[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2021-38370 as postponed for Stretch

Thu Aug 26 18:32:03 BST 2021


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7367d11b by Thorsten Alteholz at 2021-08-26T19:31:38+02:00
mark CVE-2021-38370 as postponed for Stretch

- - - - -
ecfa33e8 by Thorsten Alteholz at 2021-08-26T19:31:39+02:00
mark CVE-2021-37845 and CVE-2020-29547 as postponed for Stretch

- - - - -
4d03af80 by Thorsten Alteholz at 2021-08-26T19:31:41+02:00
mark CVE-2021-38371 as postponed for Stretch

- - - - -
7fc9d58d by Thorsten Alteholz at 2021-08-26T19:31:42+02:00
mark CVE-2021-39360 as postponed for Stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1607,6 +1607,7 @@ CVE-2021-39361 (In GNOME evolution-rss through 0.3.96, network-soup.c does not e
 	NOTE: https://gitlab.gnome.org/GNOME/evolution-rss/-/issues/11
 CVE-2021-39360 (In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS  ...)
 	- libzapojit <unfixed>
+	[stretch] - libzapojit <postponed> (Minor issue, revisit when/if fixed upstream)
 	NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
 	NOTE: https://gitlab.gnome.org/GNOME/libzapojit/-/issues/4
 CVE-2021-39359 (In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS  ...)
@@ -3805,10 +3806,12 @@ CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle attackers can create new f
 	- trojita <itp> (bug #795701)
 CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response injection  ...)
 	- exim4 <unfixed> (bug #992172)
+	[stretch] - exim4 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://nostarttls.secvuln.info
 	NOTE: https://www.exim.org/static/doc/security/CVE-2021-38371.txt
 CVE-2021-38370 (In Alpine through 2.24, untagged responses from an IMAP server are acc ...)
 	- alpine <unfixed> (bug #992171)
+	[stretch] - alpine <postponed> (Minor issue, revisit when/if fixed upstream)
 	NOTE: https://nostarttls.secvuln.info
 CVE-2021-38369
 	RESERVED
@@ -5061,6 +5064,7 @@ CVE-2021-37846
 CVE-2021-37845
 	RESERVED
 	- citadel <unfixed>
+	[stretch] - citadel <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://uncensored.citadel.org/readfwd?go=Citadel Security?view=0?start_reading_at=2099264259#2099264259
 	NOTE: https://nostarttls.secvuln.info/
 CVE-2021-37844
@@ -52691,6 +52695,7 @@ CVE-2020-29548 (An issue was discovered in SmarterTools SmarterMail through 100.
 CVE-2020-29547
 	RESERVED
 	- citadel <unfixed>
+	[stretch] - citadel <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://uncensored.citadel.org/readfwd?go=Citadel Security?view=0?start_reading_at=2099264259#2099264259
 	NOTE: https://nostarttls.secvuln.info/
 CVE-2020-29546



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/32e80a4f2e26e407a97fdad47b12317fd2d27e94...7fc9d58d7e3ecc49f1c134a4211c1458b79c3d0e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/32e80a4f2e26e407a97fdad47b12317fd2d27e94...7fc9d58d7e3ecc49f1c134a4211c1458b79c3d0e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210826/b9dfc2ca/attachment-0001.htm>
