[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jun 4 20:22:39 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bc990afd by Moritz Muehlenhoff at 2021-06-04T21:22:25+02:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10265,8 +10265,10 @@ CVE-2021-29509 (Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications.
CVE-2021-29508 (Due to how Wire handles type information in its serialization format, ...)
NOT-FOR-US: Wire
CVE-2021-29507 (### Impact _What kind of vulnerability is it? Who is impacted?_ The vu ...)
- - dlt-daemon <unfixed>
- NOTE: https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f
+ - dlt-daemon <unfixed> (unimportant)
+ NOTE: https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f (useless boilerplate only)
+ NOTE: https://github.com/GENIVI/dlt-daemon/commit/f5344f8cf036e6dcb899522e8e679639dd23e1a4
+ NOTE: No security impact, config files need to be trusted
CVE-2021-29506 (GraphHopper is an open-source Java routing engine. In GrassHopper from ...)
NOT-FOR-US: GraphHopper
CVE-2021-29505 (### Impact The vulnerability may allow a remote attacker has sufficien ...)
@@ -16673,12 +16675,14 @@ CVE-2021-26827 (Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+
NOT-FOR-US: TP-Link
CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is caused ...)
- godot <unfixed> (bug #982593)
+ [bullseye] - godot <no-dsa> (Minor issue)
[buster] - godot <no-dsa> (Minor issue)
NOTE: https://github.com/godotengine/godot/pull/45701
NOTE: https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a (master)
NOTE: https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8 (3.2)
CVE-2021-26825 (An integer overflow issue exists in Godot Engine up to v3.2 that can b ...)
- godot <unfixed> (bug #982593)
+ [bullseye] - godot <no-dsa> (Minor issue)
[buster] - godot <no-dsa> (Minor issue)
NOTE: https://github.com/godotengine/godot/pull/45701
NOTE: https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a (master)
@@ -29301,6 +29305,7 @@ CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There i
NOTE: https://github.com/gpac/gpac/issues/1659
CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a us ...)
- gpac <unfixed> (bug #987374)
+ [bullseye] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a
NOTE: https://github.com/gpac/gpac/issues/1661
CVE-2020-35979 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap ...)
@@ -71071,6 +71076,8 @@ CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4
NOTE: https://support.zabbix.com/browse/ZBX-18057
CVE-2020-15802 (Devices supporting Bluetooth before 5.1 may allow man-in-the-middle at ...)
- linux <unfixed>
+ [bullseye] - linux <postponed> (Minor issue, revisit when/if fixed upstream)
+ [buster] - linux <postponed> (Minor issue, revisit when/if fixed upstream)
NOTE: https://www.kb.cert.org/vuls/id/589825/
CVE-2020-15801 (In Python 3.8.4, sys.path restrictions specified in a python38._pth fi ...)
- python3.9 <not-affected> (Windows-specific)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc990afd56fc6a57c8701b8920898094fc59ff96
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc990afd56fc6a57c8701b8920898094fc59ff96
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210604/26f4c85c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list