Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9492244e by Utkarsh Gupta at 2021-04-05T05:59:43+05:30
Triage python-bleach for stretch
- - - - -
5dfe3191 by Utkarsh Gupta at 2021-04-05T06:00:23+05:30
Mark CVE-2021-XXXX/plinth as no-dsa for stretch
- - - - -
621a79ca by Utkarsh Gupta at 2021-04-05T06:01:30+05:30
Mark CVE-2021-29424/libnet-netmask-perl as no-dsa for stretch
- - - - -
4773d226 by Utkarsh Gupta at 2021-04-05T06:04:58+05:30
Mark several openexr issues as no-dsa; follow buster triage
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1037,18 +1037,21 @@ CVE-2021-3480
CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in
versions bef ...)
- openexr <unfixed>
[buster] - openexr <no-dsa> (Minor issue)
+ [stretch] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/830
CVE-2021-3478 (There's a flaw in OpenEXR's scanline input file functionality
in versi ...)
- openexr <unfixed>
[buster] - openexr <no-dsa> (Minor issue)
+ [stretch] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939160
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/bc88cdb6c97fbf5bc5d11ad8ca55306da931283a
CVE-2021-3477 (There's a flaw in OpenEXR's deep tile sample size calculations
in vers ...)
- openexr <unfixed>
[buster] - openexr <no-dsa> (Minor issue)
+ [stretch] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939159
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1
@@ -1497,11 +1500,13 @@ CVE-2021-29425
CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality
in versi ...)
- openexr <unfixed>
[buster] - openexr <no-dsa> (Minor issue)
+ [stretch] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9
CVE-2021-3475 (There is a flaw in OpenEXR in versions before 3.0.0-beta. An
attacker ...)
- openexr <unfixed>
[buster] - openexr <no-dsa> (Minor issue)
+ [stretch] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753
CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A
crafted inp ...)
@@ -1515,6 +1520,7 @@ CVE-2021-29662 (The Data::Validate::IP module through
0.29 for Perl does not pro
CVE-2021-29424 (The Net::Netmask module before 2.0000 for Perl does not
properly consi ...)
- libnet-netmask-perl <unfixed> (bug #986135)
[buster] - libnet-netmask-perl <no-dsa> (Minor issue)
+ [stretch] - libnet-netmask-perl <no-dsa> (Minor issue)
NOTE:
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
NOTE: https://metacpan.org/changes/distribution/Net-Netmask#L11-22
NOTE:
https://github.com/jmaslak/Net-Netmask/commit/9023b403682f1eaadadf6cb71ba0117a1fa4f163
@@ -1836,6 +1842,7 @@ CVE-2021-XXXX [first_boot: Use session to verify first
boot welcome step]
- freedombox 21.4.2
- plinth <removed>
[buster] - plinth <no-dsa> (Minor issue)
+ [stretch] - plinth <no-dsa> (Minor issue)
NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/2074
(not yet public)
NOTE:
https://salsa.debian.org/freedombox-team/freedombox/-/commit/f2005f56aa44d15c0fb82c5211c548a575961b03
CVE-2021-29273
@@ -23596,6 +23603,7 @@ CVE-2021-20297 [Setting match.path and activating a
profiles crashes NetworkMana
CVE-2021-20296 (A flaw was found in OpenEXR in versions before 3.0.0-beta. A
crafted i ...)
- openexr <unfixed>
[buster] - openexr <no-dsa> (Minor issue)
+ [stretch] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a
CVE-2021-20295 [Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red
Hat Enterprise Linux 8.3]
=====================================
data/dla-needed.txt
=====================================
@@ -98,6 +98,8 @@ python3.5 (Anton Gladky)
NOTE: 20210320: https://salsa.debian.org/lts-team/packages/python3.5 (gladk)
NOTE: 20210404: Almost ready for upload (gladk)
--
+python-bleach
+--
qemu (Markus Koschany)
--
ruby-actionpack-page-caching
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0d426f85caaad5728761ad3fc1d65f965cccba26...4773d22653505bc704be78b018c2070ca7d12952
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0d426f85caaad5728761ad3fc1d65f965cccba26...4773d22653505bc704be78b018c2070ca7d12952
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
