[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2020-18976 as unfixed and unimportant for Stretch

Sun Aug 29 23:18:05 BST 2021


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9c68257 by Thorsten Alteholz at 2021-08-30T00:08:03+02:00
mark CVE-2020-18976 as unfixed and unimportant for Stretch

- - - - -
0d127be8 by Thorsten Alteholz at 2021-08-30T00:11:44+02:00
add sssd

- - - - -
cf34b1a0 by Thorsten Alteholz at 2021-08-30T00:12:48+02:00
add btrbk

- - - - -
4af4a5c3 by Thorsten Alteholz at 2021-08-30T00:15:03+02:00
mark some CVEs of liblivemedia as no-dsa

- - - - -
b40db759 by Thorsten Alteholz at 2021-08-30T00:17:14+02:00
mark two CVEs of libpodofo as postponed for Stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3893,14 +3893,17 @@ CVE-2021-38383 (OwnTone (aka owntone-server) through 28.1 has a use-after-free i
 	NOT-FOR-US: OwnTone
 CVE-2021-38382 (Live555 through 1.08 does not handle Matroska and Ogg files properly.  ...)
 	- liblivemedia <removed>
+	[stretch] - liblivemedia <no-dsa> (Minor issue)
 	NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021959.html
 	NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.06]
 CVE-2021-38381 (Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sendi ...)
 	- liblivemedia <removed>
+	[stretch] - liblivemedia <no-dsa> (Minor issue)
 	NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021961.html
 	NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09]
 CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3 stream, ...)
 	- liblivemedia <removed>
+	[stretch] - liblivemedia <no-dsa> (Minor issue)
 	NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021954.html
 	NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04]
 CVE-2021-38379
@@ -80163,7 +80166,9 @@ CVE-2020-18977
 	RESERVED
 CVE-2020-18976 (Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial ...)
 	- tcpreplay 4.3.3-1
+	[stretch] - tcpreplay <unfixed> (unimportant)
 	NOTE: https://github.com/appneta/tcpreplay/issues/556
+	NOTE: Crash in CLI tool, no security impact
 CVE-2020-18975
 	RESERVED
 CVE-2020-18974 (Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers  ...)
@@ -80174,9 +80179,11 @@ CVE-2020-18973
 	RESERVED
 CVE-2020-18972 (Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v ...)
 	- libpodofo <unfixed>
+	[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://sourceforge.net/p/podofo/tickets/49/
 CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause ...)
 	- libpodofo <unfixed>
+	[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://sourceforge.net/p/podofo/tickets/48/
 CVE-2020-18970
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -18,6 +18,8 @@ ansible
   NOTE: 20210411: after that LTS. (apo)
   NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
 --
+btrbk (Thorsten Alteholz)
+--
 cacti (Roberto C. Sánchez)
   NOTE: 20210829: not really sure whether affected, please recheck
 --
@@ -99,5 +101,7 @@ smarty3 (Abhijith PA)
 --
 squashfs-tools (Thorsten Alteholz)
 --
+sssd
+--
 wireshark (Adrian Bunk)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8f581df5eb6b841801b57aa2d50c0d092117ca51...b40db75908ece32c8416ada8e6d09f3d0e4fba96

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8f581df5eb6b841801b57aa2d50c0d092117ca51...b40db75908ece32c8416ada8e6d09f3d0e4fba96
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210829/ee321c80/attachment-0001.htm>
