[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Aug 8 18:59:50 BST 2021



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
85dd0c17 by Moritz Muehlenhoff at 2021-08-08T19:59:10+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -162,6 +162,8 @@ CVE-2021-38156
 	RESERVED
 CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1 ...)
 	- keystone <unfixed>
+	[bullseye] - keystone <no-dsa> (Minor issue)
+	[buster] - keystone <no-dsa> (Minor issue)
 	[stretch] - keystone <end-of-life> (Keystone not supported in stretch)
 	NOTE: https://launchpad.net/bugs/1688137
 CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, whic ...)
@@ -336,6 +338,8 @@ CVE-2021-38085
 	RESERVED
 CVE-2021-38084 (An issue was discovered in the POP3 component of Courier Mail Server b ...)
 	- courier <unfixed> (bug #989375)
+	[bullseye] - courier <no-dsa> (Minor issue)
+	[buster] - courier <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583
 	NOTE: https://sourceforge.net/p/courier/mailman/message/37329216/
 	NOTE: https://sourceforge.net/p/courier/courier-libs.git/ci/97ed62b17a2616c758d09105b5a14dd1038cff6f/ (1.1.5)
@@ -2667,6 +2671,8 @@ CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions before
 CVE-2021-3654 [novnc allows open redirection]
 	RESERVED
 	- nova <unfixed> (bug #991441)
+	[bullseye] - nova <no-dsa> (Minor issue)
+	[buster] - nova <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/nova/+bug/1927677
 CVE-2021-26263
 	RESERVED
@@ -3182,6 +3188,7 @@ CVE-2021-36774
 	RESERVED
 CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...)
 	- ublock-origin <unfixed> (bug #991386)
+	[bullseye] - ublock-origin <no-dsa> (Minor issue)
 	[buster] - ublock-origin <no-dsa> (Minor issue)
 	[stretch] - ublock-origin <no-dsa> (Minor issue)
 	- umatrix <unfixed> (bug #991344)
@@ -3196,6 +3203,7 @@ CVE-2021-36770
 CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android, Telegr ...)
 	[experimental] - telegram-desktop 2.9.0+ds-1
 	- telegram-desktop <unfixed> (bug #991493)
+	[bullseye] - telegram-desktop <no-dsa> (Minor issue)
 	[buster] - telegram-desktop <no-dsa> (Minor issue)
 	NOTE: https://mtpsym.github.io/
 CVE-2021-36768
@@ -4390,7 +4398,9 @@ CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center
 CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that c ...)
 	- golang-1.16 1.16.7-1
 	- golang-1.15 <unfixed> (bug #991961)
+	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
 	- golang-1.11 <removed>
+	[buster] - golang-1.11 <no-dsa> (Minor issue)
 	- golang-1.8 <removed>
 	- golang-1.7 <removed>
 	NOTE: https://github.com/golang/go/issues/46866
@@ -6416,6 +6426,8 @@ CVE-2021-35369
 CVE-2021-35368 [CRS Request Body Bypass]
 	RESERVED
 	- modsecurity-crs <unfixed> (bug #992000)
+	[bullseye] - modsecurity-crs <no-dsa> (Minor issue)
+	[buster] - modsecurity-crs <no-dsa> (Minor issue)
 	NOTE: https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/
 CVE-2021-35367
 	RESERVED
@@ -8857,6 +8869,8 @@ CVE-2021-3584
 CVE-2021-3583 [Template Injection through yaml multi-line strings with ansible facts used in template]
 	RESERVED
 	- ansible <unfixed>
+	[bullseye] - ansible <no-dsa> (Minor issue)
+	[buster] - ansible <no-dsa> (Minor issue)
 	- ansible-base <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968412
 	NOTE: https://github.com/ansible/ansible/commit/4c8c40fd3d4a58defdc80e7d22aa8d26b731353e.patch
@@ -12799,6 +12813,8 @@ CVE-2021-32610 (In Archive_Tar before 1.4.14, symlinks can refer to targets outs
 	{DLA-2721-1}
 	- drupal7 <removed>
 	- php-pear <unfixed> (bug #991541)
+	[bullseye] - php-pear <no-dsa> (Minor issue)
+	[buster] - php-pear <no-dsa> (Minor issue)
 	NOTE: https://www.drupal.org/sa-core-2021-004
 	NOTE: https://pear.php.net/package/Archive_Tar/download/1.4.14/
 	NOTE: https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f61ca26bf7d4 (1.4.14)
@@ -12913,6 +12929,7 @@ CVE-2021-32575 (HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296
 CVE-2021-32574 (HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy prox ...)
 	- consul <unfixed> (bug #991719)
+	[bullseye] - consul <no-dsa> (Minor issue)
 	[buster] - consul <not-affected> (Only affects 1.3.0 and later)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856
 	NOTE: https://github.com/hashicorp/consul/pull/10619
@@ -19759,6 +19776,8 @@ CVE-2021-29923 (Go before 1.17 does not properly consider extraneous zero charac
 	TODO: check
 CVE-2021-29922 (library/std/src/net/parser.rs in Rust before 1.53.0 does not properly  ...)
 	- rustc <unfixed>
+	[bullseye] - rustc <no-dsa> (Minor issue)
+	[buster] - rustc <no-dsa> (Minor issue)
 	NOTE: https://github.com/rust-lang/rust/issues/83648
 	NOTE: https://github.com/rust-lang/rust/pull/83652
 	NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-015.md
@@ -63064,30 +63083,44 @@ CVE-2020-24828
 	RESERVED
 CVE-2020-24827 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...)
 	- libelfin <unfixed>
+	[bullseye] - libelfin <no-dsa> (Minor issue)
+	[buster] - libelfin <no-dsa> (Minor issue)
 	NOTE: https://github.com/aclements/libelfin/issues/47
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc181
 CVE-2020-24826 (A vulnerability in the elf::section::as_strtab function of Libelfin v0 ...)
 	- libelfin <unfixed>
+	[bullseye] - libelfin <no-dsa> (Minor issue)
+	[buster] - libelfin <no-dsa> (Minor issue)
 	NOTE: https://github.com/aclements/libelfin/issues/49
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-elfsectionas_strtab-at-elfelfcc284
 CVE-2020-24825 (A vulnerability in the line_table::line_table function of Libelfin v0. ...)
 	- libelfin <unfixed>
+	[bullseye] - libelfin <no-dsa> (Minor issue)
+	[buster] - libelfin <no-dsa> (Minor issue)
 	NOTE: https://github.com/aclements/libelfin/issues/46
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-line_tableline_table-at-dwarflinecc104
 CVE-2020-24824 (A global buffer overflow issue in the dwarf::line_table::line_table fu ...)
 	- libelfin <unfixed>
+	[bullseye] - libelfin <no-dsa> (Minor issue)
+	[buster] - libelfin <no-dsa> (Minor issue)
 	NOTE: https://github.com/aclements/libelfin/issues/48
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#global-buffer-overflow-in-function-dwarfline_tableline_table-at-dwarflinecc107
 CVE-2020-24823 (A vulnerability in the dwarf::to_string function of Libelfin v0.3 allo ...)
 	- libelfin <unfixed>
+	[bullseye] - libelfin <no-dsa> (Minor issue)
+	[buster] - libelfin <no-dsa> (Minor issue)
 	NOTE: https://github.com/aclements/libelfin/issues/51
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfto_string-at-dwarfvaluecc300
 CVE-2020-24822 (A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 a ...)
 	- libelfin <unfixed>
+	[bullseye] - libelfin <no-dsa> (Minor issue)
+	[buster] - libelfin <no-dsa> (Minor issue)
 	NOTE: https://github.com/aclements/libelfin/issues/50
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursoruleb128-at-dwarfinternalhh154
 CVE-2020-24821 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...)
 	- libelfin <unfixed>
+	[bullseye] - libelfin <no-dsa> (Minor issue)
+	[buster] - libelfin <no-dsa> (Minor issue)
 	NOTE: https://github.com/aclements/libelfin/issues/52
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc191
 CVE-2020-24820



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85dd0c17f71aeeb150c7a887edf88f748ccef057

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85dd0c17f71aeeb150c7a887edf88f748ccef057
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210808/db6126c2/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list