[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jun 4 20:22:39 BST 2021



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc990afd by Moritz Muehlenhoff at 2021-06-04T21:22:25+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10265,8 +10265,10 @@ CVE-2021-29509 (Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications.
 CVE-2021-29508 (Due to how Wire handles type information in its serialization format,  ...)
 	NOT-FOR-US: Wire
 CVE-2021-29507 (### Impact _What kind of vulnerability is it? Who is impacted?_ The vu ...)
-	- dlt-daemon <unfixed>
-	NOTE: https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f
+	- dlt-daemon <unfixed> (unimportant)
+	NOTE: https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f (useless boilerplate only)
+	NOTE: https://github.com/GENIVI/dlt-daemon/commit/f5344f8cf036e6dcb899522e8e679639dd23e1a4
+	NOTE: No security impact, config files need to be trusted
 CVE-2021-29506 (GraphHopper is an open-source Java routing engine. In GrassHopper from ...)
 	NOT-FOR-US: GraphHopper
 CVE-2021-29505 (### Impact The vulnerability may allow a remote attacker has sufficien ...)
@@ -16673,12 +16675,14 @@ CVE-2021-26827 (Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+
 	NOT-FOR-US: TP-Link
 CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is caused ...)
 	- godot <unfixed> (bug #982593)
+	[bullseye] - godot <no-dsa> (Minor issue)
 	[buster] - godot <no-dsa> (Minor issue)
 	NOTE: https://github.com/godotengine/godot/pull/45701
 	NOTE: https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a (master)
 	NOTE: https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8 (3.2)
 CVE-2021-26825 (An integer overflow issue exists in Godot Engine up to v3.2 that can b ...)
 	- godot <unfixed> (bug #982593)
+	[bullseye] - godot <no-dsa> (Minor issue)
 	[buster] - godot <no-dsa> (Minor issue)
 	NOTE: https://github.com/godotengine/godot/pull/45701
 	NOTE: https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a (master)
@@ -29301,6 +29305,7 @@ CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There i
 	NOTE: https://github.com/gpac/gpac/issues/1659
 CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a us ...)
 	- gpac <unfixed> (bug #987374)
+	[bullseye] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a
 	NOTE: https://github.com/gpac/gpac/issues/1661
 CVE-2020-35979 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap ...)
@@ -71071,6 +71076,8 @@ CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4
 	NOTE: https://support.zabbix.com/browse/ZBX-18057
 CVE-2020-15802 (Devices supporting Bluetooth before 5.1 may allow man-in-the-middle at ...)
 	- linux <unfixed>
+	[bullseye] - linux <postponed> (Minor issue, revisit when/if fixed upstream)
+	[buster] - linux <postponed> (Minor issue, revisit when/if fixed upstream)
 	NOTE: https://www.kb.cert.org/vuls/id/589825/
 CVE-2020-15801 (In Python 3.8.4, sys.path restrictions specified in a python38._pth fi ...)
 	- python3.9 <not-affected> (Windows-specific)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc990afd56fc6a57c8701b8920898094fc59ff96

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc990afd56fc6a57c8701b8920898094fc59ff96
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210604/26f4c85c/attachment.htm>


More information about the debian-security-tracker-commits mailing list