[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jul 29 11:59:13 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c78159e6 by Moritz Muehlenhoff at 2021-07-29T12:58:59+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -950,6 +950,7 @@ CVE-2021-37156
 	RESERVED
 CVE-2021-37155 (wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure ou ...)
 	- wolfssl <unfixed> (bug #991443)
+	[bullseye] - wolfssl <no-dsa> (Minor issue)
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/3990
 	NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
 CVE-2021-37154
@@ -11100,11 +11101,15 @@ CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony. I
 	NOT-FOR-US: Sylius
 CVE-2021-32719 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...)
 	- rabbitmq-server <unfixed> (bug #990524)
+	[bullseye] - rabbitmq-server <no-dsa> (Minor issue)
+	[buster] - rabbitmq-server <no-dsa> (Minor issue)
 	[stretch] - rabbitmq-server <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x
 	NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3122
 CVE-2021-32718 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...)
 	- rabbitmq-server <unfixed> (bug #990524)
+	[bullseye] - rabbitmq-server <no-dsa> (Minor issue)
+	[buster] - rabbitmq-server <no-dsa> (Minor issue)
 	[stretch] - rabbitmq-server <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772
 	NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3028
@@ -27052,6 +27057,7 @@ CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows
 	NOT-FOR-US: MyBB
 CVE-2021-3336 (DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not c ...)
 	- wolfssl 4.6.0-3
+	[bullseye] - wolfssl <no-dsa> (Minor issue)
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/3676
 CVE-2021-26308 (An issue was discovered in the marc crate before 2.0.0 for Rust. A use ...)
 	NOT-FOR-US: Rust marc
@@ -36899,6 +36905,8 @@ CVE-2021-22117 (RabbitMQ installers on Windows prior to version 3.8.16 do not ha
 CVE-2021-22116 (RabbitMQ all versions prior to 3.8.16 are prone to a denial of service ...)
 	{DLA-2710-1}
 	- rabbitmq-server <unfixed> (bug #989056)
+	[bullseye] - rabbitmq-server <no-dsa> (Minor issue)
+	[buster] - rabbitmq-server <no-dsa> (Minor issue)
 	NOTE: https://tanzu.vmware.com/security/cve-2021-22116
 	NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/2953
 CVE-2021-22115 (Cloud Controller API versions prior to 1.106.0 logs service broker cre ...)
@@ -43569,9 +43577,10 @@ CVE-2020-35502 (A flaw was found in Privoxy in versions before 3.0.29. Memory le
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=4490d451f9b61baada414233897a83ec8d9908aa (3.0.29)
 CVE-2020-35501
 	RESERVED
-	- linux <unfixed>
+	- linux <unfixed> (unimportant)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/18/1
 	NOTE: https://lore.kernel.org/linux-audit/7230785.EvYhyI6sBW@x2/
+	NOTE: Negligible security impact
 CVE-2020-35500
 	REJECTED
 CVE-2020-35499 (A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 ...)
@@ -62335,6 +62344,8 @@ CVE-2020-24505 (Insufficient input validation in the firmware for the Intel(R) 7
 	NOT-FOR-US: Intel NIC firmware
 CVE-2020-24504 (Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapt ...)
 	- linux <unfixed>
+	[bullseye] - linux <ignored> (Minor issue, too intrusive to backport)
+	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.html
 CVE-2020-24503 (Insufficient access control in some Intel(R) Ethernet E810 Adapter dri ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c78159e6128ab865d0b41590ab1f17ee427eab36

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c78159e6128ab865d0b41590ab1f17ee427eab36
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210729/064a253a/attachment.htm>

More information about the debian-security-tracker-commits mailing list