Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
324b1102 by Moritz Muehlenhoff at 2021-07-06T12:58:03+02:00
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -242,6 +242,7 @@ CVE-2020-36402 (Solidity 0.7.5 has a stack-use-after-return
issue in smtutil::CH
NOT-FOR-US: Solidity
CVE-2020-36401 (mruby 2.1.2 has a double free in mrb_default_allocf (called
from mrb_f ...)
- mruby <unfixed> (bug #990540)
+ [buster] - mruby <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml
NOTE:
https://github.com/mruby/mruby/commit/97319697c8f9f6ff27b32589947e1918e3015503
@@ -3312,6 +3313,8 @@ CVE-2021-3598
RESERVED
{DLA-2701-1}
- openexr <unfixed> (bug #990450)
+ [bullseye] - openexr <no-dsa> (Minor issue)
+ [buster] - openexr <no-dsa> (Minor issue)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1033
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1037
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/566f5241edd87445373885d5f7a904dc81e866c1
@@ -5973,6 +5976,7 @@ CVE-2021-33516 (An issue was discovered in GUPnP before
1.0.7 and 1.1.x and 1.2.
NOTE:
https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac
(master)
CVE-2021-33515 (The submission service in Dovecot before 2.3.15 allows
STARTTLS comman ...)
- dovecot <unfixed> (bug #990566)
+ [buster] - dovecot <postponed> (Minor issue, fix along with next update)
[stretch] - dovecot <not-affected> (Vulnerable code
(smtp_server_command queue) introduced later)
NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html
NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/2
@@ -10747,6 +10751,8 @@ CVE-2021-26945 (An integer overflow leading to a
heap-buffer overflow was found
CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was
found in the ...)
{DLA-2701-1}
- openexr <unfixed>
+ [bullseye] - openexr <no-dsa> (Minor issue)
+ [buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947582
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29423
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/894
@@ -10754,6 +10760,8 @@ CVE-2021-26260 (An integer overflow leading to a
heap-buffer overflow was found
CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was
found in the ...)
{DLA-2701-1}
- openexr <unfixed>
+ [bullseye] - openexr <no-dsa> (Minor issue)
+ [buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947586
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29653
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/901
@@ -16803,6 +16811,7 @@ CVE-2021-29064
RESERVED
CVE-2021-29063 (A Regular Expression Denial of Service (ReDOS) vulnerability
was disco ...)
- mpmath <unfixed> (bug #990576)
+ [buster] - mpmath <no-dsa> (Minor issue)
[stretch] - mpmath <no-dsa> (Minor issue)
NOTE:
https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md
NOTE: https://github.com/fredrik-johansson/mpmath/issues/548
@@ -16814,6 +16823,7 @@ CVE-2021-29061 (A Regular Expression Denial of Service
(ReDOS) vulnerability was
NOT-FOR-US: Vfsjfilechooser2
CVE-2021-29060 (A Regular Expression Denial of Service (ReDOS) vulnerability
was disco ...)
- node-color-string 1.5.4-2
+ [buster] - node-color-string <no-dsa> (Minor issue)
NOTE:
https://github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md
NOTE:
https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3
CVE-2021-29059 (A vulnerability was discovered in IS-SVG version 4.3.1 and
below where ...)
@@ -24001,6 +24011,7 @@ CVE-2021-26118 (While investigating ARTEMIS-2964 it was
found that the creation
CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to
use anony ...)
{DLA-2583-1}
- activemq 5.16.1-1 (bug #982590)
+ [buster] - activemq <no-dsa> (Minor issue)
NOTE: https://issues.apache.org/jira/browse/AMQ-8035
NOTE: https://www.openwall.com/lists/oss-security/2021/01/27/6
NOTE:
https://gitbox.apache.org/repos/asf?p=activemq.git;h=c9f68f4c64b2687eee283b95538753665d2b229b
@@ -48819,6 +48830,7 @@ CVE-2020-28201
RESERVED
CVE-2020-28200 (The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled
Resource ...)
- dovecot <unfixed> (bug #990566)
+ [buster] - dovecot <postponed> (Minor issue, fix along with next update)
[stretch] - dovecot <no-dsa> (Minor issue)
NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html
NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/324b1102670203f17c0d5b93084f19424fa396ce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/324b1102670203f17c0d5b93084f19424fa396ce
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
