa> (Minor issue) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14651 NOTE: https://lists.samba.org/archive/samba-technical/2021-April/136467.html NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=e461afd8cfa6d0781ae0c5c10e89b6ef1ca6da32 @@ -67205,6 +67209,7 @@ CVE-2020-15078 RESERVED - openvpn <unfixed> (bug #987380) [buster] - openvpn <no-dsa> (Minor issue) + [stretch] - openvpn <no-dsa> (Minor issue) NOTE: https://github.com/OpenVPN/openvpn/commit/f7b3bf067ffce72e7de49a4174fd17a3a83f0573 (v2.5.2) NOTE: https://github.com/OpenVPN/openvpn/commit/3d18e308c4e7e6f7ab7c2826c70d2d07b031c18a (v2.5.2) NOTE: https://github.com/OpenVPN/openvpn/commit/3aca477a1b58714754fea3a26d0892fffc51db6b (v2.5.2) ===================================== data/dla-needed.txt ===================================== @@ -62,6 +62,8 @@ golang-gogoprotobuf NOTE: 20210318: The generated code is in many other go packages. NOTE: 20210329: See discussion at https://lists.debian.org/debian-lts/2021/03/msg00011.html -- +gpac (Thorsten Alteholz) +-- gsoap (Abhijith PA) NOTE: 20210420: upstream only responded with suggestion to upgrade (abhijith) -- @@ -85,8 +87,6 @@ nvidia-graphics-drivers NOTE: package is in non-free but also in packages-to-support NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077 -- -openexr --- ring (Thorsten Alteholz) -- ruby-actionpack-page-caching View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d1e0af3f09c5a79977457a9dad0f1a86f9c86151...8c89194d7eea2f8ad5f53d72f38ca27f5cbdaa41 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d1e0af3f09c5a79977457a9dad0f1a86f9c86151...8c89194d7eea2f8ad5f53d72f38ca27f5cbdaa41 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits