Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
acfa7990 by Thorsten Alteholz at 2021-08-30T00:22:24+02:00
mark CVE-2021-32740 as no-dsa for Stretch
- - - - -
5671cdcf by Thorsten Alteholz at 2021-08-30T00:23:55+02:00
add qtbase-opensource-src
- - - - -
d8af21e9 by Thorsten Alteholz at 2021-08-30T00:27:38+02:00
add pywps
- - - - -
385bd4ef by Thorsten Alteholz at 2021-08-30T00:29:53+02:00
add plib
- - - - -
f7cc032b by Thorsten Alteholz at 2021-08-30T00:31:15+02:00
mark two CVEs of pluxml as no-dsa for Stretch
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3403,8 +3403,10 @@ CVE-2021-38604 (In librt in the GNU C Library (aka
glibc) through 2.34, sysdeps/
NOTE:
https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8
CVE-2021-38603 (PluXML 5.8.7 allows core/admin/profil.php stored XSS via the
Informati ...)
- pluxml <unfixed>
+ [stretch] - pluxml <no-dsa> (Minor issue)
CVE-2021-38602 (PluXML 5.8.7 allows Article Editing stored XSS via Headline or
Content ...)
- pluxml <unfixed>
+ [stretch] - pluxml <no-dsa> (Minor issue)
CVE-2021-38601
RESERVED
CVE-2021-38600
@@ -16974,6 +16976,7 @@ CVE-2021-32741 (Nextcloud Server is a Nextcloud package
that handles data storag
- nextcloud-server <itp> (bug #941708)
CVE-2021-32740 (Addressable is an alternative implementation to the URI
implementation ...)
- ruby-addressable 2.7.0-2 (bug #990791)
+ [stretch] - ruby-addressable <no-dsa> (Minor issue)
NOTE:
https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g
NOTE:
https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76
CVE-2021-32739 (Icinga is a monitoring system which checks the availability of
network ...)
=====================================
data/dla-needed.txt
=====================================
@@ -59,13 +59,20 @@ openssl (Thorsten Alteholz)
--
openssl1.0 (Thorsten Alteholz)
--
+plib
+ NOTE: 20210829: no fix yet
+--
python-babel
NOTE: 20210617: CVE-2021-20095 withdrawn, cf. 251b6e33 and #987824 (abhijith)
NOTE: 20210620: http://people.debian.org/~abhijith/backport_of_3a700b5.patch
(abhijith)
NOTE: 20210620: Revisit when it has an assigned CVE ID (abhijith)
--
+pywps
+--
qemu (Markus Koschany)
--
+qtbase-opensource-src
+--
ruby-kaminari
NOTE: 20200819: The source in Debian (at least in LTS) appears to have a
different lineage to
NOTE: 20200819: the one upstream or in its many forks. For example, both dthe
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b40db75908ece32c8416ada8e6d09f3d0e4fba96...f7cc032b557afe07ca941d021729127f99174a24
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b40db75908ece32c8416ada8e6d09f3d0e4fba96...f7cc032b557afe07ca941d021729127f99174a24
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
