[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Thu Dec 9 10:20:32 GMT 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8914f268 by Moritz Muehlenhoff at 2021-12-09T11:20:09+01:00
buster/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -62,6 +62,7 @@ CVE-2021-23145
 	RESERVED
 CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile]
 	- rainloop 1.14.0-1 (bug #962629)
+	[buster] - rainloop <no-dsa> (Minor issue)
 	NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872
 CVE-2021-44738
 	RESERVED
@@ -598,7 +599,11 @@ CVE-2021-44477
 	RESERVED
 CVE-2021-4048 (An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, an ...)
 	- lapack <unfixed>
+	[bullseye] - lapack <no-dsa> (Minor issue)
+	[buster] - lapack <no-dsa> (Minor issue)
 	- openblas 0.3.18+ds-1
+	[bullseye] - openblas <no-dsa> (Minor issue)
+	[buster] - openblas <no-dsa> (Minor issue)
 	NOTE: https://github.com/Reference-LAPACK/lapack/pull/625
 	NOTE: https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781
 	NOTE: https://github.com/JuliaLang/julia/issues/42415
@@ -20588,6 +20593,8 @@ CVE-2021-37699 (Next.js is an open source website development framework to be us
 CVE-2021-37698 (Icinga is a monitoring system which checks the availability of network ...)
 	{DLA-2816-1}
 	- icinga2 2.13.1-1
+	[bullseye] - icinga2 <no-dsa> (Minor issue)
+	[buster] - icinga2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-cxfm-8j5v-5qr2
 	NOTE: https://icinga.com/blog/2021/08/19/icinga-2-13-1-security-release/
 	NOTE: https://github.com/Icinga/icinga2/commit/8910abc5882774c067dfc22cdf8bf8b830257608 (v2.12.6)
@@ -32367,6 +32374,8 @@ CVE-2021-32743 (Icinga is a monitoring system which checks the availability of n
 	{DLA-2816-1}
 	[experimental] - icinga2 2.12.5-1~exp1
 	- icinga2 2.12.5-1 (bug #991494)
+	[bullseye] - icinga2 <no-dsa> (Minor issue)
+	[buster] - icinga2 <no-dsa> (Minor issue)
 	NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
 	NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7
 	NOTE: https://github.com/Icinga/icinga2/commit/843353ab69f79b3abfeb38ac249b05e1944369ab (v2.12.5)
@@ -32383,6 +32392,8 @@ CVE-2021-32739 (Icinga is a monitoring system which checks the availability of n
 	{DLA-2816-1}
 	[experimental] - icinga2 2.12.5-1~exp1
 	- icinga2 2.12.5-1 (bug #991494)
+	[bullseye] - icinga2 <no-dsa> (Minor issue)
+	[buster] - icinga2 <no-dsa> (Minor issue)
 	NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
 	NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5
 	NOTE: https://github.com/Icinga/icinga2/commit/b5b83fa51564662ff2e78d7529ff77e1085d4522 (v2.12.5)
@@ -87804,6 +87815,8 @@ CVE-2020-23110
 	RESERVED
 CVE-2020-23109 (Buffer overflow vulnerability in function convert_colorspace in heif_c ...)
 	- libheif <unfixed>
+	[bullseye] - libheif <no-dsa> (Minor issue)
+	[buster] - libheif <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libheif/issues/207
 CVE-2020-23108
 	RESERVED


=====================================
data/dsa-needed.txt
=====================================
@@ -48,6 +48,8 @@ python-pysaml2 (jmm)
 --
 rabbitmq-server
 --
+ruby2.7
+--
 runc
 --
 sogo
@@ -61,5 +63,5 @@ trafficserver (jmm)
 --
 varnish
 --
-wireshark
+wireshark (jmm)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8914f26837165d32dd0f63bd306ba876ababecf8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8914f26837165d32dd0f63bd306ba876ababecf8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211209/c0e6b015/attachment.htm>
