Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 324b1102 by Moritz Muehlenhoff at 2021-07-06T12:58:03+02:00 buster triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -242,6 +242,7 @@ CVE-2020-36402 (Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CH NOT-FOR-US: Solidity CVE-2020-36401 (mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_f ...) - mruby <unfixed> (bug #990540) + [buster] - mruby <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml NOTE: https://github.com/mruby/mruby/commit/97319697c8f9f6ff27b32589947e1918e3015503 @@ -3312,6 +3313,8 @@ CVE-2021-3598 RESERVED {DLA-2701-1} - openexr <unfixed> (bug #990450) + [bullseye] - openexr <no-dsa> (Minor issue) + [buster] - openexr <no-dsa> (Minor issue) NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1033 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1037 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/566f5241edd87445373885d5f7a904dc81e866c1 @@ -5973,6 +5976,7 @@ CVE-2021-33516 (An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2. NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac (master) CVE-2021-33515 (The submission service in Dovecot before 2.3.15 allows STARTTLS comman ...) - dovecot <unfixed> (bug #990566) + [buster] - dovecot <postponed> (Minor issue, fix along with next update) [stretch] - dovecot <not-affected> (Vulnerable code (smtp_server_command queue) introduced later) NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/2 @@ -10747,6 +10751,8 @@ CVE-2021-26945 (An integer overflow leading to a heap-buffer overflow was found CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found in the ...) {DLA-2701-1} - openexr <unfixed> + [bullseye] - openexr <no-dsa> (Minor issue) + [buster] - openexr <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947582 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29423 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/894 @@ -10754,6 +10760,8 @@ CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was found in the ...) {DLA-2701-1} - openexr <unfixed> + [bullseye] - openexr <no-dsa> (Minor issue) + [buster] - openexr <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947586 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29653 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/901 @@ -16803,6 +16811,7 @@ CVE-2021-29064 RESERVED CVE-2021-29063 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) - mpmath <unfixed> (bug #990576) + [buster] - mpmath <no-dsa> (Minor issue) [stretch] - mpmath <no-dsa> (Minor issue) NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md NOTE: https://github.com/fredrik-johansson/mpmath/issues/548 @@ -16814,6 +16823,7 @@ CVE-2021-29061 (A Regular Expression Denial of Service (ReDOS) vulnerability was NOT-FOR-US: Vfsjfilechooser2 CVE-2021-29060 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) - node-color-string 1.5.4-2 + [buster] - node-color-string <no-dsa> (Minor issue) NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md NOTE: https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3 CVE-2021-29059 (A vulnerability was discovered in IS-SVG version 4.3.1 and below where ...) @@ -24001,6 +24011,7 @@ CVE-2021-26118 (While investigating ARTEMIS-2964 it was found that the creation CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to use anony ...) {DLA-2583-1} - activemq 5.16.1-1 (bug #982590) + [buster] - activemq <no-dsa> (Minor issue) NOTE: https://issues.apache.org/jira/browse/AMQ-8035 NOTE: https://www.openwall.com/lists/oss-security/2021/01/27/6 NOTE: https://gitbox.apache.org/repos/asf?p=activemq.git;h=c9f68f4c64b2687eee283b95538753665d2b229b @@ -48819,6 +48830,7 @@ CVE-2020-28201 RESERVED CVE-2020-28200 (The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource ...) - dovecot <unfixed> (bug #990566) + [buster] - dovecot <postponed> (Minor issue, fix along with next update) [stretch] - dovecot <no-dsa> (Minor issue) NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/324b1102670203f17c0d5b93084f19424fa396ce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/324b1102670203f17c0d5b93084f19424fa396ce You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits