Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9492244e by Utkarsh Gupta at 2021-04-05T05:59:43+05:30 Triage python-bleach for stretch - - - - - 5dfe3191 by Utkarsh Gupta at 2021-04-05T06:00:23+05:30 Mark CVE-2021-XXXX/plinth as no-dsa for stretch - - - - - 621a79ca by Utkarsh Gupta at 2021-04-05T06:01:30+05:30 Mark CVE-2021-29424/libnet-netmask-perl as no-dsa for stretch - - - - - 4773d226 by Utkarsh Gupta at 2021-04-05T06:04:58+05:30 Mark several openexr issues as no-dsa; follow buster triage - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1037,18 +1037,21 @@ CVE-2021-3480 CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in versions bef ...) - openexr <unfixed> [buster] - openexr <no-dsa> (Minor issue) + [stretch] - openexr <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/830 CVE-2021-3478 (There's a flaw in OpenEXR's scanline input file functionality in versi ...) - openexr <unfixed> [buster] - openexr <no-dsa> (Minor issue) + [stretch] - openexr <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939160 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/bc88cdb6c97fbf5bc5d11ad8ca55306da931283a CVE-2021-3477 (There's a flaw in OpenEXR's deep tile sample size calculations in vers ...) - openexr <unfixed> [buster] - openexr <no-dsa> (Minor issue) + [stretch] - openexr <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939159 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1 @@ -1497,11 +1500,13 @@ CVE-2021-29425 CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality in versi ...) - openexr <unfixed> [buster] - openexr <no-dsa> (Minor issue) + [stretch] - openexr <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9 CVE-2021-3475 (There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker ...) - openexr <unfixed> [buster] - openexr <no-dsa> (Minor issue) + [stretch] - openexr <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753 CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted inp ...) @@ -1515,6 +1520,7 @@ CVE-2021-29662 (The Data::Validate::IP module through 0.29 for Perl does not pro CVE-2021-29424 (The Net::Netmask module before 2.0000 for Perl does not properly consi ...) - libnet-netmask-perl <unfixed> (bug #986135) [buster] - libnet-netmask-perl <no-dsa> (Minor issue) + [stretch] - libnet-netmask-perl <no-dsa> (Minor issue) NOTE: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ NOTE: https://metacpan.org/changes/distribution/Net-Netmask#L11-22 NOTE: https://github.com/jmaslak/Net-Netmask/commit/9023b403682f1eaadadf6cb71ba0117a1fa4f163 @@ -1836,6 +1842,7 @@ CVE-2021-XXXX [first_boot: Use session to verify first boot welcome step] - freedombox 21.4.2 - plinth <removed> [buster] - plinth <no-dsa> (Minor issue) + [stretch] - plinth <no-dsa> (Minor issue) NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/2074 (not yet public) NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/commit/f2005f56aa44d15c0fb82c5211c548a575961b03 CVE-2021-29273 @@ -23596,6 +23603,7 @@ CVE-2021-20297 [Setting match.path and activating a profiles crashes NetworkMana CVE-2021-20296 (A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted i ...) - openexr <unfixed> [buster] - openexr <no-dsa> (Minor issue) + [stretch] - openexr <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a CVE-2021-20295 [Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.3] ===================================== data/dla-needed.txt ===================================== @@ -98,6 +98,8 @@ python3.5 (Anton Gladky) NOTE: 20210320: https://salsa.debian.org/lts-team/packages/python3.5 (gladk) NOTE: 20210404: Almost ready for upload (gladk) -- +python-bleach +-- qemu (Markus Koschany) -- ruby-actionpack-page-caching View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0d426f85caaad5728761ad3fc1d65f965cccba26...4773d22653505bc704be78b018c2070ca7d12952 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0d426f85caaad5728761ad3fc1d65f965cccba26...4773d22653505bc704be78b018c2070ca7d12952 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits