[Git][security-tracker-team/security-tracker][master] 5 commits: mark several CVEs for libpdfbox-java as no-dsa in Stretch

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sun Jul 25 18:55:21 BST 2021 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
389f368e by Thorsten Alteholz at 2021-07-25T19:47:12+02:00
mark several CVEs for libpdfbox-java as no-dsa in Stretch

- - - - -
17ac81a6 by Thorsten Alteholz at 2021-07-25T19:50:09+02:00
mark CVE-2021-36978 as no-dsa in Stretch

- - - - -
80ef366c by Thorsten Alteholz at 2021-07-25T19:51:49+02:00
mark CVE-2021-27847 as no-dsa in Stretch

- - - - -
c20dfd14 by Thorsten Alteholz at 2021-07-25T19:52:53+02:00
mark CVE-2021-22235 as postoned for Stretch

- - - - -
b33dee63 by Thorsten Alteholz at 2021-07-25T19:54:20+02:00
mark CVE-2021-36773 as no-dsa for Stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -959,6 +959,7 @@ CVE-2021-36979 (Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_arme
 CVE-2021-36978 (QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer ...)
 	- qpdf 10.1.0-1
 	[buster] - qpdf <no-dsa> (Minor issue)
+	[stretch] - qpdf <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml
 	NOTE: Fixed by: https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5 (release-qpdf-10.1.0)
@@ -1428,6 +1429,7 @@ CVE-2021-36774
 CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...)
 	- ublock-origin <unfixed> (bug #991386)
 	[buster] - ublock-origin <no-dsa> (Minor issue)
+	[stretch] - ublock-origin <no-dsa> (Minor issue)
 	- umatrix <unfixed> (bug #991344)
 	[buster] - umatrix <no-dsa> (Minor issue)
 	NOTE: https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc
@@ -13042,6 +13044,7 @@ CVE-2021-31812 (In Apache PDFBox, a carefully crafted PDF file can trigger an in
 	- libpdfbox-java <unfixed>
 	[bullseye] - libpdfbox-java <no-dsa> (Minor issue)
 	[buster] - libpdfbox-java <no-dsa> (Minor issue)
+	[stretch] - libpdfbox-java <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/1
 	NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33
 CVE-2021-31811 (In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMem ...)
@@ -13051,6 +13054,7 @@ CVE-2021-31811 (In Apache PDFBox, a carefully crafted PDF file can trigger an Ou
 	- libpdfbox-java <unfixed>
 	[bullseye] - libpdfbox-java <no-dsa> (Minor issue)
 	[buster] - libpdfbox-java <no-dsa> (Minor issue)
+	[stretch] - libpdfbox-java <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/2
 	NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33
 CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
@@ -22912,6 +22916,7 @@ CVE-2021-27848
 CVE-2021-27847 (Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_ ...)
 	- vips 8.8.3-1
 	[buster] - vips <no-dsa> (Minor issue)
+	[stretch] - vips <no-dsa> (Minor issue)
 	NOTE: https://github.com/libvips/libvips/issues/1236
 	NOTE: https://github.com/libvips/libvips/commit/2fb81b8ed6a4a6b2385f3efbb0412f24f80163c4 (v8.8.0-rc1)
 	NOTE: https://github.com/libvips/libvips/commit/65a259a0258b2036b168cdeff6e9db434471225a (v8.8.0-rc1)
@@ -36059,6 +36064,7 @@ CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to
 	- wireshark <unfixed>
 	[bullseye] - wireshark <postponed> (Minor issue, can be fixed along in future update)
 	[buster] - wireshark <postponed> (Minor issue, can be fixed along in future update)
+	[stretch] - wireshark <postponed> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-06.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17462
 CVE-2021-22234



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8eab5399cc80d013f3579569826c7e72055f25b3...b33dee6305f7059b7022c39251a738f95f71b6bd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8eab5399cc80d013f3579569826c7e72055f25b3...b33dee6305f7059b7022c39251a738f95f71b6bd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210725/dd1738d6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list