[Git][security-tracker-team/security-tracker][master] 6 commits: take openssl

Thorsten Alteholz (@alteholz) alteholz at debian.org
Wed Aug 25 12:19:04 BST 2021 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0f9d0529 by Thorsten Alteholz at 2021-08-25T12:42:28+02:00
take openssl

- - - - -
a4eb23c0 by Thorsten Alteholz at 2021-08-25T12:53:01+02:00
mark CVE-2021-28216 as no-dsa for Stretch

- - - - -
ad38966b by Thorsten Alteholz at 2021-08-25T12:59:06+02:00
mark CVE-2021-39361 as postponed for Stretch

- - - - -
cf40aa42 by Thorsten Alteholz at 2021-08-25T13:06:24+02:00
mark CVE-2021-39358 as postponed for Stretch

- - - - -
eb335917 by Thorsten Alteholz at 2021-08-25T13:16:37+02:00
take grilo

- - - - -
15230978 by Thorsten Alteholz at 2021-08-25T13:18:35+02:00
mark CVE-2021-39359 as postponed for Stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1523,6 +1523,7 @@ CVE-2021-39362 (An XSS issue was discovered in ReCaptcha Solver 5.7. A response
 	TODO: check
 CVE-2021-39361 (In GNOME evolution-rss through 0.3.96, network-soup.c does not enable  ...)
 	- evolution-rss <unfixed>
+	[stretch] - evolution-rss <postponed> (Minor issue, revisit when/if fixed upstream)
 	NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
 	NOTE: https://gitlab.gnome.org/GNOME/evolution-rss/-/issues/11
 CVE-2021-39360 (In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS  ...)
@@ -1531,10 +1532,12 @@ CVE-2021-39360 (In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enabl
 	NOTE: https://gitlab.gnome.org/GNOME/libzapojit/-/issues/4
 CVE-2021-39359 (In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS  ...)
 	- libgda5 <unfixed>
+	[stretch] - libgda5 <postponed> (Minor issue, revisit when/if fixed upstream)
 	NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
 	NOTE: https://gitlab.gnome.org/GNOME/libgda/-/issues/249
 CVE-2021-39358 (In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable T ...)
 	- gfbgraph <unfixed>
+	[stretch] - gfbgraph <postponed> (Minor issue, revisit when/if fixed upstream)
 	NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
 	NOTE: https://gitlab.gnome.org/GNOME/libgfbgraph/-/issues/17
 CVE-2021-3731 (LedgerSMB does not sufficiently guard against being wrapped by other s ...)
@@ -28195,6 +28198,7 @@ CVE-2021-3436
 	RESERVED
 CVE-2021-28216 (BootPerformanceTable pointer is read from an NVRAM variable in PEI. Re ...)
 	- edk2 <unfixed>
+	[stretch] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2957
 CVE-2021-28215
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -32,6 +32,9 @@ firmware-nonfree (Anton Gladky)
 gpac (Thorsten Alteholz)
   NOTE: 20210815: WIP, almost done, still testing package
 --
+grilo (Thorsten Alteholz)
+  NOTE: 20210825: ssl-use-system-ca-file is used in libsoup2.4 since version 2.38
+--
 krb5 (Adrian Bunk)
 --
 linux (Ben Hutchings)
@@ -52,6 +55,8 @@ nvidia-graphics-drivers
   NOTE: package is in non-free but also in packages-to-support
   NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077
 --
+openssl (Thorsten Alteholz)
+--
 pjproject (Abhijith PA)
   NOTE: 20210804: Check notes on CVE (especially re. src:ring). (lamby)
   NOTE: 20210821: Fix backported (abhijith)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6f0fde7b25c0f0daf90f44fc725b840fd952e3b5...15230978221afae36e4eb0fee9055b4533eeea96

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6f0fde7b25c0f0daf90f44fc725b840fd952e3b5...15230978221afae36e4eb0fee9055b4533eeea96
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210825/db3d54a0/attachment.htm>

More information about the debian-security-tracker-commits mailing list