bullseye triage

Moritz Muehlenhoff (@jmm) Mon, 03 Jan 2022 02:50:39 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a683fc19 by Moritz Muehlenhoff at 2022-01-03T11:44:28+01:00
buster/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -307,6 +307,8 @@ CVE-2021-45919
        RESERVED
 CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows 
denial of  ...)
        - wireshark <unfixed>
+       [bullseye] - wireshark <no-dsa> (Minor issue)
+       [buster] - wireshark <no-dsa> (Minor issue)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811
 CVE-2021-4189 [ftplib should not use the host from the PASV response]
@@ -546,26 +548,38 @@ CVE-2021-45885 (An issue was discovered in Stormshield 
Network Security (SNS) 4.
        NOT-FOR-US: Stormshield Network Security (SNS)
 CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 
allows den ...)
        - wireshark 3.6.0-1
+       [bullseye] - wireshark <no-dsa> (Minor issue)
+       [buster] - wireshark <no-dsa> (Minor issue)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2021-16.html
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17737
 CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 
3.4.0 to 3 ...)
        - wireshark <unfixed>
+       [bullseye] - wireshark <no-dsa> (Minor issue)
+       [buster] - wireshark <no-dsa> (Minor issue)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2021-17.html
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17745
 CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark 
3.6.0 and 3 ...)
        - wireshark <unfixed>
+       [bullseye] - wireshark <no-dsa> (Minor issue)
+       [buster] - wireshark <no-dsa> (Minor issue)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2021-18.html
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17754
 CVE-2021-4183 (Crash in the pcapng file parser in Wireshark 3.6.0 allows 
denial of se ...)
        - wireshark <unfixed>
+       [bullseye] - wireshark <no-dsa> (Minor issue)
+       [buster] - wireshark <no-dsa> (Minor issue)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2021-19.html
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17755
 CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 
3.4.10 ...)
        - wireshark <unfixed>
+       [bullseye] - wireshark <no-dsa> (Minor issue)
+       [buster] - wireshark <no-dsa> (Minor issue)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2021-20.html
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17801
 CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 
3.4.0 to 3. ...)
        - wireshark <unfixed>
+       [bullseye] - wireshark <no-dsa> (Minor issue)
+       [buster] - wireshark <no-dsa> (Minor issue)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2021-21.html
        NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/5429
 CVE-2021-45884 (In Brave Desktop 1.17 through 1.33 before 1.33.106, when 
CNAME-based a ...)
@@ -1511,6 +1525,8 @@ CVE-2021-45464
        RESERVED
 CVE-2021-45463 (GEGL before 0.4.34, as used (for example) in GIMP before 
2.10.30, allo ...)
        - gegl 1:0.4.34-1 (bug #1002661)
+       [bullseye] - gegl <no-dsa> (Minor issue)
+       [buster] - gegl <no-dsa> (Minor issue)
        [stretch] - gegl <no-dsa> (Minor issue; can be fixed later)
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b
 (GEGL_0_4_34)
        NOTE: Followup: 
https://gitlab.gnome.org/GNOME/gegl/-/commit/2172cf7e8d7e8891ae2053d6eef213d5bef939cb
 (GEGL_0_4_34)


=====================================
data/dsa-needed.txt
=====================================
@@ -27,6 +27,8 @@ condor
 --
 faad2/oldstable (jmm)
 --
+ghostscript
+--
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v4.19.y versions.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a683fc19f56af499938ee5f02a09f9e872676cf4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a683fc19f56af499938ee5f02a09f9e872676cf4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Reply via email to