[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2021-44038 as postponed for Stretch

Sun Dec 19 01:18:57 GMT 2021


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e4a7cb6a by Thorsten Alteholz at 2021-12-19T00:49:49+01:00
mark CVE-2021-44038 as postponed for Stretch

- - - - -
77704332 by Thorsten Alteholz at 2021-12-19T00:51:24+01:00
mark CVE-2021-3929 as postponed for Stretch

- - - - -
f7854d9b by Thorsten Alteholz at 2021-12-19T01:06:26+01:00
mark CVE-2021-41055 as not-affected

- - - - -
e5f1f5ca by Thorsten Alteholz at 2021-12-19T02:18:28+01:00
add sphinxsearch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3251,6 +3251,7 @@ CVE-2021-44039
 	RESERVED
 CVE-2021-44038 (An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod op ...)
 	- quagga <removed>
+	[stretch] - quagga <postponed> (revisit when/if fixed upstream)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1191890
 	NOTE: Debian installed systemd unit files install the problematic redhat/*.service
 	NOTE: files with the unsafe chmod/chown calls in the Debian packaging.
@@ -5899,6 +5900,7 @@ CVE-2021-3930 [off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c]
 CVE-2021-3929 [nvme: DMA reentrancy issue leads to use-after-free]
 	RESERVED
 	- qemu <unfixed>
+	[stretch] - qemu <postponed> (Fix along with a future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020298
 	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/556
 	NOTE: Proposed patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html
@@ -13750,6 +13752,7 @@ CVE-2021-41056
 	RESERVED
 CVE-2021-41055 (Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a  ...)
 	- python-nbxmpp 2.0.4-1
+	[stretch] - python-nbxmpp <not-affected> (Vulnerable code introduced later (modules added in v1.0.0))
 	NOTE: https://dev.gajim.org/gajim/gajim/-/issues/10638
 	NOTE: https://dev.gajim.org/gajim/python-nbxmpp/-/commit/8a626829d7c4b14077f764e61b1d1e867d21413f
 	NOTE: Fix in python-nbxmpp, and gajim 1.3.3 bumps depends on required nbxmpp version.


=====================================
data/dla-needed.txt
=====================================
@@ -75,6 +75,8 @@ samba (Anton)
   NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/
   NOTE: 20211212: Fix is too large, coordination with ELTS-upload
 --
+sphinxsearch (Thorsten Alteholz)
+--
 thunderbird (Emilio)
   NOTE: 20211122: blocked on toolchain backports (pochu)
   NOTE: 20211206: progressing on the toolchain front (pochu)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/96bf6e32089e1e3a247493fd0d8189f40162c347...e5f1f5ca67c035e3d3629c91d897faabbc19dd55

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/96bf6e32089e1e3a247493fd0d8189f40162c347...e5f1f5ca67c035e3d3629c91d897faabbc19dd55
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211219/ebc66e16/attachment.htm>
