Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c72c97f8 by Moritz Muehlenhoff at 2021-11-22T12:02:05+01:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2065,6 +2065,8 @@ CVE-2021-3957 (kimai2 is vulnerable to Cross-Site Request
Forgery (CSRF) ...)
NOT-FOR-US: kimai2
CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds
with an i ...)
- npm <unfixed>
+ [bullseye] - npm <no-dsa> (Minor issue)
+ [buster] - npm <no-dsa> (Minor issue)
NOTE: https://github.com/npm/cli/issues/2701
CVE-2021-43615
RESERVED
@@ -4158,6 +4160,8 @@ CVE-2021-43175
RESERVED
CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification
of Obj ...)
- node-json-schema 0.4.0+~7.0.9-1 (bug #999765)
+ [bullseye] - node-json-schema <no-dsa> (Minor issue)
+ [buster] - node-json-schema <no-dsa> (Minor issue)
NOTE:
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
(v0.4.0)
CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including
0.10.1, suppo ...)
- routinator <itp> (bug #929024)
@@ -5190,6 +5194,8 @@ CVE-2020-36490 (DedeCMS v7.5 SP2 was discovered to
contain multiple cross-site s
NOT-FOR-US: DedeCMS
CVE-2021-XXXX [RUSTSEC-2020-0159: Potential segfault in localtime_r
invocations]
- rust-chrono <unfixed> (bug #996913)
+ [bullseye] - rust-chrono <no-dsa> (Minor issue)
+ [buster] - rust-chrono <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0159.html
NOTE: https://github.com/chronotope/chrono/issues/499
CVE-2021-42742
@@ -28404,6 +28410,7 @@ CVE-2021-33516 (An issue was discovered in GUPnP before
1.0.7 and 1.1.x and 1.2.
NOTE:
https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac
(master)
CVE-2021-33515 (The submission service in Dovecot before 2.3.15 allows
STARTTLS comman ...)
- dovecot 1:2.3.13+dfsg1-2 (bug #990566)
+ [bullseye] - dovecot <postponed> (Minor issue, fix along with next
update)
[buster] - dovecot <postponed> (Minor issue, fix along with next update)
[stretch] - dovecot <not-affected> (Vulnerable code
(smtp_server_command queue) introduced later)
NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html
@@ -83872,9 +83879,13 @@ CVE-2020-23905
RESERVED
CVE-2020-23904 (A stack buffer overflow in speexenc.c of Speex v1.2 allows
attackers t ...)
- speex <unfixed>
+ [bullseye] - speex <no-dsa> (Minor issue)
+ [buster] - speex <no-dsa> (Minor issue)
NOTE: https://github.com/xiph/speex/issues/14
CVE-2020-23903 (A Divide by Zero vulnerability in the function static int
read_samples ...)
- speex <unfixed>
+ [bullseye] - speex <no-dsa> (Minor issue)
+ [buster] - speex <no-dsa> (Minor issue)
NOTE: https://github.com/xiph/speex/issues/13
CVE-2020-23902 (A buffer overflow in WildBit Viewer v6.6 allows attackers to
cause a d ...)
NOT-FOR-US: WildBit Viewer
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c72c97f8af266b80bb36db2848903881fd1f894d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c72c97f8af266b80bb36db2848903881fd1f894d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
