[Git][security-tracker-team/security-tracker][master] 3 commits: lts: take firefox-esr
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Wed Jun 2 11:46:29 BST 2021
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7265a0a0 by Emilio Pozuelo Monfort at 2021-06-02T11:45:10+02:00
lts: take firefox-esr
- - - - -
29bdb172 by Emilio Pozuelo Monfort at 2021-06-02T11:46:22+02:00
lts: CVE-2021-33587/node-css-what EOL in stretch
- - - - -
7f3809bc by Emilio Pozuelo Monfort at 2021-06-02T12:41:26+02:00
lts: CVE-2021-22898/curl postponed on stretch
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -477,6 +477,7 @@ CVE-2021-33587 (The css-what package before 5.0.1 for Node.js does not ensure th
- node-css-what <unfixed> (bug #989264)
[bullseye] - node-css-what <ignored> (Minor issue, intrusive to backport fixes to older series)
[buster] - node-css-what <ignored> (Minor issue, intrusive to backport fixes to older series)
+ [stretch] - node-css-what <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655
NOTE: https://github.com/fb55/css-what/releases/tag/v5.0.1
CVE-2021-33585
@@ -25671,6 +25672,7 @@ CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect Secure
CVE-2021-22898 [TELNET stack contents disclosure]
RESERVED
- curl <unfixed> (bug #989228)
+ [stretch] - curl <postponed> (Minor issue)
NOTE: https://curl.se/docs/CVE-2021-22898.html
NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (7.7)
NOTE: Fixed by: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde (7.77.0)
=====================================
data/dla-needed.txt
=====================================
@@ -39,6 +39,8 @@ condor
eterm (Utkarsh)
NOTE: 20210521: src/term.c:process_escape_seq(), probably just disable vulnerable escape sequence
--
+firefox-esr (Emilio)
+--
gpac (Thorsten Alteholz)
NOTE: 20210524: WIP
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3dfbf70d721f73ed27149f7da18a67f38bb90af2...7f3809bc3c2c7988cd19b4d3451f515492c1aec0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3dfbf70d721f73ed27149f7da18a67f38bb90af2...7f3809bc3c2c7988cd19b4d3451f515492c1aec0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210602/cd94c810/attachment.htm>
More information about the debian-security-tracker-commits
mailing list