[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2021-32740 as no-dsa for Stretch

Sun Aug 29 23:31:51 BST 2021


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
acfa7990 by Thorsten Alteholz at 2021-08-30T00:22:24+02:00
mark CVE-2021-32740 as no-dsa for Stretch

- - - - -
5671cdcf by Thorsten Alteholz at 2021-08-30T00:23:55+02:00
add qtbase-opensource-src

- - - - -
d8af21e9 by Thorsten Alteholz at 2021-08-30T00:27:38+02:00
add pywps

- - - - -
385bd4ef by Thorsten Alteholz at 2021-08-30T00:29:53+02:00
add plib

- - - - -
f7cc032b by Thorsten Alteholz at 2021-08-30T00:31:15+02:00
mark two CVEs of pluxml as no-dsa for Stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3403,8 +3403,10 @@ CVE-2021-38604 (In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8
 CVE-2021-38603 (PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Informati ...)
 	- pluxml <unfixed>
+	[stretch] - pluxml <no-dsa> (Minor issue)
 CVE-2021-38602 (PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content ...)
 	- pluxml <unfixed>
+	[stretch] - pluxml <no-dsa> (Minor issue)
 CVE-2021-38601
 	RESERVED
 CVE-2021-38600
@@ -16974,6 +16976,7 @@ CVE-2021-32741 (Nextcloud Server is a Nextcloud package that handles data storag
 	- nextcloud-server <itp> (bug #941708)
 CVE-2021-32740 (Addressable is an alternative implementation to the URI implementation ...)
 	- ruby-addressable 2.7.0-2 (bug #990791)
+	[stretch] - ruby-addressable <no-dsa> (Minor issue)
 	NOTE: https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g
 	NOTE: https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76
 CVE-2021-32739 (Icinga is a monitoring system which checks the availability of network ...)


=====================================
data/dla-needed.txt
=====================================
@@ -59,13 +59,20 @@ openssl (Thorsten Alteholz)
 --
 openssl1.0 (Thorsten Alteholz)
 --
+plib
+  NOTE: 20210829: no fix yet
+--
 python-babel
   NOTE: 20210617: CVE-2021-20095 withdrawn, cf. 251b6e33 and #987824 (abhijith)
   NOTE: 20210620: http://people.debian.org/~abhijith/backport_of_3a700b5.patch (abhijith)
   NOTE: 20210620: Revisit when it has an assigned CVE ID (abhijith)
 --
+pywps
+--
 qemu (Markus Koschany)
 --
+qtbase-opensource-src
+--
 ruby-kaminari
   NOTE: 20200819: The source in Debian (at least in LTS) appears to have a different lineage to
   NOTE: 20200819: the one upstream or in its many forks. For example, both dthe



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b40db75908ece32c8416ada8e6d09f3d0e4fba96...f7cc032b557afe07ca941d021729127f99174a24

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b40db75908ece32c8416ada8e6d09f3d0e4fba96...f7cc032b557afe07ca941d021729127f99174a24
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210829/2f71dd3b/attachment.htm>
