[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2021-22939 as eol for Stretch

Thorsten Alteholz (@alteholz) alteholz at debian.org
Mon Aug 23 15:06:59 BST 2021 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b00edb24 by Thorsten Alteholz at 2021-08-23T16:06:40+02:00
mark CVE-2021-22939 as eol for Stretch

- - - - -
4a3e5304 by Thorsten Alteholz at 2021-08-23T16:06:41+02:00
mark CVE-2020-18897 as no-dsa for Stretch

- - - - -
2d3599e8 by Thorsten Alteholz at 2021-08-23T16:06:42+02:00
mark CVE-2020-21675 as no-dsa for Stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39696,6 +39696,7 @@ CVE-2021-22940 (Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a u
 CVE-2021-22939 (If the Node.js https API was used incorrectly and "undefined" was in p ...)
 	- nodejs 12.22.5~dfsg-1
 	[bullseye] - nodejs 12.22.5~dfsg-2~11u1
+	[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
 	NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#incomplete-validation-of-rejectunauthorized-parameter-low-cve-2021-22939
 CVE-2021-22938 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
 	NOT-FOR-US: Pulse Connect Secure
@@ -73342,6 +73343,7 @@ CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component i
 CVE-2020-21675 (A stack-based buffer overflow in the genptk_text component in genptk.c ...)
 	- fig2dev 1:3.2.7b-3
 	[buster] - fig2dev 1:3.2.7a-5+deb10u3
+	[stretch] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/78/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8)
@@ -78997,6 +78999,7 @@ CVE-2020-18898 (A stack exhaustion issue in the printIFDStructure function of Ex
 	NOTE: Negligible security impact, issue in debugging only function
 CVE-2020-18897 (An use-after-free vulnerability in the libpff_item_tree_create_node fu ...)
 	- libpff 20180714-1
+	[stretch] - libpff <no-dsa> (Minor issue)
 	NOTE: https://github.com/libyal/libpff/issues/61
 	NOTE: https://github.com/libyal/libpff/issues/62
 	NOTE: https://github.com/libyal/libpff/commit/effae88adfc9def45be0bb7ff27d20ce133d8c7c



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fab4f11d4fd80a6b3209725d385a9f3c8297f953...2d3599e833774a5d86c0802b05716e8489e29379

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fab4f11d4fd80a6b3209725d385a9f3c8297f953...2d3599e833774a5d86c0802b05716e8489e29379
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210823/c6d759cc/attachment.htm>

More information about the debian-security-tracker-commits mailing list