[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2021-29457 as no-dsa for Stretch

Wed Apr 21 10:47:00 BST 2021


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
625a4233 by Thorsten Alteholz at 2021-04-21T11:26:45+02:00
mark CVE-2021-29457 as no-dsa for Stretch

- - - - -
aec8fd96 by Thorsten Alteholz at 2021-04-21T11:27:18+02:00
mark CVE-2021-29458 as no-dsa for Stretch

- - - - -
ad3a4529 by Thorsten Alteholz at 2021-04-21T11:28:48+02:00
mark CVE-2021-29338 as no-dsa for Stretch

- - - - -
b342952b by Thorsten Alteholz at 2021-04-21T11:45:40+02:00
mark CVE-2021-1077 as no-dsa in Stretch

- - - - -
51931832 by Thorsten Alteholz at 2021-04-21T11:46:26+02:00
add nvidia-graphics-drivers

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4563,12 +4563,14 @@ CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime servi
 CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed> (bug #987277)
 	[buster] - exiv2 <no-dsa> (Minor issue)
+	[stretch] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5
 	NOTE: https://github.com/Exiv2/exiv2/issues/1530
 	NOTE: https://github.com/Exiv2/exiv2/pull/1536
 CVE-2021-29457 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed> (bug #987277)
 	[buster] - exiv2 <no-dsa> (Minor issue)
+	[stretch] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
 	NOTE: https://github.com/Exiv2/exiv2/issues/1529
 	NOTE: https://github.com/Exiv2/exiv2/pull/1534
@@ -4873,6 +4875,7 @@ CVE-2021-29339
 CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash t ...)
 	- openjpeg2 <unfixed> (bug #987276)
 	[buster] - openjpeg2 <no-dsa> (Minor issue)
+	[stretch] - openjpeg2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1338
 CVE-2021-29337
 	RESERVED
@@ -34624,6 +34627,7 @@ CVE-2021-1077
 	RESERVED
 	- nvidia-graphics-drivers <unfixed> (bug #987216)
 	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+	[stretch] - nvidia-graphics-drivers <no-dsa> (no upstream patch available)
 	- nvidia-graphics-drivers-tesla-450 <unfixed> (bug #987221)
 	- nvidia-graphics-drivers-tesla-460 <unfixed> (bug #987222)
 CVE-2021-1076


=====================================
data/dla-needed.txt
=====================================
@@ -86,6 +86,10 @@ linux-4.19 (Ben Hutchings)
 mediawiki (Abhijith PA)
   NOTE: 20210412: Check ./extensions/SyntaxHighlight_GeSHi/pygments/pygmentize (lamby)
 --
+nvidia-graphics-drivers
+  NOTE: package is in non-free but also in packages-to-support
+  NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077
+--
 opendmarc
   NOTE: 20200719: no patches for remaining CVEs available, everything else is already done in Stretch (thorsten)
   NOTE: 20201217: patch for CVE-2020-12460 has become available (roberto)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b6566bec5f3f0d69be7e4e1e48677cd1877f6de8...51931832329136d56eaf0bd801517f4736ba4537

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b6566bec5f3f0d69be7e4e1e48677cd1877f6de8...51931832329136d56eaf0bd801517f4736ba4537
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210421/a58e9dc7/attachment-0001.htm>
