[Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2021-42260/tinyxml as no-dsa for stretch

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Sun Dec 5 22:35:58 GMT 2021 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2b75bf3b by Utkarsh Gupta at 2021-12-06T04:04:24+05:30
Mark CVE-2021-42260/tinyxml as no-dsa for stretch

- - - - -
252d2af2 by Utkarsh Gupta at 2021-12-06T04:04:35+05:30
Mark CVE-2021-41771/golang-1.{7,8} as no-dsa for stretch

- - - - -
e61d2eb2 by Utkarsh Gupta at 2021-12-06T04:05:35+05:30
Mark CVE-2021-44227/mailman as no-dsa for stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -871,6 +871,7 @@ CVE-2021-4024 [podman: podman machine spawns gvproxy with port binded to all IPs
 	NOTE: Fixed by: https://github.com/containers/podman/commit/295d87bb0b028e57dc2739791dee4820fe5fcc48
 CVE-2021-44227 (In GNU Mailman before 2.1.38, a list member or moderator can get a CSR ...)
 	- mailman <removed>
+	[stretch] - mailman <no-dsa> (Minor issue; can be fixed with the next DLA)
 	NOTE: https://bugs.launchpad.net/mailman/+bug/1952384
 	NOTE: Patch: https://launchpadlibrarian.net/570827498/patch.txt
 CVE-2021-44226
@@ -8827,6 +8828,7 @@ CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directo
 	NOT-FOR-US: Revisor Video Management System (VMS)
 CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp  ...)
 	- tinyxml <unfixed>
+	[stretch] - tinyxml <no-dsa> (Minor issue; can be fixed with the next DLA)
 	NOTE: https://sourceforge.net/p/tinyxml/bugs/141/
 	NOTE: https://sourceforge.net/p/tinyxml/git/merge-requests/1/
 CVE-2021-42259
@@ -10048,6 +10050,7 @@ CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go befor
 	- golang-1.11 <removed>
 	- golang-1.8 <removed>
 	- golang-1.7 <removed>
+	[stretch] - golang-1.7 <no-dsa> (Minor issue; can be fixed with the next DLA)
 	NOTE: https://github.com/golang/go/issues/48990
 	NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc
 	NOTE: https://github.com/golang/go/commit/4a842985bf3f71d93a2b1340d9d6685bebc12b6b (go1.17.3)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0f7b097ec39bdcfda6b29da75749995d98014a91...e61d2eb28329445c1bebe9706d6a3551562deaad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0f7b097ec39bdcfda6b29da75749995d98014a91...e61d2eb28329445c1bebe9706d6a3551562deaad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211205/830a1012/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list