[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff jmm at debian.org
Thu Apr 29 19:58:34 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
20150aa9 by Moritz Muehlenhoff at 2021-04-29T20:58:04+02:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3875,6 +3875,7 @@ CVE-2021-30152 (An issue was discovered in MediaWiki before 1.31.13 and 1.32.x t
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
 CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...)
 	- ruby-sidekiq <unfixed> (bug #987354)
+	[buster] - ruby-sidekiq <no-dsa> (Minor issue)
 	[stretch] - ruby-sidekiq <no-dsa> (Minor issue)
 	NOTE: https://github.com/mperham/sidekiq/issues/4852
 	NOTE: https://github.com/mperham/sidekiq/commit/64f70339d1dcf50a55c00d36bfdb61d97ec63ed8
@@ -22241,6 +22242,7 @@ CVE-2021-22208
 	RESERVED
 CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to ...)
 	- wireshark <unfixed>
+	[buster] - wireshark <postponed> (Minor issue, can be fixed along in future update)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17331
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-04.html
 CVE-2021-22206
@@ -28214,6 +28216,7 @@ CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was fou
 CVE-2021-20254 [Negative idmap cache entries can cause incorrect group entries in the Samba file server process token]
 	RESERVED
 	- samba <unfixed>
+	[buster] - samba <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2021-20254.html
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14571
 	NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=75ad84167f5d2379557ec078d17c9a1c244402fc (master)
@@ -75319,6 +75322,7 @@ CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter exposes
 	NOT-FOR-US: TestLink
 CVE-2020-12272 (OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentic ...)
 	- opendmarc <unfixed> (bug #977767)
+	[buster] - opendmarc <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/opendmarc/tickets/237/
 	NOTE: https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
 CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 bef ...)
@@ -165738,6 +165742,7 @@ CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT fra
 	- activemq 5.15.9-1 (bug #925964; unimportant)
 	[jessie] - activemq <not-affected> (MQTT support not enabled)
 	- mqtt-client 1.16-1
+	[buster] - mqtt-client <no-dsa> (Minor issue)
 	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
 	NOTE: activemq disabled MQTT transport in 5.6.0+dfsg-1 (d/patches/exclude_mqtt.diff)
 	NOTE: but enabled activemq-mqtt in 5.13.2+dfsg-2 using the external mqtt-client.


=====================================
data/dsa-needed.txt
=====================================
@@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source package.
 
+--
+bind9
 --
 chromium
 --
@@ -31,6 +33,8 @@ jetty9
 --
 python-pysaml2 (jmm)
 --
+ruby-rack-cors
+--
 salt
 --
 webkit2gtk



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20150aa975529f242089acc1dfba998506eb59b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20150aa975529f242089acc1dfba998506eb59b9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210429/0a66a6dc/attachment.htm>

More information about the debian-security-tracker-commits mailing list