[Git][security-tracker-team/security-tracker][master] 36 commits: Track removal of janus from buster in 10.5

Salvatore Bonaccorso carnil at debian.org
Sat Aug 1 10:51:53 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
453c3f68 by Salvatore Bonaccorso at 2020-07-31T16:06:05+02:00
Track removal of janus from buster in 10.5

- - - - -
a091e1d5 by Salvatore Bonaccorso at 2020-07-31T16:13:10+02:00
Merge CVE fixes for linux in 10.5

- - - - -
e917d1eb by Salvatore Bonaccorso at 2020-07-31T16:14:11+02:00
Track node-handlebars fixes in 10.5

- - - - -
1cb31c58 by Salvatore Bonaccorso at 2020-07-31T16:16:07+02:00
Track nginx fixes in 10.5

- - - - -
496ca214 by Salvatore Bonaccorso at 2020-07-31T16:17:25+02:00
Track fixes for node-minimist in 10.5

- - - - -
7f057b66 by Salvatore Bonaccorso at 2020-07-31T16:18:58+02:00
Track fixes for zipios++ in 10.5

- - - - -
e0fad74e by Salvatore Bonaccorso at 2020-07-31T16:20:52+02:00
Track fixes for libyang in 10.5

- - - - -
4c8d897c by Salvatore Bonaccorso at 2020-07-31T16:25:10+02:00
Track fixes for libexif in 10.5

- - - - -
cc4d1c94 by Salvatore Bonaccorso at 2020-07-31T16:27:16+02:00
Track fixes for php-horde-gollem in 10.5

- - - - -
41c744e6 by Salvatore Bonaccorso at 2020-07-31T16:31:27+02:00
Track fixes for ssvnc in 10.5

- - - - -
4de748e4 by Salvatore Bonaccorso at 2020-07-31T16:34:25+02:00
Track fixes for php-horde in 10.5

- - - - -
29acaca7 by Salvatore Bonaccorso at 2020-07-31T16:41:07+02:00
Track fixes for freerdp2 in 10.5

- - - - -
82babf9f by Salvatore Bonaccorso at 2020-07-31T16:46:51+02:00
Track fixes for python-markdown2 in 10.5

- - - - -
30a86592 by Salvatore Bonaccorso at 2020-07-31T16:48:39+02:00
Track fixes for perl in 10.5

- - - - -
f23f5361 by Salvatore Bonaccorso at 2020-07-31T16:50:22+02:00
Track fixes for ruby-json in 10.5

- - - - -
d90f5dae by Salvatore Bonaccorso at 2020-07-31T16:51:54+02:00
Track fixes for dbus in 10.5

- - - - -
2aed149c by Salvatore Bonaccorso at 2020-07-31T16:54:04+02:00
Track fixes for libntlm in 10.5

- - - - -
3b5554b9 by Salvatore Bonaccorso at 2020-07-31T16:56:28+02:00
Track fixes for clamav in 10.5

- - - - -
af604ed1 by Salvatore Bonaccorso at 2020-07-31T16:59:34+02:00
Track fixes for exiv2 in 10.5

- - - - -
8daa6afe by Salvatore Bonaccorso at 2020-07-31T17:00:29+02:00
Track fixes for nfs-utils in 10.5

- - - - -
ee0c4060 by Salvatore Bonaccorso at 2020-07-31T17:02:48+02:00
Track fixes for nvidia-graphics-drivers{,-legacy-390xx} in 10.5

- - - - -
7057f076 by Salvatore Bonaccorso at 2020-07-31T17:05:23+02:00
Track fixes for cacti in 10.5

- - - - -
515e2a7c by Salvatore Bonaccorso at 2020-07-31T17:06:53+02:00
Track fixes for glib-networking in 10.5

- - - - -
69a50a6d by Salvatore Bonaccorso at 2020-07-31T17:09:29+02:00
Track fixes for mariadb-10.3 in 10.5

- - - - -
dd6ed602 by Salvatore Bonaccorso at 2020-07-31T17:11:21+02:00
Track fixes for file-roller in 10.5

- - - - -
930d09ff by Salvatore Bonaccorso at 2020-07-31T17:12:42+02:00
Track fixes for fwupd in 10.5

- - - - -
e6b17982 by Salvatore Bonaccorso at 2020-07-31T17:13:50+02:00
Track fixes for storebackup in 10.5

- - - - -
42730fd3 by Salvatore Bonaccorso at 2020-07-31T17:19:58+02:00
Track fixes for jackson-databind in 10.5

- - - - -
bf7101a8 by Salvatore Bonaccorso at 2020-07-31T17:21:17+02:00
Track fixes for batik in 10.5

- - - - -
bc068bd3 by Salvatore Bonaccorso at 2020-07-31T17:23:27+02:00
Track fixes for libpam-radius-auth in 10.5

- - - - -
53a3428a by Salvatore Bonaccorso at 2020-07-31T17:24:52+02:00
Track fixes for transmission in 10.5

- - - - -
819425ab by Salvatore Bonaccorso at 2020-07-31T17:26:29+02:00
Track fixes for ksh in 10.5

- - - - -
28408de2 by Salvatore Bonaccorso at 2020-07-31T17:28:08+02:00
Track fixes for pillow in 10.5

- - - - -
7d414c67 by Salvatore Bonaccorso at 2020-07-31T17:29:17+02:00
Track fixes for commons-configuration2

- - - - -
46ef4fee by Salvatore Bonaccorso at 2020-07-31T17:30:49+02:00
Track fixes for python3.7 in 10.5

- - - - -
84aa7267 by Salvatore Bonaccorso at 2020-08-01T09:51:11+00:00
Merge branch 'buster-10.5' into 'master'

Track buster 10.5 point release

See merge request security-tracker-team/security-tracker!61
- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1301,13 +1301,14 @@ CVE-2020-15687
 	RESERVED
 CVE-2019-20908 (An issue was discovered in drivers/firmware/efi/efi.c in the Linux ker ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.132-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/14/1
 	NOTE: Fixed by: https://git.kernel.org/linus/1957a85b0032a81e6482ca4aab883643b8dae06e
 CVE-2019-20907 (In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craf ...)
 	- python3.9 3.9.0~b5-1 (low)
 	- python3.8 3.8.5-1 (low)
 	- python3.7 <removed> (low)
-	[buster] - python3.7 <no-dsa> (Minor issue)
+	[buster] - python3.7 3.7.3-2+deb10u2
 	- python3.5 <removed> (low)
 	- python2.7 <unfixed> (low)
 	[buster] - python2.7 <no-dsa> (Minor issue)
@@ -2062,6 +2063,7 @@ CVE-2017-18922 (It was discovered that websockets.c in LibVNCServer prior to 0.9
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/30/2
 CVE-2020-15393 (In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/m ...)
 	- linux 5.7.10-1
+	[buster] - linux 4.19.131-1
 	NOTE: https://git.kernel.org/linus/28ebeb8db77035e058a510ce9bd17c2b9a009dba
 CVE-2020-15392 (A user enumeration vulnerability flaw was found in Venki Supravizio BP ...)
 	NOT-FOR-US: Venki
@@ -4458,7 +4460,7 @@ CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes has
 	{DLA-2280-1}
 	- python3.8 3.8.4~rc1-1
 	- python3.7 <removed>
-	[buster] - python3.7 <no-dsa> (Minor issue)
+	[buster] - python3.7 3.7.3-2+deb10u2
 	- python3.5 <removed>
 	- python3.4 <removed>
 	[jessie] - python3.4 <postponed> (Minor issue, DoS with constraints)
@@ -5056,7 +5058,7 @@ CVE-2020-14196 (In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 a
 CVE-2020-14195 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
 	{DLA-2270-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2765
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/f6d9c664f6d481703138319f6a0f1fdbddb3a259
@@ -5392,7 +5394,7 @@ CVE-2020-14063 (A stored Cross-Site Scripting (XSS) vulnerability in the TC Cust
 CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
 	{DLA-2270-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2704
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -5400,7 +5402,7 @@ CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the in
 CVE-2020-14061 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
 	{DLA-2270-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2698
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -5408,7 +5410,7 @@ CVE-2020-14061 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the in
 CVE-2020-14060 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
 	{DLA-2270-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2688
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -5516,12 +5518,10 @@ CVE-2020-14035
 	RESERVED
 CVE-2020-14034 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
 	- janus 0.10.2-1
-	[buster] - janus <ignored> (Will be removed in next point release)
 	NOTE: https://github.com/meetecho/janus-gateway/pull/2229
 	NOTE: https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80
 CVE-2020-14033 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
 	- janus 0.10.2-1
-	[buster] - janus <ignored> (Will be removed in next point release)
 	NOTE: https://github.com/meetecho/janus-gateway/pull/2229
 	NOTE: https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80
 CVE-2020-14032
@@ -5661,6 +5661,7 @@ CVE-2020-13975
 	RESERVED
 CVE-2020-13974 (** DISPUTED ** An issue was discovered in the Linux kernel through 5.7 ...)
 	- linux 5.7.6-1
+	[buster] - linux 4.19.131-1
 	[stretch] - linux 4.9.228-1
 	NOTE: https://git.kernel.org/linus/b86dab054059b970111b5516ae548efaae5b3aae
 CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls ...)
@@ -5833,22 +5834,18 @@ CVE-2020-13902 (ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer o
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/218d6abc4e36596c90a07463bfb2ab9e8312efbb
 CVE-2020-13901 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
 	- janus 0.10.1-1 (bug #962680)
-	[buster] - janus <ignored> (Will be removed in next point release)
 	NOTE: https://github.com/meetecho/janus-gateway/pull/2214
 	NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/90cc2ada775c4d4d8f6ae66f96b4ec7588e4bc86
 CVE-2020-13900 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
 	- janus 0.10.1-1 (bug #962680)
-	[buster] - janus <ignored> (Will be removed in next point release)
 	NOTE: https://github.com/meetecho/janus-gateway/pull/2214
 	NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/5f33d5e1073207f7275a726b7bb4cd7dbb08d13a
 CVE-2020-13899 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
 	- janus 0.10.1-1 (bug #962680)
-	[buster] - janus <ignored> (Will be removed in next point release)
 	NOTE: https://github.com/meetecho/janus-gateway/pull/2214
 	NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/f46f27fb129fd1b3744830b4fc6e75ab78794636
 CVE-2020-13898 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
 	- janus 0.10.1-1 (bug #962680)
-	[buster] - janus <ignored> (Will be removed in next point release)
 	NOTE: https://github.com/meetecho/janus-gateway/pull/2214
 	NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/2ed485d04630b9ee9de7c96517135654b7f32120
 CVE-2020-13897 (HESK before 3.1.10 allows reflected XSS. ...)
@@ -6294,6 +6291,7 @@ CVE-2019-20811 (An issue was discovered in the Linux kernel before 5.0.6. In rx_
 	NOTE: https://git.kernel.org/linus/a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e
 CVE-2019-20810 (go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux  ...)
 	- linux 5.6.7-1
+	[buster] - linux 4.19.131-1
 	[stretch] - linux 4.9.228-1
 	NOTE: https://git.kernel.org/linus/9453264ef58638ce8976121ac44c07a3ef375983
 CVE-2020-13759 (rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attacker ...)
@@ -6560,7 +6558,7 @@ CVE-2020-13646 (In Cheetah free WiFi 5.1, the driver file (liebaonat.sys) allows
 	NOT-FOR-US: cheetah free wifi
 CVE-2020-13645 (In GNOME glib-networking through 2.64.2, the implementation of GTlsCli ...)
 	- glib-networking 2.64.3-2 (bug #961756)
-	[buster] - glib-networking <no-dsa> (Minor issue; will be fixed via point release)
+	[buster] - glib-networking 2.58.0-2+deb10u1
 	[stretch] - glib-networking 2.50.0-1+deb9u1
 	NOTE: https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135
 	NOTE: Updating glib-networking to address CVE-2020-13645 will need a compatibility
@@ -7472,7 +7470,7 @@ CVE-2020-13250 (HashiCorp Consul and Consul Enterprise include an HTTP API (intr
 	NOTE: https://github.com/hashicorp/consul/pull/8023
 CVE-2020-13249 (libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not  ...)
 	- mariadb-10.3 1:10.3.23-1
-	[buster] - mariadb-10.3 <no-dsa> (Minor issue; will be fixed via point release)
+	[buster] - mariadb-10.3 1:10.3.23-0+deb10u1
 	- mariadb-10.1 <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945 (v3.1.8)
 	NOTE: Introduced around: https://github.com/mariadb-corporation/mariadb-connector-c/commit/b4efe73c9e725f97b3550371f8a78a10a20bf2fd (v3.0-cc-server-integ-0)
@@ -7512,12 +7510,12 @@ CVE-2020-13232
 	RESERVED
 CVE-2020-13231 (In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for a ...)
 	- cacti 1.2.11+ds1-1
-	[buster] - cacti <no-dsa> (Minor issue)
+	[buster] - cacti 1.2.2+ds1-2+deb10u3
 	[stretch] - cacti <no-dsa> (Minor issue)
 	NOTE: https://github.com/Cacti/cacti/issues/3342
 CVE-2020-13230 (In Cacti before 1.2.11, disabling a user account does not immediately  ...)
 	- cacti 1.2.11+ds1-1
-	[buster] - cacti <no-dsa> (Minor issue)
+	[buster] - cacti 1.2.2+ds1-2+deb10u3
 	[stretch] - cacti <no-dsa> (Minor issue)
 	NOTE: https://github.com/Cacti/cacti/issues/3343
 CVE-2020-13229 (An issue was discovered in Sysax Multi Server 6.90. A session can be h ...)
@@ -7787,19 +7785,19 @@ CVE-2020-13115
 CVE-2020-13114 (An issue was discovered in libexif before 0.6.22. An unrestricted size ...)
 	{DLA-2222-1}
 	- libexif 0.6.21-9 (bug #961410)
-	[buster] - libexif <no-dsa> (Minor issue)
+	[buster] - libexif 0.6.21-5.1+deb10u3
 	[stretch] - libexif 0.6.21-2+deb9u3
 	NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22)
 CVE-2020-13113 (An issue was discovered in libexif before 0.6.22. Use of uninitialized ...)
 	{DLA-2222-1}
 	- libexif 0.6.21-9 (bug #961409)
-	[buster] - libexif <no-dsa> (Minor issue)
+	[buster] - libexif 0.6.21-5.1+deb10u3
 	[stretch] - libexif 0.6.21-2+deb9u3
 	NOTE: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22)
 CVE-2020-13112 (An issue was discovered in libexif before 0.6.22. Several buffer over- ...)
 	{DLA-2222-1}
 	- libexif 0.6.21-9 (bug #961407)
-	[buster] - libexif <no-dsa> (Minor issue)
+	[buster] - libexif 0.6.21-5.1+deb10u3
 	[stretch] - libexif 0.6.21-2+deb9u3
 	NOTE: https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 (0.6.22)
 CVE-2020-13111 (NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/d ...)
@@ -8576,7 +8574,7 @@ CVE-2020-12772 (An issue was discovered in Ignite Realtime Spark 2.8.3 (and the
 CVE-2020-12767 (exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by ...)
 	{DLA-2214-1}
 	- libexif 0.6.21-7 (bug #960199)
-	[buster] - libexif <no-dsa> (Minor issue)
+	[buster] - libexif 0.6.21-5.1+deb10u2
 	[stretch] - libexif 0.6.21-2+deb9u2
 	NOTE: https://github.com/libexif/libexif/issues/31
 	NOTE: https://github.com/libexif/libexif/commit/e22f73064f804c94e90b642cd0db4697c827da72
@@ -8593,6 +8591,7 @@ CVE-2020-XXXX [unspecified fexsrv security issue]
 	[stretch] - fex 20160919-2~deb9u1
 CVE-2020-12771 (An issue was discovered in the Linux kernel through 5.6.11. btree_gc_c ...)
 	- linux 5.7.6-1
+	[buster] - linux 4.19.131-1
 	NOTE: https://lkml.org/lkml/2020/4/26/87
 	NOTE: https://git.kernel.org/linus/be23e837333a914df3f24bf0b32e87b0331ab8d1 (5.8-rc2)
 CVE-2020-12770 (An issue was discovered in the Linux kernel through 5.6.11. sg_write l ...)
@@ -8729,7 +8728,7 @@ CVE-2020-12724
 	RESERVED
 CVE-2020-12723 (regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted ...)
 	- perl 5.30.3-1 (bug #962005)
-	[buster] - perl <no-dsa> (Minor issue)
+	[buster] - perl 5.28.1-6+deb10u1
 	[stretch] - perl 5.24.1-3+deb9u7
 	NOTE: https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a (v5.30.3)
 CVE-2020-12722
@@ -8937,6 +8936,7 @@ CVE-2020-12656 (** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_swi
 	NOTE: Issue is triggered only at module reloading / rebinding
 CVE-2020-12655 (An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c ...)
 	- linux 5.6.14-1
+	[buster] - linux 4.19.131-1
 	NOTE: https://git.kernel.org/linus/d0c7feaf87678371c2c09b3709400be416b2dc62 (5.7-rc1)
 CVE-2020-12654 (An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_s ...)
 	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
@@ -10457,7 +10457,7 @@ CVE-2020-12050 (SQLiteODBC 0.9996, as packaged for certain Linux distributions a
 CVE-2020-12049 (An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusSe ...)
 	{DLA-2235-1}
 	- dbus 1.12.18-1
-	[buster] - dbus <no-dsa> (Minor issue)
+	[buster] - dbus 1.12.20-0+deb10u1
 	[stretch] - dbus 1.10.32-0+deb9u1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/3
 	NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/294
@@ -11425,7 +11425,7 @@ CVE-2020-11889 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL
 	NOT-FOR-US: Joomla!
 CVE-2020-11888 (python-markdown2 through 2.3.8 allows XSS because element names are mi ...)
 	- python-markdown2 2.3.9-1 (bug #959445)
-	[buster] - python-markdown2 <no-dsa> (Minor issue)
+	[buster] - python-markdown2 2.3.7-2+deb10u1
 	NOTE:  https://github.com/trentm/python-markdown2/issues/348
 CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an  ...)
 	NOT-FOR-US: svg2png
@@ -12129,7 +12129,7 @@ CVE-2020-11735 (The private-key operations in ecc.c in wolfSSL before 4.4.0 do n
 CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Dir ...)
 	{DLA-2180-1}
 	- file-roller 3.36.2-1 (bug #956638)
-	[buster] - file-roller <no-dsa> (Minor issue, will be fixed via spu)
+	[buster] - file-roller 3.30.1-2+deb10u1
 	[stretch] - file-roller 3.22.3-1+deb9u2
 	NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0
 CVE-2020-11734 (cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the A ...)
@@ -12449,7 +12449,7 @@ CVE-2020-11621
 CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
 	{DLA-2179-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2682
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -12457,7 +12457,7 @@ CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the in
 CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
 	{DLA-2179-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2680
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -12926,7 +12926,7 @@ CVE-2020-11539 (An issue was discovered on Tata Sonata Smart SF Rush 1.12 device
 	NOT-FOR-US: Tata Sonata Smart SF Rush 1.12 devices
 CVE-2020-11538 (In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out- ...)
 	- pillow 7.2.0-1 (low)
-	[buster] - pillow <no-dsa> (Will be fixed via spu)
+	[buster] - pillow 5.4.1-2+deb10u2
 	NOTE: https://github.com/python-pillow/Pillow/pull/4504
 	NOTE: https://github.com/python-pillow/Pillow/pull/4538
 CVE-2020-11537 (A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5 ...)
@@ -12953,7 +12953,7 @@ CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticat
 	NOT-FOR-US: Zoho
 CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc ...)
 	- freerdp2 2.1.1+dfsg1-1
-	[buster] - freerdp2 <no-dsa> (Minor issue)
+	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
 	- freerdp <removed>
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9
@@ -12961,35 +12961,35 @@ CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012
 CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-r ...)
 	- freerdp2 2.1.1+dfsg1-1
-	[buster] - freerdp2 <no-dsa> (Minor issue)
+	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
 	- freerdp <removed>
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/0b6b92a25a77d533b8a92d6acc840a81e103684e
 CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2. ...)
 	- freerdp2 2.1.1+dfsg1-1
-	[buster] - freerdp2 <no-dsa> (Minor issue)
+	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
 	- freerdp <removed>
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/7b1d4b49391b4512402840431757703a96946820
 CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ...)
 	- freerdp2 2.1.1+dfsg1-1
-	[buster] - freerdp2 <no-dsa> (Minor issue)
+	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
 	- freerdp <removed>
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e
 CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out- ...)
 	- freerdp2 2.1.1+dfsg1-1
-	[buster] - freerdp2 <no-dsa> (Minor issue)
+	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
 	- freerdp <removed>
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b
 CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc ...)
 	- freerdp2 2.1.1+dfsg1-1
-	[buster] - freerdp2 <no-dsa> (Minor issue)
+	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
 	- freerdp <removed>
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
@@ -13834,7 +13834,7 @@ CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1, if installed in setuid m
 CVE-2020-11113 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
 	{DLA-2179-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2670
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -13842,7 +13842,7 @@ CVE-2020-11113 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the in
 CVE-2020-11112 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
 	{DLA-2179-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2666
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -13850,7 +13850,7 @@ CVE-2020-11112 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the in
 CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
 	{DLA-2179-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2664
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -14404,7 +14404,7 @@ CVE-2020-10970
 CVE-2020-10969 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
 	{DLA-2179-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2642
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -14412,7 +14412,7 @@ CVE-2020-10969 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the in
 CVE-2020-10968 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
 	{DLA-2179-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2662
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -14690,7 +14690,7 @@ CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a craft
 	NOT-FOR-US: rConfig
 CVE-2020-10878 (Perl before 5.30.3 has an integer overflow related to mishandling of a ...)
 	- perl 5.30.3-1 (bug #962005)
-	[buster] - perl <no-dsa> (Minor issue)
+	[buster] - perl 5.28.1-6+deb10u1
 	[stretch] - perl 5.24.1-3+deb9u7
 	NOTE: https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8 (v5.30.3)
 	NOTE: https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c (v5.30.3)
@@ -15167,18 +15167,21 @@ CVE-2020-10769 (A buffer over-read flaw was found in RH kernel versions before 5
 CVE-2020-10768 [Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command]
 	RESERVED
 	- linux 5.7.6-1
+	[buster] - linux 4.19.131-1
 	[stretch] - linux 4.9.228-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1
 	NOTE: https://git.kernel.org/linus/4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf
 CVE-2020-10767 [Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available]
 	RESERVED
 	- linux 5.7.6-1
+	[buster] - linux 4.19.131-1
 	[stretch] - linux 4.9.228-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1
 	NOTE: https://git.kernel.org/linus/21998a351512eba4ed5969006f0c55882d995ada
 CVE-2020-10766 [Rogue cross-process SSBD shutdown]
 	RESERVED
 	- linux 5.7.6-1
+	[buster] - linux 4.19.131-1
 	[stretch] - linux 4.9.228-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1
 	NOTE: https://git.kernel.org/linus/dbbe2ad02e9df26e372f38cc3e70dab9222c832e
@@ -15207,7 +15210,7 @@ CVE-2020-10759 [Possible bypass in signature verification]
 	RESERVED
 	{DLA-2274-1}
 	- fwupd 1.3.10-1 (bug #962517)
-	[buster] - fwupd <no-dsa> (Will be fixed via point release)
+	[buster] - fwupd 1.2.13-1
 	- libjcat 0.1.3-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1844316
 	NOTE: https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md
@@ -15562,7 +15565,7 @@ CVE-2020-10675 (The Library API in buger jsonparser through 2019-12-04 allows at
 CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
 	{DLA-2153-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2660
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -15570,7 +15573,7 @@ CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the in
 CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
 	{DLA-2153-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2659
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -15598,7 +15601,7 @@ CVE-2020-10664 (The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in
 CVE-2020-10663 (The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9 ...)
 	{DSA-4721-1 DLA-2192-1 DLA-2190-1}
 	- ruby-json 2.3.0+dfsg-1
-	[buster] - ruby-json <no-dsa> (Minor issue)
+	[buster] - ruby-json 2.1.0+dfsg-2+deb10u1
 	[stretch] - ruby-json 2.0.1+dfsg-3+deb9u1
 	- ruby2.7 <not-affected> (Fixed before initial upload to Debian)
 	- ruby2.5 <removed>
@@ -15841,23 +15844,18 @@ CVE-2020-10578 (An arbitrary file read vulnerability exists in system/controller
 	NOT-FOR-US: QCMS
 CVE-2020-10577 (An issue was discovered in Janus through 0.9.1. janus.c has multiple c ...)
 	- janus 0.9.2-1 (bug #954668)
-	[buster] - janus <ignored> (Will be removed in next point release)
 	NOTE: https://github.com/meetecho/janus-gateway/pull/1990
 CVE-2020-10576 (An issue was discovered in Janus through 0.9.1. plugins/janus_voicemai ...)
 	- janus 0.9.1+20200313-1
-	[buster] - janus <ignored> (Will be removed in next point release)
 	NOTE: https://github.com/meetecho/janus-gateway/pull/1993
 CVE-2020-10575 (An issue was discovered in Janus through 0.9.1. plugins/janus_videocal ...)
 	- janus 0.9.1+20200313-1
-	[buster] - janus <ignored> (Will be removed in next point release)
 	NOTE: https://github.com/meetecho/janus-gateway/pull/1994
 CVE-2020-10574 (An issue was discovered in Janus through 0.9.1. janus.c tries to use a ...)
 	- janus 0.9.1+20200313-1
-	[buster] - janus <ignored> (Will be removed in next point release)
 	NOTE: https://github.com/meetecho/janus-gateway/pull/1989
 CVE-2020-10573 (An issue was discovered in Janus through 0.9.1. janus_audiobridge.c ha ...)
 	- janus 0.9.1+20200313-1
-	[buster] - janus <ignored> (Will be removed in next point release)
 	NOTE: https://github.com/meetecho/janus-gateway/pull/1988
 CVE-2020-10572
 	RESERVED
@@ -15923,7 +15921,7 @@ CVE-2009-5159 (Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, whe
 	NOT-FOR-US: Invision Power Board
 CVE-2020-10543 (Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer over ...)
 	- perl 5.30.3-1 (bug #962005)
-	[buster] - perl <no-dsa> (Minor issue)
+	[buster] - perl 5.28.1-6+deb10u1
 	[stretch] - perl 5.24.1-3+deb9u7
 	NOTE: https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed (v5.30.3)
 CVE-2020-10542
@@ -16273,7 +16271,7 @@ CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libIma
 	NOTE: Fixed in 6.2.3 and 7.1.0
 CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds rea ...)
 	- pillow 7.2.0-1
-	[buster] - pillow <no-dsa> (Will be fixed via spu)
+	[buster] - pillow 5.4.1-2+deb10u2
 	[stretch] - pillow <not-affected> (Vulnerable code not present)
 	[jessie] - pillow <no-dsa> (Minor issue)
 	NOTE: https://github.com/python-pillow/Pillow/pull/4538
@@ -16746,7 +16744,7 @@ CVE-2020-10178
 	REJECTED
 CVE-2020-10177 (Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ...)
 	- pillow 7.2.0-1
-	[buster] - pillow <no-dsa> (Will be fixed via spu)
+	[buster] - pillow 5.4.1-2+deb10u2
 	[jessie] - pillow <no-dsa> (Minor issue)
 	NOTE: https://github.com/python-pillow/Pillow/pull/4503
 	NOTE: https://github.com/python-pillow/Pillow/pull/4538
@@ -18177,7 +18175,7 @@ CVE-2020-9549 (In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-o
 CVE-2020-9548 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
 	{DLA-2135-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2634
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -18185,7 +18183,7 @@ CVE-2020-9548 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the int
 CVE-2020-9547 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
 	{DLA-2135-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2634
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -18193,7 +18191,7 @@ CVE-2020-9547 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the int
 CVE-2020-9546 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
 	{DLA-2135-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2631
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -19902,7 +19900,7 @@ CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type par
 CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean- ...)
 	{DLA-2111-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2620
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497
@@ -19913,7 +19911,7 @@ CVE-2020-8839 (Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converte
 CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correct ...)
 	{DLA-2116-1}
 	- libpam-radius-auth 1.4.0-3 (bug #951396)
-	[buster] - libpam-radius-auth <no-dsa> (Minor issue)
+	[buster] - libpam-radius-auth 1.4.0-3~deb10u1
 	NOTE: https://github.com/FreeRADIUS/pam_radius/commit/01173ec
 	NOTE: https://github.com/FreeRADIUS/pam_radius/commit/6bae92d
 	NOTE: https://github.com/FreeRADIUS/pam_radius/commit/ac2c1677
@@ -20758,7 +20756,7 @@ CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10,
 	{DLA-2280-1}
 	- python3.8 3.8.3~rc1-1
 	- python3.7 <removed>
-	[buster] - python3.7 <no-dsa> (Minor issue)
+	[buster] - python3.7 3.7.3-2+deb10u2
 	- python3.5 <removed>
 	- python3.4 <removed>
 	[jessie] - python3.4 <postponed> (Minor issue)
@@ -21834,14 +21832,14 @@ CVE-2020-8036
 CVE-2020-8035 (The image view functionality in Horde Groupware Webmail Edition before ...)
 	{DLA-2230-1}
 	- php-horde 5.2.23+debian0-1 (bug #963809)
-	[buster] - php-horde <no-dsa> (Minor issue; can be fixed via point release)
+	[buster] - php-horde 5.2.20+debian0-1+deb10u2
 	[stretch] - php-horde 5.2.13+debian0-1+deb9u2
 	NOTE: https://github.com/horde/base/commit/64127fe3c2b9843c9760218e59dae9731cc56bdf
 	NOTE: https://lists.horde.org/archives/announce/2020/001290.html
 CVE-2020-8034 (Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.2 ...)
 	{DLA-2229-1}
 	- php-horde-gollem 3.0.12-6 (bug #961649)
-	[buster] - php-horde-gollem <no-dsa> (Minor issue)
+	[buster] - php-horde-gollem 3.0.12-3+deb10u1
 	[stretch] - php-horde-gollem 3.0.10-1+deb9u1
 	NOTE: https://lists.horde.org/archives/announce/2020/001289.html
 	NOTE: https://github.com/horde/gollem/commit/a73bef1aef27d4cbfc7b939c2a81dea69aabb083
@@ -22938,7 +22936,7 @@ CVE-2020-7599 (All versions of com.gradle.plugin-publish before 0.11.0 are vulne
 	NOT-FOR-US: com.gradle.plugin-publish
 CVE-2020-7598 (minimist before 1.2.2 could be tricked into adding or modifying proper ...)
 	- node-minimist 1.2.5-1 (bug #953762)
-	[buster] - node-minimist <no-dsa> (Minor issue)
+	[buster] - node-minimist 1.2.0-1+deb10u1
 	[stretch] - node-minimist <ignored> (Nodejs in stretch not covered by security support)
 	NOTE: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
 	NOTE: POC: https://gist.github.com/Kirill89/47feb345b09bf081317f08dd43403a8a
@@ -23731,7 +23729,7 @@ CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it misha
 	NOTE: https://github.com/netty/netty/issues/9861#issuecomment-582307539 (same fix as CVE-2019-20445)
 CVE-2020-7237 (Cacti 1.2.8 allows Remote Code Execution (by privileged users) via she ...)
 	- cacti 1.2.9+ds1-1 (bug #949997)
-	[buster] - cacti <no-dsa> (Minor issue)
+	[buster] - cacti 1.2.2+ds1-2+deb10u3
 	[stretch] - cacti <no-dsa> (Minor issue)
 	[jessie] - cacti <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Cacti/cacti/issues/3201
@@ -24016,7 +24014,7 @@ CVE-2020-7107 (The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS vi
 CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.p ...)
 	{DLA-2069-1}
 	- cacti 1.2.9+ds1-1 (bug #949996)
-	[buster] - cacti <postponed> (can be fixed along with more important issues)
+	[buster] - cacti 1.2.2+ds1-2+deb10u3
 	[stretch] - cacti <postponed> (can be fixed along with more important issues)
 	NOTE: https://github.com/Cacti/cacti/issues/3191
 	NOTE: https://github.com/Cacti/cacti/commit/4cbb045e03ee20a2bd09094a201a925fbb8a39d9
@@ -24249,7 +24247,7 @@ CVE-2020-7041 (An issue was discovered in openfortivpn 1.11.0 when used with Ope
 CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBack ...)
 	{DLA-2095-1}
 	- storebackup 3.2.1-2 (bug #949393)
-	[buster] - storebackup <no-dsa> (Minor issue)
+	[buster] - storebackup 3.2.1-2~deb10u1
 	[stretch] - storebackup 3.2.1-2~deb9u1
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1156767
 	NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/3
@@ -25008,7 +25006,7 @@ CVE-2019-20374 (A mutation cross-site scripting (XSS) issue in Typora through 0.
 	NOT-FOR-US: Typora
 CVE-2019-20372 (NGINX before 1.17.7, with certain error_page configurations, allows HT ...)
 	- nginx 1.16.1-3 (low; bug #948579)
-	[buster] - nginx <no-dsa> (Minor issue)
+	[buster] - nginx 1.14.2-2+deb10u2
 	[stretch] - nginx 1.10.3-1+deb9u4
 	[jessie] - nginx <no-dsa> (Minor issue)
 	NOTE: https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf
@@ -27056,11 +27054,11 @@ CVE-2020-5968 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU p
 	NOT-FOR-US: NVIDIA Virtual GPU Manager
 CVE-2020-5967 (NVIDIA Linux GPU Display Driver, all versions, contains a vulnerabilit ...)
 	- nvidia-graphics-drivers 440.100-1 (bug #963766)
-	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers 418.152.00-1
 	[stretch] - nvidia-graphics-drivers 390.138-1
 	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-390xx 390.138-1 (bug #963908)
-	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers-legacy-390xx 390.138-1~deb10u1
 	- nvidia-graphics-drivers-legacy-340xx <unfixed>
 	[buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
 	[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
@@ -27078,11 +27076,11 @@ CVE-2020-5964 (NVIDIA Windows GPU Display Driver, all versions, contains a vulne
 	NOT-FOR-US: NVIDIA Windows GPU Display Driver
 CVE-2020-5963 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
 	- nvidia-graphics-drivers 440.100-1 (bug #963766)
-	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers 418.152.00-1
 	[stretch] - nvidia-graphics-drivers 390.138-1
 	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-390xx 390.138-1 (bug #963908)
-	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers-legacy-390xx 390.138-1~deb10u1
 	- nvidia-graphics-drivers-legacy-340xx <unfixed>
 	[buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
 	[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
@@ -28857,7 +28855,7 @@ CVE-2020-5201
 CVE-2019-20330 (FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.eh ...)
 	{DLA-2111-1}
 	- jackson-databind 2.10.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2526
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/fc4214a883dc087070f25da738ef0d49c2f3387e
@@ -32497,7 +32495,7 @@ CVE-2019-19921 (runc through 1.0.0-rc9 has Incorrect Access Control leading to E
 	NOTE: https://github.com/opencontainers/runc/pull/2190
 CVE-2019-19919 (Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Poll ...)
 	- node-handlebars 3:4.5.3-1
-	[buster] - node-handlebars <no-dsa> (Minor issue; will be fixed via point release)
+	[buster] - node-handlebars 3:4.1.0-1+deb10u1
 	NOTE: https://www.npmjs.com/advisories/1164
 CVE-2019-19918 (Lout 3.40 has a heap-based buffer overflow in the srcnext() function i ...)
 	- lout <unfixed> (bug #947113)
@@ -33926,7 +33924,7 @@ CVE-2020-3482
 	RESERVED
 CVE-2020-3481 (A vulnerability in the EGG archive parsing module in Clam AntiVirus (C ...)
 	- clamav 0.102.4+dfsg-1
-	[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
+	[buster] - clamav 0.102.4+dfsg-0+deb10u1
 	NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
 CVE-2020-3480
 	RESERVED
@@ -34190,7 +34188,7 @@ CVE-2020-3351 (A vulnerability in Cisco SD-WAN Solution Software could allow an
 	NOT-FOR-US: Cisco
 CVE-2020-3350 (A vulnerability in the endpoint software of Cisco AMP for Endpoints an ...)
 	- clamav 0.102.4+dfsg-1
-	[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
+	[buster] - clamav 0.102.4+dfsg-0+deb10u1
 	NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
 CVE-2020-3349 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
 	NOT-FOR-US: Cisco
@@ -34211,7 +34209,7 @@ CVE-2020-3342 (A vulnerability in the software update feature of Cisco Webex Mee
 CVE-2020-3341 (A vulnerability in the PDF archive parsing module in Clam AntiVirus (C ...)
 	{DLA-2215-1}
 	- clamav 0.102.3+dfsg-1
-	[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
+	[buster] - clamav 0.102.3+dfsg-0~deb10u1
 	[stretch] - clamav 0.102.3+dfsg-0~deb9u1
 	NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
 CVE-2020-3340 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -34243,7 +34241,7 @@ CVE-2020-3328
 CVE-2020-3327 (A vulnerability in the ARJ archive parsing module in Clam AntiVirus (C ...)
 	{DLA-2215-1}
 	- clamav 0.102.4+dfsg-1
-	[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
+	[buster] - clamav 0.102.4+dfsg-0+deb10u1
 	[stretch] - clamav 0.102.3+dfsg-0~deb9u1
 	NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
 	NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
@@ -35470,7 +35468,7 @@ CVE-2020-2815 (Vulnerability in the Oracle iSupport product of Oracle E-Business
 	NOT-FOR-US: Oracle
 CVE-2020-2814 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mariadb-10.3 1:10.3.23-1 (bug #961849)
-	[buster] - mariadb-10.3 <no-dsa> (Minor issue; will be fixed via point release)
+	[buster] - mariadb-10.3 1:10.3.23-0+deb10u1
 	- mariadb-10.1 <removed>
 	[stretch] - mariadb-10.1 10.1.45-0+deb9u1
 	- mysql-5.7 <unfixed> (bug #956832)
@@ -35480,7 +35478,7 @@ CVE-2020-2813 (Vulnerability in the Oracle Email Center product of Oracle E-Busi
 	NOT-FOR-US: Oracle
 CVE-2020-2812 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mariadb-10.3 1:10.3.23-1 (bug #961849)
-	[buster] - mariadb-10.3 <no-dsa> (Minor issue; will be fixed via point release)
+	[buster] - mariadb-10.3 1:10.3.23-0+deb10u1
 	- mariadb-10.1 <removed>
 	[stretch] - mariadb-10.1 10.1.45-0+deb9u1
 	- mysql-5.7 <unfixed> (bug #956832)
@@ -35626,7 +35624,7 @@ CVE-2020-2761 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
 	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
 CVE-2020-2760 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mariadb-10.3 1:10.3.23-1 (bug #961849)
-	[buster] - mariadb-10.3 <no-dsa> (Minor issue; will be fixed via point release)
+	[buster] - mariadb-10.3 1:10.3.23-0+deb10u1
 	- mysql-5.7 <unfixed> (bug #956832)
 	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
 	NOTE: Fixed in MariaDB 10.3.23
@@ -35662,7 +35660,7 @@ CVE-2020-2753 (Vulnerability in the Oracle Workflow product of Oracle E-Business
 	NOT-FOR-US: Oracle
 CVE-2020-2752 (Vulnerability in the MySQL Client product of Oracle MySQL (component:  ...)
 	- mariadb-10.3 1:10.3.23-1 (bug #961849)
-	[buster] - mariadb-10.3 <no-dsa> (Minor issue; will be fixed via point release)
+	[buster] - mariadb-10.3 1:10.3.23-0+deb10u1
 	- mariadb-10.1 <removed>
 	[stretch] - mariadb-10.1 10.1.45-0+deb9u1
 	- mysql-5.7 <unfixed> (bug #956832)
@@ -37956,7 +37954,7 @@ CVE-2020-1954 (Apache CXF has the ability to integrate with JMX by registering a
 	NOT-FOR-US: Apache CXF
 CVE-2020-1953 (Apache Commons Configuration uses a third-party library to parse YAML  ...)
 	- commons-configuration2 2.7-1 (bug #954713)
-	[buster] - commons-configuration2 <no-dsa> (Minor issue, will be fixed via spu)
+	[buster] - commons-configuration2 2.2-1+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/03/13/1
 CVE-2020-1952 (An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. W ...)
 	NOT-FOR-US: Apache IoTDB
@@ -39199,11 +39197,11 @@ CVE-2019-19335 (During installation of an OpenShift 4 cluster, the `openshift-in
 	NOT-FOR-US: OpenShift
 CVE-2019-19334 (In all versions of libyang before 1.0-r5, a stack-based buffer overflo ...)
 	- libyang 0.16.105-2 (bug #946217)
-	[buster] - libyang <no-dsa> (Minor issue)
+	[buster] - libyang 0.16.105-1+deb10u1
 	NOTE: https://github.com/CESNET/libyang/commit/6980afae2ff9fcd6d67508b0a3f694d75fd059d6
 CVE-2019-19333 (In all versions of libyang before 1.0-r5, a stack-based buffer overflo ...)
 	- libyang 0.16.105-2 (bug #946217)
-	[buster] - libyang <no-dsa> (Minor issue)
+	[buster] - libyang 0.16.105-1+deb10u1
 	NOTE: https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0d
 CVE-2019-19332 (An out-of-bounds memory write issue was found in the Linux Kernel, ver ...)
 	{DLA-2114-1 DLA-2068-1}
@@ -40457,6 +40455,7 @@ CVE-2019-18886 (An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to
 	NOTE: Fixed by: https://github.com/symfony/symfony/commit/7bd4a92fc9cc15d9a9fbb9eb1041e01b977f8332 (v4.2.12)
 CVE-2019-18885 (fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verif ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.131-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/09ba3bc9dd150457c506e4661380a6183af651c1 (5.1-rc1)
@@ -40633,6 +40632,7 @@ CVE-2019-18815 (PopojiCMS 2.0.1 allows refer= Open Redirection. ...)
 	NOT-FOR-US: PopojiCMS
 CVE-2019-18814 (An issue was discovered in the Linux kernel through 5.3.9. There is a  ...)
 	- linux 5.7.6-1
+	[buster] - linux 4.19.131-1
 	[stretch] - linux <not-affected> (Vulnerability introduced later)
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: https://lore.kernel.org/patchwork/patch/1142523/
@@ -45215,7 +45215,7 @@ CVE-2020-0199 (In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there
 CVE-2020-0198 (In exif_data_load_data_content of exif-data.c, there is a possible UBS ...)
 	{DLA-2249-1}
 	- libexif 0.6.22-2 (bug #962345)
-	[buster] - libexif <no-dsa> (Minor issue)
+	[buster] - libexif 0.6.21-5.1+deb10u4
 	[stretch] - libexif 0.6.21-2+deb9u4
 	NOTE: https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0
 	NOTE: https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c
@@ -45252,7 +45252,7 @@ CVE-2020-0183 (In handleMessage of BluetoothManagerService, there is an incomple
 CVE-2020-0182 (In exif_entry_get_value of exif-entry.c, there is a possible out of bo ...)
 	{DLA-2249-1}
 	- libexif 0.6.22-1 (low)
-	[buster] - libexif <no-dsa> (Minor issue)
+	[buster] - libexif 0.6.21-5.1+deb10u4
 	[stretch] - libexif 0.6.21-2+deb9u4
 	NOTE: https://github.com/libexif/libexif/commit/f9bb9f263fb00f0603ecbefa8957cad24168cbff (0.6.22)
 	NOTE: CVE originally originally reported by Android where a different patch was shipped
@@ -45443,7 +45443,7 @@ CVE-2020-0094 (In setImageHeight and setImageWidth of ExifUtils.cpp, there is a
 CVE-2020-0093 (In exif_data_save_data_entry of exif-data.c, there is a possible out o ...)
 	{DLA-2214-1}
 	- libexif 0.6.21-8
-	[buster] - libexif <no-dsa> (Minor issue)
+	[buster] - libexif 0.6.21-5.1+deb10u2
 	[stretch] - libexif 0.6.21-2+deb9u2
 	NOTE: https://github.com/libexif/libexif/issues/42
 	NOTE: https://github.com/libexif/libexif/commit/5ae5973bed1947f4d447dc80b76d5cefadd90133
@@ -47027,7 +47027,7 @@ CVE-2019-17567
 CVE-2019-17566 [SSRF vulnerability]
 	RESERVED
 	- batik 1.12-1.1 (bug #964510)
-	[buster] - batik <no-dsa> (Minor issue, will be fixed via point update)
+	[buster] - batik 1.10-2+deb10u1
 	[stretch] - batik 1.8-4+deb9u2
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/2
 	NOTE: patch: http://svn.apache.org/viewvc?view=revision&revision=1871084
@@ -47266,7 +47266,7 @@ CVE-2019-17532 (An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.
 CVE-2019-17531 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
 	{DLA-2030-1}
 	- jackson-databind 2.10.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2498
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/b5a304a98590b6bb766134f9261e6566dcbbb6d0
@@ -47485,7 +47485,7 @@ CVE-2019-17456
 CVE-2019-17455 (Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequ ...)
 	{DLA-2207-1}
 	- libntlm 1.6-1 (bug #942145)
-	[buster] - libntlm <no-dsa> (Minor issue)
+	[buster] - libntlm 1.5-1+deb10u1
 	[stretch] - libntlm <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/jas/libntlm/issues/2
 	NOTE: https://gitlab.com/jas/libntlm/-/commit/b967886873fcf19f816b9c0868465f2d9e5df85e
@@ -47950,7 +47950,7 @@ CVE-2019-17268 (The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on
 CVE-2019-17267 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
 	{DLA-2030-1}
 	- jackson-databind 2.10.0-1
-	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[buster] - jackson-databind 2.9.8-3+deb10u2
 	[stretch] - jackson-databind 2.8.6-1+deb9u7
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2460
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/191a4cdf87b56d2ddddb77edd895ee756b7f75eb
@@ -55296,7 +55296,7 @@ CVE-2019-14869 (A flaw was found in all versions of ghostscript 9.x before 9.50,
 CVE-2019-14868 (In ksh version 20120801, a flaw was found in the way it evaluates cert ...)
 	{DLA-2284-1}
 	- ksh 2020.0.0-2.1 (bug #948989)
-	[buster] - ksh <no-dsa> (Minor issue)
+	[buster] - ksh 93u+20120801-3.4+deb10u1
 	[jessie] - ksh <ignored> (Minor issue)
 	- ksh93 <removed> (bug #964034)
 	NOTE: https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2
@@ -60940,7 +60940,7 @@ CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplic
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
 CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed zip arc ...)
 	- zipios++ 0.1.5.9+cvs.2007.04.28-11 (low; bug #932556)
-	[buster] - zipios++ <no-dsa> (Minor issue)
+	[buster] - zipios++ 0.1.5.9+cvs.2007.04.28-10+deb10u1
 	[stretch] - zipios++ <no-dsa> (Minor issue)
 	[jessie] - zipios++ <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/
@@ -87110,6 +87110,7 @@ CVE-2019-3906 (Premisys Identicard version 3.1.190 contains hardcoded credential
 	NOT-FOR-US: Premisys Identicard
 CVE-2018-20669 (An issue where a provided address with access_ok() is not checked was  ...)
 	- linux 5.2.6-1 (unimportant)
+	[buster] - linux 4.19.131-1
 	NOTE: Fixed by: https://git.kernel.org/linus/594cc251fdd0d231d342d88b2fdff4bc42fb0690
 CVE-2018-20668
 	RESERVED
@@ -87859,7 +87860,7 @@ CVE-2019-3690 (The chkstat tool in the permissions package followed symlinks bef
 CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before and in ...)
 	{DLA-1965-1}
 	- nfs-utils 1:1.3.4-3 (bug #940848)
-	[buster] - nfs-utils <no-dsa> (Minor issue)
+	[buster] - nfs-utils 1:1.3.4-2.5+deb10u1
 	[stretch] - nfs-utils 1:1.3.4-2.1+deb9u1
 	NOTE: https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=fee2cc29e888f2ced6a76990923aef19d326dc0e
 CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterpri ...)
@@ -93695,7 +93696,7 @@ CVE-2018-20024 (LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 co
 	- italc <removed>
 	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
 	- ssvnc 1.0.29-5 (bug #945827)
-	[buster] - ssvnc <no-dsa> (Minor issue)
+	[buster] - ssvnc 1.0.29-4+deb10u1
 	[stretch] - ssvnc 1.0.29-3+deb9u1
 	- veyon 4.1.4+repack1-1
 	NOTE: https://github.com/LibVNC/libvncserver/issues/254
@@ -93716,7 +93717,7 @@ CVE-2018-20022 (LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains
 	- italc <removed>
 	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
 	- ssvnc 1.0.29-5 (bug #945827)
-	[buster] - ssvnc <no-dsa> (Minor issue)
+	[buster] - ssvnc 1.0.29-4+deb10u1
 	[stretch] - ssvnc 1.0.29-3+deb9u1
 	- tightvnc 1:1.3.9-9.1
 	[buster] - tightvnc 1:1.3.9-9deb10u1
@@ -93731,7 +93732,7 @@ CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c co
 	- italc <removed>
 	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
 	- ssvnc 1.0.29-5 (bug #945827)
-	[buster] - ssvnc <no-dsa> (Minor issue)
+	[buster] - ssvnc 1.0.29-4+deb10u1
 	[stretch] - ssvnc 1.0.29-3+deb9u1
 	- tightvnc 1:1.3.9-9.1
 	[buster] - tightvnc 1:1.3.9-9deb10u1
@@ -93746,7 +93747,7 @@ CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d co
 	- italc <removed>
 	[stretch] - italc <not-affected> (Incomplete fix for CVE-2018-20019 not applied)
 	- ssvnc 1.0.29-5 (bug #945827)
-	[buster] - ssvnc <no-dsa> (Minor issue)
+	[buster] - ssvnc 1.0.29-4+deb10u1
 	[stretch] - ssvnc 1.0.29-3+deb9u1
 	- veyon 4.1.4+repack1-1
 	NOTE: https://github.com/LibVNC/libvncserver/issues/250
@@ -107740,7 +107741,7 @@ CVE-2018-16337 (An issue was discovered in Cscms V4.1.8. There is a CSRF vulnera
 CVE-2018-16336 (Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote  ...)
 	{DLA-1551-1}
 	- exiv2 0.27.2-6 (bug #916081)
-	[buster] - exiv2 <ignored> (Minor issue)
+	[buster] - exiv2 0.25-4+deb10u1
 	[stretch] - exiv2 0.25-3.1+deb9u2
 	NOTE: https://github.com/Exiv2/exiv2/issues/400
 	NOTE: https://github.com/Exiv2/exiv2/commit/35b3e596edacd2437c2c5d3dd2b5c9502626163d
@@ -122845,7 +122846,7 @@ CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant
 CVE-2018-10756 (Use-after-free in libtransmission/variant.c in Transmission before 3.0 ...)
 	{DLA-2218-1}
 	- transmission 3.00-1 (bug #961461)
-	[buster] - transmission <no-dsa> (Minor issue, will be fixed via spu)
+	[buster] - transmission 2.94-2+deb10u1
 	NOTE: https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e (3.00)
 	NOTE: https://tomrichards.net/2020/05/cve-2018-10756-transmission/
 CVE-2018-10755


=====================================
data/next-point-update.txt
=====================================
@@ -1,197 +1,3 @@
-CVE-2019-19919
-	[buster] - node-handlebars 3:4.1.0-1+deb10u1
-CVE-2019-20372
-	[buster] - nginx 1.14.2-2+deb10u2
-CVE-2020-7598
-	[buster] - node-minimist 1.2.0-1+deb10u1
-CVE-2019-13453
-	[buster] - zipios++ 0.1.5.9+cvs.2007.04.28-10+deb10u1
-CVE-2019-19333
-	[buster] - libyang 0.16.105-1+deb10u1
-CVE-2019-19334
-	[buster] - libyang 0.16.105-1+deb10u1
-CVE-2020-12767
-	[buster] - libexif 0.6.21-5.1+deb10u2
-CVE-2020-0093
-	[buster] - libexif 0.6.21-5.1+deb10u2
-CVE-2020-8034
-	[buster] - php-horde-gollem 3.0.12-3+deb10u1
-CVE-2018-20020
-	[buster] - ssvnc 1.0.29-4+deb10u1
-CVE-2018-20021
-	[buster] - ssvnc 1.0.29-4+deb10u1
-CVE-2018-20022
-	[buster] - ssvnc 1.0.29-4+deb10u1
-CVE-2018-20024
-	[buster] - ssvnc 1.0.29-4+deb10u1
-CVE-2020-8035
-	[buster] - php-horde 5.2.20+debian0-1+deb10u2
-CVE-2020-11525
-	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
-CVE-2020-11526
-	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
-CVE-2020-11523
-	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
-CVE-2020-11524
-	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
-CVE-2020-11522
-	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
-CVE-2020-11521
-	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
-CVE-2020-11888
-	[buster] - python-markdown2 2.3.7-2+deb10u1
-CVE-2020-13112
-	[buster] - libexif 0.6.21-5.1+deb10u3
-CVE-2020-13113
-	[buster] - libexif 0.6.21-5.1+deb10u3
-CVE-2020-13114
-	[buster] - libexif 0.6.21-5.1+deb10u3
-CVE-2020-10543
-	[buster] - perl 5.28.1-6+deb10u1
-CVE-2020-10878
-	[buster] - perl 5.28.1-6+deb10u1
-CVE-2020-12723
-	[buster] - perl 5.28.1-6+deb10u1
-CVE-2020-10663
-	[buster] - ruby-json 2.1.0+dfsg-2+deb10u1
-CVE-2020-12049
-	[buster] - dbus 1.12.20-0+deb10u1
-CVE-2019-17455
-	[buster] - libntlm 1.5-1+deb10u1
-CVE-2020-3350
-	[buster] - clamav 0.102.4+dfsg-0+deb10u1
-CVE-2020-3327
-	[buster] - clamav 0.102.4+dfsg-0~deb10u1
-CVE-2020-3481
-	[buster] - clamav 0.102.4+dfsg-0~deb10u1
-CVE-2020-3341
-	[buster] - clamav 0.102.3+dfsg-0~deb10u1
-CVE-2018-16336
-	[buster] - exiv2 0.25-4+deb10u1
-CVE-2019-3689
-	[buster] - nfs-utils 1:1.3.4-2.5+deb10u1
-CVE-2020-0182
-	[buster] - libexif 0.6.21-5.1+deb10u4
-CVE-2020-0198
-	[buster] - libexif 0.6.21-5.1+deb10u4
-CVE-2020-5963
-	[buster] - nvidia-graphics-drivers 418.152.00-1
-	[buster] - nvidia-graphics-drivers-legacy-390xx 390.138-1~deb10u1
-CVE-2020-5967
-	[buster] - nvidia-graphics-drivers 418.152.00-1
-	[buster] - nvidia-graphics-drivers-legacy-390xx 390.138-1~deb10u1
-CVE-2020-7237
-	[buster] - cacti 1.2.2+ds1-2+deb10u3
-CVE-2020-7106
-	[buster] - cacti 1.2.2+ds1-2+deb10u3
-CVE-2020-13230
-	[buster] - cacti 1.2.2+ds1-2+deb10u3
-CVE-2020-13231
-	[buster] - cacti 1.2.2+ds1-2+deb10u3
-CVE-2020-13645
-	[buster] - glib-networking 2.58.0-2+deb10u1
-CVE-2020-2752
-	[buster] - mariadb-10.3 1:10.3.23-0+deb10u1
-CVE-2020-2760
-	[buster] - mariadb-10.3 1:10.3.23-0+deb10u1
-CVE-2020-2812
-	[buster] - mariadb-10.3 1:10.3.23-0+deb10u1
-CVE-2020-2814
-	[buster] - mariadb-10.3 1:10.3.23-0+deb10u1
-CVE-2020-13249
-	[buster] - mariadb-10.3 1:10.3.23-0+deb10u1
-CVE-2020-11736
-	[buster] - file-roller 3.30.1-2+deb10u1
-CVE-2020-10759
-	[buster] - fwupd 1.2.13-1
-CVE-2020-7040
-	[buster] - storebackup 3.2.1-2~deb10u1
-CVE-2020-9548
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2020-9547
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2020-9546
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2020-8840
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2020-14195
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2020-14062
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2020-14061
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2020-14060
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2020-11620
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2020-11619
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2020-11113
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2020-11112
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2020-11111
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2020-10969
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2020-10968
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2020-10673
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2020-10672
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2019-20330
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2019-17531
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2019-17267
-	[buster] - jackson-databind 2.9.8-3+deb10u2
-CVE-2019-18814
-	[buster] - linux 4.19.131-1
-CVE-2019-18885
-	[buster] - linux 4.19.131-1
-CVE-2019-20810
-	[buster] - linux 4.19.131-1
-CVE-2020-10766
-	[buster] - linux 4.19.131-1
-CVE-2020-10767
-	[buster] - linux 4.19.131-1
-CVE-2020-10768
-	[buster] - linux 4.19.131-1
-CVE-2020-12655
-	[buster] - linux 4.19.131-1
-CVE-2020-12771
-	[buster] - linux 4.19.131-1
-CVE-2020-13974
-	[buster] - linux 4.19.131-1
-CVE-2020-15393
-	[buster] - linux 4.19.131-1
-CVE-2018-20669
-	[buster] - linux 4.19.131-1
-CVE-2019-20908
-	[buster] - linux 4.19.132-1
-CVE-2019-17566
-	[buster] - batik 1.10-2+deb10u1
-CVE-2015-9542
-	[buster] - libpam-radius-auth 1.4.0-3~deb10u1
-CVE-2018-10756
-	[buster] - transmission 2.94-2+deb10u1
-CVE-2019-14868
-	[buster] - ksh 93u+20120801-3.4+deb10u1
-CVE-2020-11538
-	[buster] - pillow 5.4.1-2+deb10u2
-CVE-2020-10378
-	[buster] - pillow 5.4.1-2+deb10u2
-CVE-2020-10177
-	[buster] - pillow 5.4.1-2+deb10u2
-CVE-2020-1953
-	[buster] - commons-configuration2 2.2-1+deb10u1
-CVE-2019-20907
-	[buster] - python3.7 3.7.3-2+deb10u2
-CVE-2020-14422
-	[buster] - python3.7 3.7.3-2+deb10u2
-CVE-2020-8492
-	[buster] - python3.7 3.7.3-2+deb10u2
 CVE-2019-18277
 	[buster] - haproxy 1.8.19-1+deb10u3
 CVE-2019-14267



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b7961454868705e7e20cbab8b1a377d3c4c61fca...84aa7267202bbf25f41fd69b09fca6eb4d84ebf7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b7961454868705e7e20cbab8b1a377d3c4c61fca...84aa7267202bbf25f41fd69b09fca6eb4d84ebf7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200801/66d2a0fc/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list