[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jul 30 08:03:48 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
646a50d4 by Moritz Muehlenhoff at 2021-07-30T09:03:28+02:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1913,6 +1913,7 @@ CVE-2020-36431 (Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_ar
 	NOT-FOR-US: Unicorn Engine
 CVE-2020-36430 (libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode ...)
 	- libass 1:0.15.0-2
+	[buster] - libass <not-affected> (Vulnerable code not present)
 	[stretch] - libass <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libass/OSV-2020-2099.yaml
@@ -2106,6 +2107,7 @@ CVE-2021-36746 (Blackboard Learn through 9.1 allows XSS by an authenticated user
 	NOT-FOR-US: Blackboard Learn
 CVE-2020-36420 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1 allows denial of  ...)
 	- polipo <removed>
+	[buster] - polipo <ignored> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/11/18/1
 CVE-2021-36745
 	RESERVED


=====================================
data/dsa-needed.txt
=====================================
@@ -25,12 +25,16 @@ djvulibre
 --
 icu
 --
+libsndfile (jmm)
+--
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v4.19.y versions.
 --
 ndpi
 --
+nodejs (jmm)
+--
 jetty9
   Markus Koschany is prepared updates for review: <4b37da65195e937871b4b9e2b48b8d56d87ca4d5.camel at debian.org>
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/646a50d4474de0dd9ae205e37c8ef87ceebc920d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/646a50d4474de0dd9ae205e37c8ef87ceebc920d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210730/de661c0d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list