[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2021-41736,CVE-2021-41737/faust: stretch postponed

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e6fdd805 by Sylvain Beucler at 2022-03-31T10:24:22+02:00
CVE-2021-41736,CVE-2021-41737/faust: stretch postponed

- - - - -
3dd1fc06 by Sylvain Beucler at 2022-03-31T10:24:23+02:00
CVE-2021-23556/guake: stretch postponed

- - - - -
df330379 by Sylvain Beucler at 2022-03-31T10:30:29+02:00
CVE-2021-4219/imagemagick: stretch postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8228,6 +8228,7 @@ CVE-2021-4219 (A flaw was found in ImageMagick. The 
vulnerability occurs due to
        - imagemagick <unfixed>
        [bullseye] - imagemagick <no-dsa> (Minor issue)
        [buster] - imagemagick <no-dsa> (Minor issue)
+       [stretch] - imagemagick <postponed> (Minor issue, DoS)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/4626
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/c10351c16b8d2cabd11d2627a02de522570f6ceb
 CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
SWAMP Plu ...)
@@ -34516,11 +34517,13 @@ CVE-2021-41737
        - faust <unfixed>
        [bullseye] - faust <no-dsa> (Minor issue)
        [buster] - faust <no-dsa> (Minor issue)
+       [stretch] - faust <postponed> (Minor issue, no patch/acknowledgment yet)
        NOTE: https://github.com/grame-cncm/faust/issues/653
 CVE-2021-41736 (Faust v2.35.0 was discovered to contain a heap-buffer overflow 
in the  ...)
        - faust <unfixed>
        [bullseye] - faust <no-dsa> (Minor issue)
        [buster] - faust <no-dsa> (Minor issue)
+       [stretch] - faust <postponed> (Minor issue, no patch/acknowledgment yet)
        NOTE: https://github.com/grame-cncm/faust/issues/653
 CVE-2021-41735
        RESERVED
@@ -79897,10 +79900,12 @@ CVE-2021-23556 (The package guake before 3.8.5 are 
vulnerable to Exposed Dangero
        - guake 3.8.5-1
        [bullseye] - guake <no-dsa> (Minor issue)
        [buster] - guake <no-dsa> (Minor issue)
+       [stretch] - guake <postponed> (Minor issue, unclear crossed security 
boundaries, no final fix yet)
        NOTE: 
https://github.com/Guake/guake/commit/b769b3a5fd71a107c58679d217cccc971b4196b4 
(3.8.2)
        NOTE: https://github.com/Guake/guake/issues/1796
        NOTE: https://github.com/Guake/guake/pull/2017
        NOTE: https://snyk.io/vuln/SNYK-PYTHON-GUAKE-2386334
+       NOTE: Regression/reversion: https://github.com/Guake/guake/issues/2042
 CVE-2021-23555 (The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass 
via dire ...)
        NOT-FOR-US: Node vm2
 CVE-2021-23554



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c6872d22db04f7d6f2deb12e09040f1babb77c5...df3303798ba2f8fd951c082cdbb8f2b12d844f12

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c6872d22db04f7d6f2deb12e09040f1babb77c5...df3303798ba2f8fd951c082cdbb8f2b12d844f12
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits