Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: e869f06a by Moritz Muehlenhoff at 2021-02-04T13:58:23+01:00 mark some linux issues as <postponed> for buster podofo unimportant add openwall refs for nim issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -52641,14 +52641,17 @@ CVE-2020-15694 (In Nim 1.2.4, the standard library httpClient fails to properly - nim 1.2.6-1 [buster] - nim <no-dsa> (Minor issue) [stretch] - nim <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/2 CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF ...) - nim 1.2.6-1 [buster] - nim <no-dsa> (Minor issue) [stretch] - nim <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/2 CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL argumen ...) - nim 1.2.6-1 [buster] - nim <no-dsa> (Minor issue) [stretch] - nim <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/1 CVE-2020-15691 RESERVED CVE-2020-15690 (In Nim before 1.2.6, the standard library asyncftpclient lacks a check ...) @@ -104168,6 +104171,8 @@ CVE-2019-16061 (A number of files on the NETSAS Enigma NMS server 65.0.0 and pri NOT-FOR-US: NETSAS Enigma NMS CVE-2019-16089 (An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_s ...) - linux <unfixed> + [bullseye] - linux <postponed> (Minor issue, revisit when fixed upstream) + [buster] - linux <postponed> (Minor issue, revisit when fixed upstream) [stretch] - linux <not-affected> (Vulnerable code not present) [jessie] - linux <not-affected> (Vulnerable code not present) CVE-2019-16060 (The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist ...) @@ -106656,6 +106661,7 @@ CVE-2019-15214 (An issue was discovered in the Linux kernel before 5.0.10. There [stretch] - linux 4.9.184-1 CVE-2019-15213 (An issue was discovered in the Linux kernel before 5.2.3. There is a u ...) - linux <unfixed> + [bullseye] - linux <postponed> (Revisit when correctly fixed upstream) [stretch] - linux <not-affected> (Vulnerable code introduced later) [jessie] - linux <not-affected> (Vulnerable code introduced later) CVE-2019-15212 (An issue was discovered in the Linux kernel before 5.1.8. There is a d ...) @@ -126716,11 +126722,9 @@ CVE-2019-9210 (In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an int NOTE: https://sourceforge.net/p/advancemame/bugs/277/ NOTE: Fixed by https://github.com/amadvance/advancecomp/commit/fcf71a89265c78fc26243574dda3a872574a5c02 CVE-2018-20797 (An issue was discovered in PoDoFo 0.9.6. There is an attempted excessi ...) - - libpodofo <unfixed> (low; bug #923415) - [buster] - libpodofo <no-dsa> (Minor issue) - [stretch] - libpodofo <no-dsa> (Minor issue) - [jessie] - libpodofo <no-dsa> (Minor issue) + - libpodofo <unfixed> (unimportant; bug #923415) NOTE: https://sourceforge.net/p/podofo/tickets/34/ + NOTE: Negligible security impact CVE-2019-9209 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and rel ...) {DSA-4416-1 DLA-1729-1} - wireshark 2.6.7-1 (bug #923611) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e869f06a6f8295a8f44a9238119916f8faabdc28 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e869f06a6f8295a8f44a9238119916f8faabdc28 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits