[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Jul 25 20:37:09 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
06a06f72 by Moritz Muehlenhoff at 2021-07-25T21:36:50+02:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1582,7 +1582,7 @@ CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found in
CVE-2021-3643
RESERVED
CVE-2021-XXXX [RUSTSEC-2021-0074]
- - rust-ammonia <unfixed>
+ - rust-ammonia <unfixed> (bug #991497)
NOTE: https://github.com/rust-ammonia/ammonia/commit/4b8426b89b861d9bea20e126576b0febb9d13515
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0074.html
CVE-2021-XXXX [RUSTSEC-2021-0072]
@@ -3043,6 +3043,7 @@ CVE-2019-25048 (LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read i
- libressl <itp> (bug #754513)
CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write durin ...)
- unrar-nonfree <unfixed> (bug #990541)
+ [bullseye] - unrar-nonfree <no-dsa> (Non-free not supported)
[buster] - unrar-nonfree <no-dsa> (Non-free not supported)
[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845
@@ -5818,6 +5819,7 @@ CVE-2021-34814
CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...)
[experimental] - olm 3.2.3~dfsg-1
- olm <unfixed> (bug #989997)
+ [bullseye] - olm <no-dsa> (Minor issue)
[buster] - olm <no-dsa> (Minor issue)
NOTE: https://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d122ee1b4d5e5ca4ec1432086be17d5f901b
NOTE: https://gitlab.matrix.org/matrix-org/olm/-/releases/3.2.3
@@ -33414,7 +33416,8 @@ CVE-2021-23411 (All versions of package anchorme are vulnerable to Cross-site Sc
CVE-2021-23410 (All versions of package msgpack are vulnerable to Deserialization of U ...)
TODO: check
CVE-2021-23409 (The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable ...)
- - golang-github-pires-go-proxyproto <unfixed>
+ - golang-github-pires-go-proxyproto <unfixed> (bug #991498)
+ [bullseye] - golang-github-pires-go-proxyproto <no-dsa> (Minor issue)
NOTE: https://github.com/pires/go-proxyproto/issues/65
NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439
NOTE: https://github.com/pires/go-proxyproto/pull/74
@@ -133730,7 +133733,7 @@ CVE-2019-15544 (An issue was discovered in the protobuf crate before 2.6.0 for R
CVE-2019-15543 (An issue was discovered in the slice-deque crate before 0.2.0 for Rust ...)
NOT-FOR-US: Rust crate slice-deque
CVE-2019-15542 (An issue was discovered in the ammonia crate before 2.1.0 for Rust. Th ...)
- NOT-FOR-US: Rust crate ammonia
+ - rust-ammonia <not-affected> (Fixed before initial upload)
CVE-2018-21000 (An issue was discovered in the safe-transmute crate before 0.10.1 for ...)
- rust-safe-transmute <not-affected> (Fixed with initial upload to archive)
NOTE: https://github.com/nabijaczleweli/safe-transmute-rs/pull/36
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06a06f7246c7d17ffee3e832529c61e2a72f4e67
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06a06f7246c7d17ffee3e832529c61e2a72f4e67
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210725/47428b49/attachment.htm>
More information about the debian-security-tracker-commits
mailing list