[Git][security-tracker-team/security-tracker][master] 8 commits: mark CVE-2021-39272 as no-dsa for Stretch

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sun Aug 29 23:00:33 BST 2021 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e4218a6c by Thorsten Alteholz at 2021-08-29T23:30:50+02:00
mark CVE-2021-39272 as no-dsa for Stretch

- - - - -
e419aedf by Thorsten Alteholz at 2021-08-29T23:32:12+02:00
mark CVE-2021-38559 as no-dsa for Stretch

- - - - -
f2e56ad1 by Thorsten Alteholz at 2021-08-29T23:38:25+02:00
mark CVE-2021-32798 as no-dsa for Stretch

- - - - -
90290d61 by Thorsten Alteholz at 2021-08-29T23:40:42+02:00
follow sec team and mark several CVEs of libelfin as no-dsa

- - - - -
15d1e501 by Thorsten Alteholz at 2021-08-29T23:43:11+02:00
follow sec team and mark several CVEs of liblivemedia as ignored

- - - - -
6e9fb5d5 by Thorsten Alteholz at 2021-08-29T23:46:32+02:00
mark CVE-2020-21677 as no-dsa for Stretch

- - - - -
db1b1cf5 by Thorsten Alteholz at 2021-08-29T23:57:16+02:00
mark CVE-2021-32804 and CVE-2021-32803 as not-affected for Stretch

- - - - -
8f581df5 by Thorsten Alteholz at 2021-08-29T23:59:08+02:00
mark CVE-2021-3654 as no-dsa for Stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1916,10 +1916,12 @@ CVE-2021-39284
 CVE-2021-39283 (liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion ...)
 	- liblivemedia <removed>
 	[buster] - liblivemedia <ignored> (Minor issue)
+	[stretch] - liblivemedia <ignored> (Minor issue)
 	NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021969.html
 CVE-2021-39282 (Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 ...)
 	- liblivemedia <removed>
 	[buster] - liblivemedia <ignored> (Minor issue)
+	[stretch] - liblivemedia <ignored> (Minor issue)
 	NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021970.html
 CVE-2021-39281
 	RESERVED
@@ -1947,6 +1949,7 @@ CVE-2021-39272 [TLS bypass vulnerabilities ("NO STARTTLS")]
 	- fetchmail <unfixed> (bug #993163)
 	[bullseye] - fetchmail <no-dsa> (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist)
 	[buster] - fetchmail <no-dsa> (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist)
+	[stretch] - fetchmail <no-dsa> (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist)
 	NOTE: https://www.fetchmail.info/fetchmail-SA-2021-02.txt
 CVE-2021-39271
 	RESERVED
@@ -3516,6 +3519,7 @@ CVE-2021-38559 (DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenot
 	- hoteldruid <unfixed>
 	[bullseye] - hoteldruid <no-dsa> (Minor issue)
 	[buster] - hoteldruid <no-dsa> (Minor issue)
+	[stretch] - hoteldruid <no-dsa> (Minor issue)
 CVE-2021-38558
 	RESERVED
 CVE-2021-38557 (raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as  ...)
@@ -7065,6 +7069,7 @@ CVE-2021-3654 [novnc allows open redirection]
 	- nova 2:23.0.2-3 (bug #991441)
 	[bullseye] - nova <no-dsa> (Minor issue)
 	[buster] - nova <no-dsa> (Minor issue)
+	[stretch] - nova <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/nova/+bug/1927677
 CVE-2021-26263
 	RESERVED
@@ -16772,12 +16777,14 @@ CVE-2021-32804 (The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.
 	- node-tar 6.1.7+~cs11.3.10-1 (bug #992111)
 	[bullseye] - node-tar <no-dsa> (Minor issue)
 	[buster] - node-tar <no-dsa> (Minor issue)
+	[stretch] - node-tar <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9
 	NOTE: https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4
 CVE-2021-32803 (The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4 ...)
 	- node-tar 6.1.7+~cs11.3.10-1 (bug #992110)
 	[bullseye] - node-tar <no-dsa> (Minor issue)
 	[buster] - node-tar <no-dsa> (Minor issue)
+	[stretch] - node-tar <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw
 	NOTE: https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20
 CVE-2021-32802
@@ -16792,6 +16799,7 @@ CVE-2021-32798 (The Jupyter notebook is a web-based notebook environment for int
 	- jupyter-notebook <unfixed> (bug #992704)
 	[bullseye] - jupyter-notebook <no-dsa> (Minor issue)
 	[buster] - jupyter-notebook <no-dsa> (Minor issue)
+	[stretch] - jupyter-notebook <no-dsa> (Minor issue)
 	NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-hwvq-6gjx-j797
 	NOTE: https://github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5
 CVE-2021-32797 (JupyterLab is a user interface for Project Jupyter which will eventual ...)
@@ -67833,42 +67841,49 @@ CVE-2020-24827 (A vulnerability in the dwarf::cursor::skip_form function of Libe
 	- libelfin <unfixed>
 	[bullseye] - libelfin <no-dsa> (Minor issue)
 	[buster] - libelfin <no-dsa> (Minor issue)
+	[stretch] - libelfin <no-dsa> (Minor issue)
 	NOTE: https://github.com/aclements/libelfin/issues/47
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc181
 CVE-2020-24826 (A vulnerability in the elf::section::as_strtab function of Libelfin v0 ...)
 	- libelfin <unfixed>
 	[bullseye] - libelfin <no-dsa> (Minor issue)
 	[buster] - libelfin <no-dsa> (Minor issue)
+	[stretch] - libelfin <no-dsa> (Minor issue)
 	NOTE: https://github.com/aclements/libelfin/issues/49
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-elfsectionas_strtab-at-elfelfcc284
 CVE-2020-24825 (A vulnerability in the line_table::line_table function of Libelfin v0. ...)
 	- libelfin <unfixed>
 	[bullseye] - libelfin <no-dsa> (Minor issue)
 	[buster] - libelfin <no-dsa> (Minor issue)
+	[stretch] - libelfin <no-dsa> (Minor issue)
 	NOTE: https://github.com/aclements/libelfin/issues/46
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-line_tableline_table-at-dwarflinecc104
 CVE-2020-24824 (A global buffer overflow issue in the dwarf::line_table::line_table fu ...)
 	- libelfin <unfixed>
 	[bullseye] - libelfin <no-dsa> (Minor issue)
 	[buster] - libelfin <no-dsa> (Minor issue)
+	[stretch] - libelfin <no-dsa> (Minor issue)
 	NOTE: https://github.com/aclements/libelfin/issues/48
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#global-buffer-overflow-in-function-dwarfline_tableline_table-at-dwarflinecc107
 CVE-2020-24823 (A vulnerability in the dwarf::to_string function of Libelfin v0.3 allo ...)
 	- libelfin <unfixed>
 	[bullseye] - libelfin <no-dsa> (Minor issue)
 	[buster] - libelfin <no-dsa> (Minor issue)
+	[stretch] - libelfin <no-dsa> (Minor issue)
 	NOTE: https://github.com/aclements/libelfin/issues/51
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfto_string-at-dwarfvaluecc300
 CVE-2020-24822 (A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 a ...)
 	- libelfin <unfixed>
 	[bullseye] - libelfin <no-dsa> (Minor issue)
 	[buster] - libelfin <no-dsa> (Minor issue)
+	[stretch] - libelfin <no-dsa> (Minor issue)
 	NOTE: https://github.com/aclements/libelfin/issues/50
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursoruleb128-at-dwarfinternalhh154
 CVE-2020-24821 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...)
 	- libelfin <unfixed>
 	[bullseye] - libelfin <no-dsa> (Minor issue)
 	[buster] - libelfin <no-dsa> (Minor issue)
+	[stretch] - libelfin <no-dsa> (Minor issue)
 	NOTE: https://github.com/aclements/libelfin/issues/52
 	NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc191
 CVE-2020-24820
@@ -74641,6 +74656,7 @@ CVE-2020-21678 (A global buffer overflow in the genmp_writefontmacro_latex compo
 CVE-2020-21677 (A heap-based buffer overflow in the sixel_encoder_output_without_macro ...)
 	- libsixel 1.8.6-1
 	[buster] - libsixel <no-dsa> (Minor issue)
+	[stretch] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/123
 	NOTE: https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d
 CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component in genp ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/44a195a9d117d7013626f0d594a22d5e02d6bde6...8f581df5eb6b841801b57aa2d50c0d092117ca51

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/44a195a9d117d7013626f0d594a22d5e02d6bde6...8f581df5eb6b841801b57aa2d50c0d092117ca51
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210829/e57e9a95/attachment.htm>

More information about the debian-security-tracker-commits mailing list