Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e869f06a by Moritz Muehlenhoff at 2021-02-04T13:58:23+01:00
mark some linux issues as <postponed> for buster
podofo unimportant
add openwall refs for nim issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -52641,14 +52641,17 @@ CVE-2020-15694 (In Nim 1.2.4, the standard library
httpClient fails to properly
- nim 1.2.6-1
[buster] - nim <no-dsa> (Minor issue)
[stretch] - nim <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/2
CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to
a CR-LF ...)
- nim 1.2.6-1
[buster] - nim <no-dsa> (Minor issue)
[stretch] - nim <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/2
CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL
argumen ...)
- nim 1.2.6-1
[buster] - nim <no-dsa> (Minor issue)
[stretch] - nim <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/1
CVE-2020-15691
RESERVED
CVE-2020-15690 (In Nim before 1.2.6, the standard library asyncftpclient lacks
a check ...)
@@ -104168,6 +104171,8 @@ CVE-2019-16061 (A number of files on the NETSAS
Enigma NMS server 65.0.0 and pri
NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16089 (An issue was discovered in the Linux kernel through 5.2.13.
nbd_genl_s ...)
- linux <unfixed>
+ [bullseye] - linux <postponed> (Minor issue, revisit when fixed
upstream)
+ [buster] - linux <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-16060 (The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the
blacklist ...)
@@ -106656,6 +106661,7 @@ CVE-2019-15214 (An issue was discovered in the Linux
kernel before 5.0.10. There
[stretch] - linux 4.9.184-1
CVE-2019-15213 (An issue was discovered in the Linux kernel before 5.2.3.
There is a u ...)
- linux <unfixed>
+ [bullseye] - linux <postponed> (Revisit when correctly fixed upstream)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
CVE-2019-15212 (An issue was discovered in the Linux kernel before 5.1.8.
There is a d ...)
@@ -126716,11 +126722,9 @@ CVE-2019-9210 (In AdvanceCOMP 2.1, png_compress in
pngex.cc in advpng has an int
NOTE: https://sourceforge.net/p/advancemame/bugs/277/
NOTE: Fixed by
https://github.com/amadvance/advancecomp/commit/fcf71a89265c78fc26243574dda3a872574a5c02
CVE-2018-20797 (An issue was discovered in PoDoFo 0.9.6. There is an attempted
excessi ...)
- - libpodofo <unfixed> (low; bug #923415)
- [buster] - libpodofo <no-dsa> (Minor issue)
- [stretch] - libpodofo <no-dsa> (Minor issue)
- [jessie] - libpodofo <no-dsa> (Minor issue)
+ - libpodofo <unfixed> (unimportant; bug #923415)
NOTE: https://sourceforge.net/p/podofo/tickets/34/
+ NOTE: Negligible security impact
CVE-2019-9209 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER
and rel ...)
{DSA-4416-1 DLA-1729-1}
- wireshark 2.6.7-1 (bug #923611)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e869f06a6f8295a8f44a9238119916f8faabdc28
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e869f06a6f8295a8f44a9238119916f8faabdc28
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
