Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: e6fdd805 by Sylvain Beucler at 2022-03-31T10:24:22+02:00 CVE-2021-41736,CVE-2021-41737/faust: stretch postponed - - - - - 3dd1fc06 by Sylvain Beucler at 2022-03-31T10:24:23+02:00 CVE-2021-23556/guake: stretch postponed - - - - - df330379 by Sylvain Beucler at 2022-03-31T10:30:29+02:00 CVE-2021-4219/imagemagick: stretch postponed - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -8228,6 +8228,7 @@ CVE-2021-4219 (A flaw was found in ImageMagick. The vulnerability occurs due to - imagemagick <unfixed> [bullseye] - imagemagick <no-dsa> (Minor issue) [buster] - imagemagick <no-dsa> (Minor issue) + [stretch] - imagemagick <postponed> (Minor issue, DoS) NOTE: https://github.com/ImageMagick/ImageMagick/issues/4626 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c10351c16b8d2cabd11d2627a02de522570f6ceb CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plu ...) @@ -34516,11 +34517,13 @@ CVE-2021-41737 - faust <unfixed> [bullseye] - faust <no-dsa> (Minor issue) [buster] - faust <no-dsa> (Minor issue) + [stretch] - faust <postponed> (Minor issue, no patch/acknowledgment yet) NOTE: https://github.com/grame-cncm/faust/issues/653 CVE-2021-41736 (Faust v2.35.0 was discovered to contain a heap-buffer overflow in the ...) - faust <unfixed> [bullseye] - faust <no-dsa> (Minor issue) [buster] - faust <no-dsa> (Minor issue) + [stretch] - faust <postponed> (Minor issue, no patch/acknowledgment yet) NOTE: https://github.com/grame-cncm/faust/issues/653 CVE-2021-41735 RESERVED @@ -79897,10 +79900,12 @@ CVE-2021-23556 (The package guake before 3.8.5 are vulnerable to Exposed Dangero - guake 3.8.5-1 [bullseye] - guake <no-dsa> (Minor issue) [buster] - guake <no-dsa> (Minor issue) + [stretch] - guake <postponed> (Minor issue, unclear crossed security boundaries, no final fix yet) NOTE: https://github.com/Guake/guake/commit/b769b3a5fd71a107c58679d217cccc971b4196b4 (3.8.2) NOTE: https://github.com/Guake/guake/issues/1796 NOTE: https://github.com/Guake/guake/pull/2017 NOTE: https://snyk.io/vuln/SNYK-PYTHON-GUAKE-2386334 + NOTE: Regression/reversion: https://github.com/Guake/guake/issues/2042 CVE-2021-23555 (The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via dire ...) NOT-FOR-US: Node vm2 CVE-2021-23554 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c6872d22db04f7d6f2deb12e09040f1babb77c5...df3303798ba2f8fd951c082cdbb8f2b12d844f12 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c6872d22db04f7d6f2deb12e09040f1babb77c5...df3303798ba2f8fd951c082cdbb8f2b12d844f12 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits