[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff
jmm at debian.org
Mon Jan 11 20:41:03 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
82af22b7 by Moritz Muehlenhoff at 2021-01-11T21:38:58+01:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5665,6 +5665,8 @@ CVE-2021-21434
RESERVED
CVE-2020-35850 (** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Coc ...)
- cockpit <unfixed>
+ [bullseye] - cockpit <ignored> (Minor issue)
+ [buster] - cockpit <ignored> (Minor issue)
NOTE: https://github.com/cockpit-project/cockpit/issues/15077
CVE-2020-35849 (An issue was discovered in MantisBT before 2.24.4. An incorrect access ...)
- mantis <removed>
@@ -24640,10 +24642,12 @@ CVE-2020-25658 (It was found that python-rsa is vulnerable to Bleichenbacher tim
CVE-2020-25657
RESERVED
- m2crypto <unfixed> (bug #975002)
+ [bullseye] - m2crypto <no-dsa> (Minor issue)
[buster] - m2crypto <no-dsa> (Minor issue)
[stretch] - m2crypto <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889823
NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/285
+ NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/282 (restricted)
CVE-2020-25656 (A flaw was found in the Linux kernel. A use-after-free was found in th ...)
{DLA-2494-1 DLA-2483-1}
- linux 5.9.6-1
@@ -46561,6 +46565,7 @@ CVE-2020-15354
REJECTED
CVE-2013-7489 (The Beaker library through 1.11.0 for Python is affected by deserializ ...)
- beaker <unfixed> (bug #966197)
+ [bullseye] - beaker <no-dsa> (Minor issue)
[buster] - beaker <no-dsa> (Minor issue)
[stretch] - beaker <no-dsa> (Minor issue)
NOTE: https://github.com/bbangert/beaker/issues/191
@@ -53280,7 +53285,7 @@ CVE-2020-12862 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a
NOTE: https://gitlab.com/sane-project/backends/-/commit/27ea994d23ee52fe1ec1249c92ebc1080a358288 (1.0.30)
CVE-2020-12861 (A heap buffer overflow in SANE Backends before 1.0.30 allows a malicio ...)
[experimental] - sane-backends 1.0.30-1~experimental1
- - sane-backends <unfixed> (bug #961302)
+ - sane-backends 1.0.31-2 (bug #961302)
[buster] - sane-backends <no-dsa> (Minor issue)
[stretch] - sane-backends <ignored> (already mitigated, auto-discovery for unsupported network access added in 1.0.27)
[jessie] - sane-backends <not-affected> (epsonds backend was added in 1.0.25)
@@ -119862,19 +119867,15 @@ CVE-2019-9154 (Improper Verification of a Cryptographic Signature in OpenPGP.js
CVE-2019-9153 (Improper Verification of a Cryptographic Signature in OpenPGP.js <= ...)
- node-openpgp <itp> (bug #787774)
CVE-2019-9152 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
- - hdf5 <unfixed>
- [buster] - hdf5 <no-dsa> (Minor issue)
- [stretch] - hdf5 <no-dsa> (Minor issue)
- [jessie] - hdf5 <ignored> (Minor issue)
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul8
NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10719
+ NOTE: Negligible security impact
CVE-2019-9151 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
- - hdf5 <unfixed>
- [buster] - hdf5 <no-dsa> (Minor issue)
- [stretch] - hdf5 <no-dsa> (Minor issue)
- [jessie] - hdf5 <ignored> (Minor issue)
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul7
NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10718
+ NOTE: Negligible security impact
CVE-2019-9150 (Mailvelope prior to 3.3.0 does not require user interaction to import ...)
NOT-FOR-US: Mailvelope
CVE-2019-9149 (Mailvelope prior to 3.3.0 allows private key operations without user i ...)
@@ -149220,7 +149221,7 @@ CVE-2018-17979
CVE-2018-17978
RESERVED
CVE-2018-17977 (The Linux kernel 4.14.67 mishandles certain interaction among XFRM Net ...)
- - linux <unfixed>
+ - linux <undetermined>
CVE-2018-17976 (An issue was discovered in GitLab Community Edition 11.x before 11.1.8 ...)
- gitlab 11.1.8+dfsg-2
NOTE: https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/
@@ -283747,6 +283748,7 @@ CVE-2015-7812 (The hypercall_create_continuation function in arch/arm/domain.c i
NOTE: http://xenbits.xen.org/xsa/advisory-145.html
CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux kernel throu ...)
- linux <unfixed>
+ [bullseye] - linux <ignored> (Minor issue, requires invasive changes)
[buster] - linux <ignored> (Minor issue, requires invasive changes)
[stretch] - linux <ignored> (Minor issue, requires invasive changes)
[jessie] - linux <ignored> (Minor issue, requires invasive changes)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82af22b7275ef43f2dd902aad3ce7f98a082a918
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82af22b7275ef43f2dd902aad3ce7f98a082a918
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210111/4c09da87/attachment.html>
More information about the debian-security-tracker-commits
mailing list