Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: c72c97f8 by Moritz Muehlenhoff at 2021-11-22T12:02:05+01:00 buster/bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2065,6 +2065,8 @@ CVE-2021-3957 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: kimai2 CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ...) - npm <unfixed> + [bullseye] - npm <no-dsa> (Minor issue) + [buster] - npm <no-dsa> (Minor issue) NOTE: https://github.com/npm/cli/issues/2701 CVE-2021-43615 RESERVED @@ -4158,6 +4160,8 @@ CVE-2021-43175 RESERVED CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification of Obj ...) - node-json-schema 0.4.0+~7.0.9-1 (bug #999765) + [bullseye] - node-json-schema <no-dsa> (Minor issue) + [buster] - node-json-schema <no-dsa> (Minor issue) NOTE: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 (v0.4.0) CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, suppo ...) - routinator <itp> (bug #929024) @@ -5190,6 +5194,8 @@ CVE-2020-36490 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site s NOT-FOR-US: DedeCMS CVE-2021-XXXX [RUSTSEC-2020-0159: Potential segfault in localtime_r invocations] - rust-chrono <unfixed> (bug #996913) + [bullseye] - rust-chrono <no-dsa> (Minor issue) + [buster] - rust-chrono <no-dsa> (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0159.html NOTE: https://github.com/chronotope/chrono/issues/499 CVE-2021-42742 @@ -28404,6 +28410,7 @@ CVE-2021-33516 (An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2. NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac (master) CVE-2021-33515 (The submission service in Dovecot before 2.3.15 allows STARTTLS comman ...) - dovecot 1:2.3.13+dfsg1-2 (bug #990566) + [bullseye] - dovecot <postponed> (Minor issue, fix along with next update) [buster] - dovecot <postponed> (Minor issue, fix along with next update) [stretch] - dovecot <not-affected> (Vulnerable code (smtp_server_command queue) introduced later) NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html @@ -83872,9 +83879,13 @@ CVE-2020-23905 RESERVED CVE-2020-23904 (A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers t ...) - speex <unfixed> + [bullseye] - speex <no-dsa> (Minor issue) + [buster] - speex <no-dsa> (Minor issue) NOTE: https://github.com/xiph/speex/issues/14 CVE-2020-23903 (A Divide by Zero vulnerability in the function static int read_samples ...) - speex <unfixed> + [bullseye] - speex <no-dsa> (Minor issue) + [buster] - speex <no-dsa> (Minor issue) NOTE: https://github.com/xiph/speex/issues/13 CVE-2020-23902 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...) NOT-FOR-US: WildBit Viewer View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c72c97f8af266b80bb36db2848903881fd1f894d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c72c97f8af266b80bb36db2848903881fd1f894d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits