[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Aug 3 16:06:47 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a9276499 by Moritz Muehlenhoff at 2021-08-03T17:06:32+02:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -383,7 +383,9 @@ CVE-2021-37747
 	RESERVED
 CVE-2021-37746 (textview_uri_security_check in textview.c in Claws Mail before 3.18.0, ...)
 	- claws-mail <unfixed> (bug #991722)
+	[buster] - claws-mail <no-dsa> (Minor issue)
 	- sylpheed <unfixed> (bug #991723)
+	[buster] - sylpheed <no-dsa> (Minor issue)
 	NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=ac286a71ed78429e16c612161251b9ea90ccd431
 CVE-2021-3672
 	RESERVED
@@ -1098,6 +1100,7 @@ CVE-2021-23183
 	RESERVED
 CVE-2021-37601 (muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers t ...)
 	- prosody 0.11.9-2
+	[buster] - prosody <no-dsa> (Minor issue)
 	NOTE: https://prosody.im/security/advisory_20210722/
 CVE-2021-37404
 	RESERVED
@@ -2473,19 +2476,25 @@ CVE-2020-36427 (GNOME gThumb before 3.10.1 allows an application crash via a mal
 	NOTE: Crash in CLI tool, no security impact
 CVE-2020-36426 (An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_cr ...)
 	- mbedtls 2.16.9-0.1
+	[buster] - mbedtls <no-dsa> (Minor issue)
 CVE-2020-36425 (An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly  ...)
 	- mbedtls 2.16.9-0.1
+	[buster] - mbedtls <no-dsa> (Minor issue)
 	NOTE: https://github.com/ARMmbed/mbedtls/issues/3340
 	NOTE: https://github.com/ARMmbed/mbedtls/pull/3433
 CVE-2020-36424 (An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can ...)
 	- mbedtls 2.16.9-0.1
+	[buster] - mbedtls <no-dsa> (Minor issue)
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2
 CVE-2020-36423 (An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attack ...)
 	- mbedtls 2.16.9-0.1
+	[buster] - mbedtls <no-dsa> (Minor issue)
 CVE-2020-36422 (An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel  ...)
 	- mbedtls 2.16.9-0.1
+	[buster] - mbedtls <no-dsa> (Minor issue)
 CVE-2020-36421 (An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a si ...)
 	- mbedtls 2.16.9-0.1
+	[buster] - mbedtls <no-dsa> (Minor issue)
 	NOTE: https://github.com/ARMmbed/mbedtls/issues/3394
 CVE-2021-36774
 	RESERVED
@@ -2505,6 +2514,7 @@ CVE-2021-36770
 CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android, Telegr ...)
 	[experimental] - telegram-desktop 2.9.0+ds-1
 	- telegram-desktop <unfixed> (bug #991493)
+	[buster] - telegram-desktop <no-dsa> (Minor issue)
 	NOTE: https://mtpsym.github.io/
 CVE-2021-36768
 	RESERVED
@@ -11608,11 +11618,13 @@ CVE-2021-32793
 	RESERVED
 CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
 	- libapache2-mod-auth-openidc 2.4.9-1 (bug #991580)
+	[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751 (v2.4.9)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56 (v2.4.9)
 CVE-2021-32791 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
 	- libapache2-mod-auth-openidc 2.4.9-1 (bug #991581)
+	[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c (v2.4.9)
 CVE-2021-32790 (Woocommerce is an open source eCommerce plugin for WordPress. An SQL i ...)
@@ -11625,10 +11637,12 @@ CVE-2021-32787 (Sourcegraph is a code search and navigation engine. Sourcegraph
 	TODO: check
 CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
 	- libapache2-mod-auth-openidc 2.4.9-1 (bug #991582)
+	[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/3a115484eb927bc6daa5737dd84f88ff4bbc5544 (v2.4.9)
 CVE-2021-32785 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
 	- libapache2-mod-auth-openidc 2.4.9-1 (bug #991583)
+	[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449 (v2.4.9)
 CVE-2021-32784


=====================================
data/dsa-needed.txt
=====================================
@@ -15,6 +15,8 @@ If needed, specify the release by adding a slash after the name of the source pa
 ansible (jmm)
   Maintainer prepared an update for review
 --
+asterisk
+--
 bluez (carnil)
 --
 condor



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a92764994c5d257d6bc11315835e960b30c8aac9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a92764994c5d257d6bc11315835e960b30c8aac9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210803/a324b62f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list