[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff jmm at debian.org
Fri Dec 18 14:34:53 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f15529d by Moritz Muehlenhoff at 2020-12-18T15:34:27+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40104,6 +40104,7 @@ CVE-2020-14941
 	RESERVED
 CVE-2020-14940 (An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar  ...)
 	- tuxguitar <unfixed> (bug #963626)
+	[bullseye] - tuxguitar <no-dsa> (Minor issue)
 	[buster] - tuxguitar <no-dsa> (Minor issue)
 	[stretch] - tuxguitar <no-dsa> (Minor issue)
 	[jessie] - tuxguitar <no-dsa> (Minor issue)
@@ -40111,6 +40112,7 @@ CVE-2020-14940 (An issue was discovered in io/gpx/GPXDocumentReader.java in TuxG
 	NOTE: https://sourceforge.net/p/tuxguitar/bugs/126/
 CVE-2020-14939 (An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc ...)
 	- freedroidrpg <unfixed> (low; bug #964197)
+	[bullseye] - freedroidrpg <no-dsa> (Minor issue)
 	[buster] - freedroidrpg <no-dsa> (Minor issue)
 	[stretch] - freedroidrpg <no-dsa> (Minor issue)
 	[jessie] - freedroidrpg <end-of-life> (games are not supported)
@@ -40118,6 +40120,7 @@ CVE-2020-14939 (An issue was discovered in savestruct_internal.c in FreedroidRPG
 	NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html
 CVE-2020-14938 (An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes le ...)
 	- freedroidrpg <unfixed> (low; bug #964197)
+	[bullseye] - freedroidrpg <no-dsa> (Minor issue)
 	[buster] - freedroidrpg <no-dsa> (Minor issue)
 	[stretch] - freedroidrpg <no-dsa> (Minor issue)
 	[jessie] - freedroidrpg <end-of-life> (games are not supported)
@@ -117126,7 +117129,7 @@ CVE-2019-7331 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder thr
 	NOTE: https://github.com/ZoneMinder/zoneminder/commit/254b7286b4d2654b95080a175c44195667e42ea8
 	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
 CVE-2019-7330 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
-	- zoneminder <unfixed> (bug #922724)
+	- zoneminder <unfixed> (unimportant; bug #922724)
 	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2448
 	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
 CVE-2019-7329 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
@@ -142909,8 +142912,7 @@ CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of H5
 	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10587
 	NOTE: fix in develop branch: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/7add52ff4f2443357648d53d52add274d1b18b5f
 CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ...)
-	[experimental] - hdf5 1.10.5+repack-1~exp1
-	- hdf5 <unfixed> (low)
+	- hdf5 1.10.6+repack-2 (low)
 	[buster] - hdf5 <no-dsa> (Minor issue)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <ignored> (Minor issue)
@@ -142926,8 +142928,7 @@ CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
 	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10591
 CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of h5repack_ ...)
-	[experimental] - hdf5 1.10.5+repack-1~exp1
-	- hdf5 <unfixed> (low)
+	- hdf5 1.10.6+repack-2 (low)
 	[buster] - hdf5 <no-dsa> (Minor issue)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <ignored> (Minor issue)
@@ -143366,7 +143367,7 @@ CVE-2018-17239
 CVE-2018-17238
 	RESERVED
 CVE-2018-17237 (A SIGFPE signal is raised in the function H5D__chunk_set_info_real() o ...)
-	- hdf5 <unfixed> (low)
+	- hdf5 1.10.6+repack-2 (low)
 	[buster] - hdf5 <no-dsa> (Minor issue)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <ignored> (Minor issue)
@@ -143385,7 +143386,7 @@ CVE-2018-17235 (The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp
 	[jessie] - mp4v2 <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629451
 CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in  ...)
-	- hdf5 <unfixed> (low)
+	- hdf5 1.10.6+repack-2 (low)
 	[buster] - hdf5 <no-dsa> (Minor issue)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <ignored> (Minor issue)
@@ -143394,8 +143395,7 @@ CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache
 	NOTE: does not appear in 1.10.5 release notes, but fixed in
 	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/f4138013dbc6851e968ea3d37b32776538ef306b
 CVE-2018-17233 (A SIGFPE signal is raised in the function H5D__create_chunk_file_map_h ...)
-	[experimental] - hdf5 1.10.5+repack-1~exp1
-	- hdf5 <unfixed> (low)
+	- hdf5 1.10.6+repack-2 (low)
 	[buster] - hdf5 <no-dsa> (Minor issue)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <ignored> (Minor issue)
@@ -179894,6 +179894,7 @@ CVE-2018-3980 (An exploitable out-of-bounds write exists in the TIFF-parsing fun
 	NOT-FOR-US: Canvas Draw
 CVE-2018-3979 (A remote denial-of-service vulnerability exists in the way the Nouveau ...)
 	- xserver-xorg-video-nouveau <unfixed> (low)
+	[bullseye] - xserver-xorg-video-nouveau <ignored> (Minor issue)
 	[buster] - xserver-xorg-video-nouveau <ignored> (Minor issue)
 	[stretch] - xserver-xorg-video-nouveau <ignored> (Minor issue)
 	[jessie] - xserver-xorg-video-nouveau <ignored> (Minor issue)
@@ -268858,6 +268859,7 @@ CVE-2016-1586 (A malicious webview could install long-lived unload handlers that
 	NOT-FOR-US: Oxide
 CVE-2016-1585 (In all versions of AppArmor mount rules are accidentally widened when  ...)
 	- apparmor <unfixed> (low; bug #929990)
+	[bullseye] - apparmor <ignored> (Minor overall security impact)
 	[buster] - apparmor <ignored> (Minor overall security impact)
 	[stretch] - apparmor <ignored> (Minor overall security impact)
 	[jessie] - apparmor <ignored> (Minor overall security impact)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f15529de3fd697d6621757adc74f0193dd93a0e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f15529de3fd697d6621757adc74f0193dd93a0e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201218/9a9dfd41/attachment.html>

More information about the debian-security-tracker-commits mailing list