[Git][security-tracker-team/security-tracker][master] bullseye triage

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
33085bc6 by Moritz Muehlenhoff at 2020-12-14T15:35:35+01:00
bullseye triage
remove arc entry entirely, crash in CLI tool w/o security impact

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -90631,6 +90631,7 @@ CVE-2019-14855 (A flaw was found in the way certificate signatures could be forg
 	[stretch] - gnupg2 <no-dsa> (Minor issue)
 	[jessie] - gnupg2 <ignored> (No backport to version << 2.2.x, low impact, danger of breaking things)
 	- gnupg1 <unfixed> (low)
+	[bullseye] - gnupg1 <ignored> (Minor issue)
 	[buster] - gnupg1 <ignored> (Minor issue)
 	[stretch] - gnupg1 <no-dsa> (Minor issue)
 	- gnupg <removed> (low)
@@ -106236,6 +106237,7 @@ CVE-2019-9905
 	RESERVED
 CVE-2019-9904 (An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2. ...)
 	- graphviz <unfixed> (low; bug #925284)
+	[bullseye] - graphviz <ignored> (Minor issue)
 	[buster] - graphviz <ignored> (Minor issue)
 	[stretch] - graphviz <no-dsa> (Minor issue)
 	[jessie] - graphviz <no-dsa> (Minor issue)
@@ -114163,7 +114165,7 @@ CVE-2019-7350 (Session fixation exists in ZoneMinder through 1.32.3, as an attac
 	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2471
 	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
 CVE-2019-7349 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
-	- zoneminder 1.34.6-1 (bug #922724)
+	- zoneminder 1.34.6-1 (unimportant; bug #922724)
 	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2465
 	NOTE: https://github.com/ZoneMinder/zoneminder/commit/cef54feaf9bf1374f0404bf525cdd322300882b5
 	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
@@ -262023,6 +262025,7 @@ CVE-2016-2782 (The treo_attach function in drivers/usb/serial/visor.c in the Lin
 	NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0 (v4.5-rc2)
 CVE-2016-2781 (chroot in GNU coreutils, when used with --userspec, allows local users ...)
 	- coreutils <unfixed> (low; bug #816320)
+	[bullseye] - coreutils <ignored> (Minor issue)
 	[buster] - coreutils <ignored> (Minor issue)
 	[stretch] - coreutils <ignored> (Minor issue)
 	[jessie] - coreutils <ignored> (Minor issue)
@@ -295272,13 +295275,6 @@ CVE-2015-XXXX [Zoo directory traversal]
 	[wheezy] - zoo <no-dsa> (Minor issue)
 	[squeeze] - zoo <no-dsa> (Minor issue)
 	NOTE: CVE Request: https://marc.info/?l=oss-security&m=142024361327375&w=2
-CVE-2015-XXXX [buffer over-read]
-	- arc <unfixed> (low; bug #774439)
-	[buster] - arc <ignored> (Minor issue)
-	[stretch] - arc <ignored> (Minor issue)
-	[jessie] - arc <ignored> (Minor issue)
-	[wheezy] - arc <no-dsa> (Minor issue)
-	[squeeze] - arc <no-dsa> (Minor issue)
 CVE-2015-0557 (Open-source ARJ archiver 3.10.22 does not properly remove leading slas ...)
 	{DSA-3213-1 DLA-188-1}
 	- arj 3.10.22-13 (low; bug #774435)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33085bc6d2ec85c46d8f90cc669bdc274bd9798f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33085bc6d2ec85c46d8f90cc669bdc274bd9798f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201214/55c1a0b9/attachment.html>