[Git][security-tracker-team/security-tracker][master] 7 commits: mark CVE-2020-10001 as no-dsa for Stretch

Fri Feb 12 15:01:43 GMT 2021


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de03bf08 by Thorsten Alteholz at 2021-02-12T16:01:09+01:00
mark CVE-2020-10001 as no-dsa for Stretch

- - - - -
3cd5af43 by Thorsten Alteholz at 2021-02-12T16:01:10+01:00
mark CVE-2021-3403 and CVE-2021-3404 as no-dsa for Stretch

- - - - -
337c20ae by Thorsten Alteholz at 2021-02-12T16:01:12+01:00
mark CVE-2020-15690 as no-dsa for Stretch

- - - - -
6f212233 by Thorsten Alteholz at 2021-02-12T16:01:13+01:00
mark CVE-2020-27842 and CVE-2020-27843 as no-dsa for Stretch

- - - - -
7281d00e by Thorsten Alteholz at 2021-02-12T16:01:14+01:00
mark CVE-2021-21435 as ignored for Stretch

- - - - -
2dcca80f by Thorsten Alteholz at 2021-02-12T16:01:14+01:00
add libzstd

- - - - -
cd581726 by Thorsten Alteholz at 2021-02-12T16:01:15+01:00
mark CVE-2020-36242 as not-affected for Stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -552,11 +552,13 @@ CVE-2021-3404
 	RESERVED
 	- libytnef <unfixed> (bug #982596)
 	[buster] - libytnef <no-dsa> (Minor issue)
+	[stretch] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/86
 CVE-2021-3403
 	RESERVED
 	- libytnef <unfixed> (bug #982594)
 	[buster] - libytnef <no-dsa> (Minor issue)
+	[stretch] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/85
 CVE-2021-26936 (The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when  ...)
 	NOT-FOR-US: ReplaySorcery
@@ -772,6 +774,7 @@ CVE-2020-36243 (The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command I
 CVE-2020-36242 (In the cryptography package before 3.3.2 for Python, certain sequences ...)
 	- python-cryptography 3.3.2-1
 	[buster] - python-cryptography <no-dsa> (Minor issue)
+	[stretch] - python-cryptography <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/pyca/cryptography/issues/5615
 CVE-2021-21299 (hyper is an open-source HTTP library for Rust (crates.io). In hyper fr ...)
 	- rust-hyper <unfixed>
@@ -13467,6 +13470,7 @@ CVE-2021-21436 (Agents are able to see and link Config Items without permissions
 CVE-2021-21435 (Article Bcc fields and agent personal information are shown when custo ...)
 	- otrs2 <unfixed> (bug #982586)
 	[buster] - otrs2 <ignored> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-02/
 CVE-2021-21434 (Survey administrator can craft a survey in such way that malicious cod ...)
 	NOT-FOR-US: OTRS Survey addon
@@ -27152,10 +27156,12 @@ CVE-2020-27844 (A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions
 CVE-2020-27843 (A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw all ...)
 	- openjpeg2 <unfixed>
 	[buster] - openjpeg2 <no-dsa> (Minor issue)
+	[stretch] - openjpeg2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1297
 CVE-2020-27842 (There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An ...)
 	- openjpeg2 <unfixed>
 	[buster] - openjpeg2 <no-dsa> (Minor issue)
+	[stretch] - openjpeg2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1294
 CVE-2020-27841 (There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openj ...)
 	{DLA-2550-1}
@@ -53919,6 +53925,7 @@ CVE-2020-15691
 CVE-2020-15690 (In Nim before 1.2.6, the standard library asyncftpclient lacks a check ...)
 	- nim 1.2.6-1
 	[buster] - nim <no-dsa> (Minor issue)
+	[nim] - nim <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/3
 CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, ...)
 	NOT-FOR-US: Appweb
@@ -71247,6 +71254,7 @@ CVE-2020-10001 [buffer (read) overflow in the ippReadIO function]
 	RESERVED
 	- cups 2.3.3op2-1
 	[buster] - cups <no-dsa> (Minor issue)
+	[stretch] - cups <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenPrinting/cups/commit/efbea1742bd30f842fbbfb87a473e5c84f4162f9 (v2.3.3op2)
 CVE-2020-10000
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -42,6 +42,8 @@ dnsmasq (Utkarsh)
 firmware-nonfree
   NOTE: 20201207: wait for the update in buster and backport that (Emilio)
 --
+libzstd (Utkarsh)
+--
 linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89850fcae829216963a1c0a633fd15a74260c300...cd5817260633af01846666eed9d5d32f15618986

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89850fcae829216963a1c0a633fd15a74260c300...cd5817260633af01846666eed9d5d32f15618986
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210212/30bbe478/attachment-0001.html>
