Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1f0457df by Moritz Muehlenhoff at 2021-07-05T22:34:06+02:00 buster triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -10777,6 +10777,7 @@ CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/no NOTE: https://lore.kernel.org/lkml/20210322114730.71103-1-yuch...@huawei.com/ CVE-2021-34557 (XScreenSaver 5.45 can be bypassed if the machine has more than ten dis ...) - xscreensaver 5.45+dfsg1-2 (bug #989508) + [buster] - xscreensaver <no-dsa> (Minor issue) [stretch] - xscreensaver <postponed> (Minor issue, fix along with next dla) NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/1 NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/2 @@ -23727,24 +23728,29 @@ CVE-2021-26200 (The user area for Library System 1.0 is vulnerable to SQL inject NOT-FOR-US: Library System CVE-2021-26199 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4056 CVE-2021-26198 (An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_ ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4402 CVE-2021-26197 (An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_ ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4403 CVE-2021-26196 RESERVED CVE-2021-26195 (An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-o ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4442 CVE-2021-26194 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4445 CVE-2021-26193 @@ -60926,18 +60932,28 @@ CVE-2020-23324 RESERVED CVE-2020-23323 (There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3871 CVE-2020-23322 (There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRAC ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3869 CVE-2020-23321 (There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_ ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3870 CVE-2020-23320 (There is an Assertion in 'context_p->next_scanner_info_p->type = ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3835 CVE-2020-23319 (There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) > ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3834 CVE-2020-23318 RESERVED @@ -60949,29 +60965,45 @@ CVE-2020-23315 RESERVED CVE-2020-23314 (There is an Assertion 'block_found' failed at js-parser-statm.c:2003 p ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3825 CVE-2020-23313 (There is an Assertion 'scope_stack_p > context_p->scope_stack_p' ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3823 CVE-2020-23312 (There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCC ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3824 CVE-2020-23311 (There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE | ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3822 CVE-2020-23310 (There is an Assertion 'context_p->next_scanner_info_p->type == S ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3821 CVE-2020-23309 (There is an Assertion 'context_p->stack_depth == context_p->cont ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3820 CVE-2020-23308 (There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSI ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3819 CVE-2020-23307 RESERVED CVE-2020-23306 (There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_m ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3753 CVE-2020-23305 RESERVED @@ -60979,9 +61011,13 @@ CVE-2020-23304 RESERVED CVE-2020-23303 (There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_co ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3749 CVE-2020-23302 (There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_re ...) - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3748 CVE-2020-23301 RESERVED @@ -81922,9 +81958,11 @@ CVE-2020-13951 (Attackers can use public NetTest web service of Apache OpenMeeti CVE-2020-13950 (Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be mad ...) [experimental] - apache2 2.4.48-1 - apache2 2.4.46-6 + [buster] - apache2 <not-affected> (Vulnerable code not present) + [stretch] - apache2 <not-affected> (Vulnerable code not present) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13950 NOTE: Fixed by: https://svn.apache.org/r1678771 - TODO: check why this only a problem starting in 2.4.41 + NOTE: Introduced by: https://svn.apache.org/r1656259 CVE-2020-13949 (In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send sho ...) - thrift <unfixed> (bug #988949) [bullseye] - thrift <no-dsa> (Minor issue) @@ -116379,6 +116417,7 @@ CVE-2020-1696 (A flaw was found in the all pki-core 10.x.x versions, where Token CVE-2020-1695 (A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final ...) - resteasy <undetermined> - resteasy3.0 3.0.26-2 + [buster] - resteasy3.0 <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1730462 NOTE: https://github.com/resteasy/Resteasy/commit/acf15f2a8067f7e4cf5838342cecfa0b78a174fb CVE-2020-1694 (A flaw was found in all versions of Keycloak before 10.0.0, where the ...) @@ -177051,6 +177090,7 @@ CVE-2019-0211 (In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM eve CVE-2019-0210 (In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJS ...) [experimental] - thrift 0.13.0-1 - thrift 0.13.0-2 + [buster] - thrift <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2019/10/17/2 NOTE: https://github.com/apache/thrift/commit/264a3f318ed3e9e51573f67f963c8509786bcec2 CVE-2019-0209 @@ -177064,6 +177104,7 @@ CVE-2019-0206 CVE-2019-0205 (In Apache Thrift all versions up to and including 0.12.0, a server or ...) [experimental] - thrift 0.13.0-1 - thrift 0.13.0-2 + [buster] - thrift <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2019/10/17/1 CVE-2019-0204 (A specifically crafted Docker image running under the root user can ov ...) - apache-mesos <itp> (bug #760315) ===================================== data/dsa-needed.txt ===================================== @@ -31,11 +31,13 @@ ndpi -- jetty9 -- +puppetdb (jmm) +-- python-pysaml2 (jmm) -- runc -- salt -- -trafficserver +trafficserver (jmm) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f0457df760981ff71d893c0bbeed1202ee919ac -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f0457df760981ff71d893c0bbeed1202ee919ac You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits