[Git][security-tracker-team/security-tracker][master] new golang-github-containers-image issue

Moritz Muehlenhoff jmm at debian.org
Wed Apr 7 07:41:16 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90a6a3a7 by Moritz Muehlenhoff at 2021-04-07T08:40:52+02:00
new golang-github-containers-image issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2649,8 +2649,10 @@ CVE-2021-28976
 	RESERVED
 CVE-2021-3457
 	RESERVED
+	- foreman <itp> (bug #663101)
 CVE-2021-3456
 	RESERVED
+	- foreman <itp> (bug #663101)
 CVE-2021-28975
 	RESERVED
 CVE-2021-28974
@@ -23774,6 +23776,7 @@ CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in li
 	NOTE: https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/
 CVE-2021-20306
 	RESERVED
+	NOT-FOR-US: Red Hat Business Central
 CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where several Net ...)
 	- nettle 3.7.2-1 (bug #985652)
 	[buster] - nettle <no-dsa> (Minor issue)
@@ -23840,9 +23843,12 @@ CVE-2021-20292 [RM Memory Management Double Free Privilege Escalation Vulnerabil
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939686
 	NOTE: https://git.kernel.org/linus/5de5b6ecf97a021f29403aa272cb4e03318ef586
 CVE-2021-20291 (A deadlock vulnerability was found in 'github.com/containers/storage'  ...)
-	TODO: check
+	- golang-github-containers-image <unfixed>
+	NOTE: https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1
+	TODO: check golang-github-containers-buildah, docker.io, golang-github-containers-storage
 CVE-2021-20290
 	RESERVED
+	- foreman <itp> (bug #663101)
 CVE-2021-20289 (A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.F ...)
 	NOT-FOR-US: Keycloak
 CVE-2021-20288



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90a6a3a7e687dd74945604de34fe8c937089a16e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90a6a3a7e687dd74945604de34fe8c937089a16e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210407/a999bf48/attachment.htm>

More information about the debian-security-tracker-commits mailing list