Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e4218a6c by Thorsten Alteholz at 2021-08-29T23:30:50+02:00
mark CVE-2021-39272 as no-dsa for Stretch
- - - - -
e419aedf by Thorsten Alteholz at 2021-08-29T23:32:12+02:00
mark CVE-2021-38559 as no-dsa for Stretch
- - - - -
f2e56ad1 by Thorsten Alteholz at 2021-08-29T23:38:25+02:00
mark CVE-2021-32798 as no-dsa for Stretch
- - - - -
90290d61 by Thorsten Alteholz at 2021-08-29T23:40:42+02:00
follow sec team and mark several CVEs of libelfin as no-dsa
- - - - -
15d1e501 by Thorsten Alteholz at 2021-08-29T23:43:11+02:00
follow sec team and mark several CVEs of liblivemedia as ignored
- - - - -
6e9fb5d5 by Thorsten Alteholz at 2021-08-29T23:46:32+02:00
mark CVE-2020-21677 as no-dsa for Stretch
- - - - -
db1b1cf5 by Thorsten Alteholz at 2021-08-29T23:57:16+02:00
mark CVE-2021-32804 and CVE-2021-32803 as not-affected for Stretch
- - - - -
8f581df5 by Thorsten Alteholz at 2021-08-29T23:59:08+02:00
mark CVE-2021-3654 as no-dsa for Stretch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1916,10 +1916,12 @@ CVE-2021-39284
CVE-2021-39283 (liveMedia/FramedSource.cpp in Live555 through 1.08 allows an
assertion ...)
- liblivemedia <removed>
[buster] - liblivemedia <ignored> (Minor issue)
+ [stretch] - liblivemedia <ignored> (Minor issue)
NOTE:
http://lists.live555.com/pipermail/live-devel/2021-August/021969.html
CVE-2021-39282 (Live555 through 1.08 has a memory leak in AC3AudioStreamParser
for AC3 ...)
- liblivemedia <removed>
[buster] - liblivemedia <ignored> (Minor issue)
+ [stretch] - liblivemedia <ignored> (Minor issue)
NOTE:
http://lists.live555.com/pipermail/live-devel/2021-August/021970.html
CVE-2021-39281
RESERVED
@@ -1947,6 +1949,7 @@ CVE-2021-39272 [TLS bypass vulnerabilities ("NO
STARTTLS")]
- fetchmail <unfixed> (bug #993163)
[bullseye] - fetchmail <no-dsa> (Minor issue; safe recommendations
exists, implicit TLS, "ssl" mode exist)
[buster] - fetchmail <no-dsa> (Minor issue; safe recommendations
exists, implicit TLS, "ssl" mode exist)
+ [stretch] - fetchmail <no-dsa> (Minor issue; safe recommendations
exists, implicit TLS, "ssl" mode exist)
NOTE: https://www.fetchmail.info/fetchmail-SA-2021-02.txt
CVE-2021-39271
RESERVED
@@ -3516,6 +3519,7 @@ CVE-2021-38559 (DigitalDruid HotelDruid 3.0.2 has an XSS
vulnerability in prenot
- hoteldruid <unfixed>
[bullseye] - hoteldruid <no-dsa> (Minor issue)
[buster] - hoteldruid <no-dsa> (Minor issue)
+ [stretch] - hoteldruid <no-dsa> (Minor issue)
CVE-2021-38558
RESERVED
CVE-2021-38557 (raspap-webgui in RaspAP 2.6.6 allows attackers to execute
commands as ...)
@@ -7065,6 +7069,7 @@ CVE-2021-3654 [novnc allows open redirection]
- nova 2:23.0.2-3 (bug #991441)
[bullseye] - nova <no-dsa> (Minor issue)
[buster] - nova <no-dsa> (Minor issue)
+ [stretch] - nova <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/nova/+bug/1927677
CVE-2021-26263
RESERVED
@@ -16772,12 +16777,14 @@ CVE-2021-32804 (The npm package "tar" (aka node-tar)
before versions 6.1.1, 5.0.
- node-tar 6.1.7+~cs11.3.10-1 (bug #992111)
[bullseye] - node-tar <no-dsa> (Minor issue)
[buster] - node-tar <no-dsa> (Minor issue)
+ [stretch] - node-tar <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9
NOTE:
https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4
CVE-2021-32803 (The npm package "tar" (aka node-tar) before versions 6.1.2,
5.0.7, 4.4 ...)
- node-tar 6.1.7+~cs11.3.10-1 (bug #992110)
[bullseye] - node-tar <no-dsa> (Minor issue)
[buster] - node-tar <no-dsa> (Minor issue)
+ [stretch] - node-tar <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw
NOTE:
https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20
CVE-2021-32802
@@ -16792,6 +16799,7 @@ CVE-2021-32798 (The Jupyter notebook is a web-based
notebook environment for int
- jupyter-notebook <unfixed> (bug #992704)
[bullseye] - jupyter-notebook <no-dsa> (Minor issue)
[buster] - jupyter-notebook <no-dsa> (Minor issue)
+ [stretch] - jupyter-notebook <no-dsa> (Minor issue)
NOTE:
https://github.com/jupyter/notebook/security/advisories/GHSA-hwvq-6gjx-j797
NOTE:
https://github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5
CVE-2021-32797 (JupyterLab is a user interface for Project Jupyter which will
eventual ...)
@@ -67833,42 +67841,49 @@ CVE-2020-24827 (A vulnerability in the
dwarf::cursor::skip_form function of Libe
- libelfin <unfixed>
[bullseye] - libelfin <no-dsa> (Minor issue)
[buster] - libelfin <no-dsa> (Minor issue)
+ [stretch] - libelfin <no-dsa> (Minor issue)
NOTE: https://github.com/aclements/libelfin/issues/47
NOTE:
https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc181
CVE-2020-24826 (A vulnerability in the elf::section::as_strtab function of
Libelfin v0 ...)
- libelfin <unfixed>
[bullseye] - libelfin <no-dsa> (Minor issue)
[buster] - libelfin <no-dsa> (Minor issue)
+ [stretch] - libelfin <no-dsa> (Minor issue)
NOTE: https://github.com/aclements/libelfin/issues/49
NOTE:
https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-elfsectionas_strtab-at-elfelfcc284
CVE-2020-24825 (A vulnerability in the line_table::line_table function of
Libelfin v0. ...)
- libelfin <unfixed>
[bullseye] - libelfin <no-dsa> (Minor issue)
[buster] - libelfin <no-dsa> (Minor issue)
+ [stretch] - libelfin <no-dsa> (Minor issue)
NOTE: https://github.com/aclements/libelfin/issues/46
NOTE:
https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-line_tableline_table-at-dwarflinecc104
CVE-2020-24824 (A global buffer overflow issue in the
dwarf::line_table::line_table fu ...)
- libelfin <unfixed>
[bullseye] - libelfin <no-dsa> (Minor issue)
[buster] - libelfin <no-dsa> (Minor issue)
+ [stretch] - libelfin <no-dsa> (Minor issue)
NOTE: https://github.com/aclements/libelfin/issues/48
NOTE:
https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#global-buffer-overflow-in-function-dwarfline_tableline_table-at-dwarflinecc107
CVE-2020-24823 (A vulnerability in the dwarf::to_string function of Libelfin
v0.3 allo ...)
- libelfin <unfixed>
[bullseye] - libelfin <no-dsa> (Minor issue)
[buster] - libelfin <no-dsa> (Minor issue)
+ [stretch] - libelfin <no-dsa> (Minor issue)
NOTE: https://github.com/aclements/libelfin/issues/51
NOTE:
https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfto_string-at-dwarfvaluecc300
CVE-2020-24822 (A vulnerability in the dwarf::cursor::uleb function of
Libelfin v0.3 a ...)
- libelfin <unfixed>
[bullseye] - libelfin <no-dsa> (Minor issue)
[buster] - libelfin <no-dsa> (Minor issue)
+ [stretch] - libelfin <no-dsa> (Minor issue)
NOTE: https://github.com/aclements/libelfin/issues/50
NOTE:
https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursoruleb128-at-dwarfinternalhh154
CVE-2020-24821 (A vulnerability in the dwarf::cursor::skip_form function of
Libelfin v ...)
- libelfin <unfixed>
[bullseye] - libelfin <no-dsa> (Minor issue)
[buster] - libelfin <no-dsa> (Minor issue)
+ [stretch] - libelfin <no-dsa> (Minor issue)
NOTE: https://github.com/aclements/libelfin/issues/52
NOTE:
https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc191
CVE-2020-24820
@@ -74641,6 +74656,7 @@ CVE-2020-21678 (A global buffer overflow in the
genmp_writefontmacro_latex compo
CVE-2020-21677 (A heap-based buffer overflow in the
sixel_encoder_output_without_macro ...)
- libsixel 1.8.6-1
[buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/123
NOTE:
https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d
CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component
in genp ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/44a195a9d117d7013626f0d594a22d5e02d6bde6...8f581df5eb6b841801b57aa2d50c0d092117ca51
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/44a195a9d117d7013626f0d594a22d5e02d6bde6...8f581df5eb6b841801b57aa2d50c0d092117ca51
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
