[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Dec 23 16:30:26 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0f729fa7 by Moritz Muehlenhoff at 2021-12-23T17:29:58+01:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20,6 +20,8 @@ CVE-2021-4157 [pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()]
CVE-2021-4156 [heap out-of-bounds read in src/flac.c in flac_buffer_copy]
RESERVED
- libsndfile <unfixed>
+ [bullseye] - libsndfile <no-dsa> (Minor issue)
+ [buster] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/libsndfile/libsndfile/issues/731
NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1)
CVE-2021-4155
@@ -913,14 +915,20 @@ CVE-2021-45261 (An Invalid Pointer vulnerability exists in GNU patch 2.7 via the
NOTE: Negligible security impact
CVE-2021-45260 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the l ...)
- gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1979
TODO: check, fixing commit, cf. https://github.com/gpac/gpac/issues/1979#issuecomment-992471979
CVE-2021-45259 (An Invalid pointer reference vulnerability exists in gpac 1.1.0 via th ...)
- gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1986
NOTE: https://github.com/gpac/gpac/commit/654c796482c2609aa736315f9273d6c5912e0a29
CVE-2021-45258 (A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_de ...)
- gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1970
NOTE: https://github.com/gpac/gpac/commit/47a26a32c9a2cd630c48517c3e6ab2fa5f6a26ad
CVE-2021-45257 (An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_t ...)
@@ -14195,6 +14203,8 @@ CVE-2021-41501
RESERVED
CVE-2021-41500 (Incomplete string comparison vulnerability exits in cvxopt.org cvxop & ...)
- cvxopt 1.2.7+dfsg-1
+ [bullseye] - cvxopt <no-dsa> (Minor issue)
+ [buster] - cvxopt <no-dsa> (Minor issue)
NOTE: https://github.com/cvxopt/cvxopt/issues/193
CVE-2021-41499 (Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < ...)
- python-pyo 1.0.4-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f729fa73b827fecffa27a8b0e9e7320eb3e49ee
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f729fa73b827fecffa27a8b0e9e7320eb3e49ee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211223/162a580e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list