Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4b2e5605 by Chris Lamb at 2021-02-17T10:23:27+00:00 data/dla-needed.txt: Triage openssl and openssl1.0 for stretch LTS (CVE-2021-23840). - - - - - 13cb3fea by Chris Lamb at 2021-02-17T10:23:29+00:00 Triage CVE-2021-27211 in steghide for stretch LTS. - - - - - 53f5c9e0 by Chris Lamb at 2021-02-17T10:23:30+00:00 Triage CVE-2021-26933 in xen for stretch LTS. - - - - - 88c2e002 by Chris Lamb at 2021-02-17T10:23:32+00:00 Triage CVE-2021-21702 for php7.0 in stretch LTS. - - - - - 0269b4c6 by Chris Lamb at 2021-02-17T10:23:32+00:00 data/dla-needed.txt: Triage guacamole-server for stretch LTS (CVE-2020-11997). - - - - - 63a868aa by Chris Lamb at 2021-02-17T10:23:32+00:00 data/dla-needed.txt: Triage golang-1.7 and golang-1.8 for stretch LTS (CVE-2021-3114 CVE-2021-3115). - - - - - e504c4f1 by Chris Lamb at 2021-02-17T10:23:32+00:00 data/dla-needed.txt: Triage python3.5 for stretch LTS (CVE-2021-23336). - - - - - 0862eda1 by Chris Lamb at 2021-02-17T10:23:32+00:00 data/dla-needed.txt: Claim mumble. - - - - - 8a888e0a by Chris Lamb at 2021-02-17T10:23:32+00:00 data/dla-needed.txt: Claim openssl and openssl1.0. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -302,6 +302,7 @@ CVE-2021-27212 (In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an asse CVE-2021-27211 (steghide 0.5.1 relies on a certain 32-bit seed value, which makes it e ...) - steghide <unfixed> [buster] - steghide <no-dsa> (Minor issue) + [stretch] - steghide <postponed> (Minor issue; can be fixed in next DLA) NOTE: https://github.com/b4shfire/stegcrack CVE-2021-27210 (TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retri ...) NOT-FOR-US: TP-Link @@ -908,6 +909,7 @@ CVE-2021-26934 (An issue was discovered in the Linux kernel 4.18 through 5.10.16 NOTE: update SUPPORT.md to explicitly document the fact. CVE-2021-26933 (An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is ...) - xen <unfixed> + [stretch] - xen <end-of-life> (not supported; see https://gitlab.com/freexian-lts/debian-lts/-/commit/1b701a243a893d6cce6e59778b525407d560ab91) NOTE: https://xenbits.xen.org/xsa/advisory-364.html CVE-2021-26932 (An issue was discovered in the Linux kernel 3.2 through 5.10.16, as us ...) - linux <unfixed> @@ -12595,6 +12597,7 @@ CVE-2021-21702 (In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x - php7.4 7.4.15-1 - php7.3 <removed> - php7.0 <removed> + [stretch] - php7.0 <postponed> (Relatively minor issue, can be fixed with next update) NOTE: Fixed in PHP 8.0.2, 7.4.15, 7.3.27 NOTE: PHP Bug: https://bugs.php.net/80672 CVE-2021-21701 ===================================== data/dla-needed.txt ===================================== @@ -46,8 +46,15 @@ dnsmasq (Utkarsh) firmware-nonfree NOTE: 20201207: wait for the update in buster and backport that (Emilio) -- +golang-1.7 +-- +golang-1.8 +-- golang-github-appc-cni (Thorsten Alteholz) -- +guacamole-server + NOTE: 20210217: Note may affect guacamole-client too (see note on security tracker). (lamby) +-- libebml (Thorsten Alteholz) -- libzstd (Utkarsh) @@ -56,7 +63,7 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- -mumble +mumble (Chris Lamb) -- opendmarc NOTE: 20200719: no patches for remaining CVEs available, everything else is already done in Stretch (thorsten) @@ -67,6 +74,10 @@ openldap (Uktarsh) NOTE: 20210215: update ready at https://salsa.debian.org/openldap-team/openldap/-/commits/stretch. NOTE: 20210215: waiting to see if anything else comes up. (utkarsh) -- +openssl (Chris Lamb) +-- +openssl1.0 (Chris Lamb) +-- openvswitch (Thorsten Alteholz) -- php-horde-text-filter (Sylvain Beucler) @@ -79,6 +90,9 @@ php-pear -- python-pysaml2 (Abhijith PA) -- +python3.5 + NOTE: 20210217: Fairly invasive change, changing/augmenting API of standard library. (lamby) +-- ruby-actionpack-page-caching NOTE: 20200819: Upstream's patch on does not apply due to subsequent NOTE: 20200819: refactoring. However, a quick look at the private View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9e8e784d4d8cff3c426da6dd01a2d541630bef11...8a888e0a88cdfe4a5cd4c4d5064ac99604671414 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9e8e784d4d8cff3c426da6dd01a2d541630bef11...8a888e0a88cdfe4a5cd4c4d5064ac99604671414 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits