[Git][security-tracker-team/security-tracker][master] nim fixed in sid (was apparently meant to target experimental, though)

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
12d7286f by Moritz Mühlenhoff at 2021-04-20T20:50:32+02:00
nim fixed in sid (was apparently meant to target experimental, though)
various bugs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2149,13 +2149,13 @@ CVE-2021-30500
 	NOTE: https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc
 CVE-2021-30499
 	RESERVED
-	- libcaca <unfixed>
+	- libcaca <unfixed> (bug #987278)
 	[buster] - libcaca <no-dsa> (Minor issue)
 	[stretch] - libcaca <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/cacalabs/libcaca/issues/54
 CVE-2021-30498
 	RESERVED
-	- libcaca <unfixed>
+	- libcaca <unfixed> (bug #987278)
 	[buster] - libcaca <no-dsa> (Minor issue)
 	[stretch] - libcaca <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/cacalabs/libcaca/issues/53
@@ -4519,12 +4519,14 @@ CVE-2021-29460
 CVE-2021-29459
 	RESERVED
 CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
-	- exiv2 <unfixed>
+	- exiv2 <unfixed> (bug #987277)
+	[buster] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5
 	NOTE: https://github.com/Exiv2/exiv2/issues/1530
 	NOTE: https://github.com/Exiv2/exiv2/pull/1536
 CVE-2021-29457 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
-	- exiv2 <unfixed>
+	- exiv2 <unfixed> (bug #987277)
+	[buster] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
 	NOTE: https://github.com/Exiv2/exiv2/issues/1529
 	NOTE: https://github.com/Exiv2/exiv2/pull/1534
@@ -4826,7 +4828,7 @@ CVE-2021-29340
 CVE-2021-29339
 	RESERVED
 CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash t ...)
-	- openjpeg2 <unfixed>
+	- openjpeg2 <unfixed> (bug #987276)
 	[buster] - openjpeg2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1338
 CVE-2021-29337
@@ -7118,7 +7120,7 @@ CVE-2021-28307 (An issue was discovered in the fltk crate before 0.15.3 for Rust
 CVE-2021-28306 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
 	NOT-FOR-US: Rust craste fltk
 CVE-2021-28305 (An issue was discovered in the diesel crate before 1.4.6 for Rust. The ...)
-	- rust-diesel <unfixed>
+	- rust-diesel <unfixed> (bug #987275)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0037.html
 CVE-2021-28304
 	RESERVED
@@ -19753,7 +19755,7 @@ CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5,
 	NOTE: https://github.com/rails/rails/commit/eddda4d8fb6b6508e11196b14494ceac37b57339 (main)
 	NOTE: https://github.com/rails/rails/commit/879d02107b5b3eb7aeaad1cd1f259bb41f17286b (v6.0.3.5)
 CVE-2021-22879 (Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource inje ...)
-	- nextcloud-desktop <unfixed>
+	- nextcloud-desktop <unfixed> (bug #987274)
 	[buster] - nextcloud-desktop <no-dsa> (Minor issue)
 	NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2021-008
 	NOTE: https://github.com/nextcloud/desktop/pull/2906
@@ -22162,7 +22164,7 @@ CVE-2021-21785
 CVE-2021-21784 (An out-of-bounds write vulnerability exists in the JPG format SOF mark ...)
 	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing plugin func ...)
-	- gsoap <unfixed>
+	- gsoap <unfixed> (bug #987273)
 	[buster] - gsoap <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245
 CVE-2021-21782 (An out-of-bounds write vulnerability exists in the SGI format buffer s ...)
@@ -24270,17 +24272,17 @@ CVE-2021-21375 (PJSIP is a free and open source multimedia communication library
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
 	NOTE: https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365
 CVE-2021-21374 (Nimble is a package manager for the Nim programming language. In Nim r ...)
-	- nim <unfixed>
+	- nim 1.4.6-1 (bug #987272)
 	[buster] - nim <no-dsa> (Minor issue)
 	[stretch] - nim <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
 CVE-2021-21373 (Nimble is a package manager for the Nim programming language. In Nim r ...)
-	- nim <unfixed>
+	- nim 1.4.6-1 (bug #987272)
 	[buster] - nim <no-dsa> (Minor issue)
 	[stretch] - nim <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
 CVE-2021-21372 (Nimble is a package manager for the Nim programming language. In Nim r ...)
-	- nim <unfixed>
+	- nim 1.4.6-1 (bug #987272)
 	[buster] - nim <no-dsa> (Minor issue)
 	[stretch] - nim <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12d7286f1f101e0db3666fa358270b43deb2b378

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12d7286f1f101e0db3666fa358270b43deb2b378
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210420/c361fb59/attachment.htm>