[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff jmm at debian.org
Mon Apr 5 20:36:46 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27ddacb3 by Moritz Mühlenhoff at 2021-04-05T21:36:26+02:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -372,7 +372,9 @@ CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a
 CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file]
 	RESERVED
 	- qtsvg-opensource-src <unfixed>
+	[buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
 	- qt4-x11 <removed>
+	[buster] - qt4-x11 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1931444
 	NOTE: https://bugreports.qt.io/browse/QTBUG-91507
 	NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=bfd6ee0d8cf34b63d32adf10ed93daa0086b359f (qt/qtsvg/dev)
@@ -1631,7 +1633,9 @@ CVE-2021-29377
 CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a denial of ser ...)
 	- ircii-pana <removed>
 	- ircii <unfixed> (bug #986214)
+	[buster] - ircii <no-dsa> (Minor issue)
 	- scrollz <unfixed> (bug #986215)
+	[buster] - scrollz <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/2
 CVE-2021-29375
 	RESERVED
@@ -4929,6 +4933,7 @@ CVE-2021-27928 (A remote code execution issue was discovered in MariaDB 10.2 bef
 	NOTE: Fixed in MariaDB: 10.5.9, 10.4.18, 10.3.28, 10.2.27
 CVE-2021-27927 (In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5 ...)
 	- zabbix 1:5.0.8+dfsg-1
+	[buster] - zabbix <no-dsa> (Minor issue)
 	[stretch] - zabbix <no-dsa> (minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-18942
 CVE-2021-27926
@@ -35596,6 +35601,7 @@ CVE-2020-27639 (The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP
 	NOT-FOR-US: Mitel
 CVE-2020-27637 (The R programming language’s default package manager CRAN is aff ...)
 	- r-base 4.0.3-1
+	[buster] - r-base <no-dsa> (Minor issue)
 	[stretch] - r-base <no-dsa> (Minor issue)
 	NOTE: https://labs.bishopfox.com/advisories/cran-version-4.0.2
 	TODO: check details


=====================================
data/dsa-needed.txt
=====================================
@@ -32,6 +32,8 @@ python-bleach
 --
 python-pysaml2 (jmm)
 --
+ruby-kramdown (jmm)
+--
 salt
 --
 tomcat9



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27ddacb39affc4cf62ba8f71a310d8e7f492060e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27ddacb39affc4cf62ba8f71a310d8e7f492060e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210405/19867e35/attachment.htm>

More information about the debian-security-tracker-commits mailing list