[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jun 4 22:24:54 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5c86e6fb by Moritz Muehlenhoff at 2021-06-04T23:22:46+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -782,6 +782,8 @@ CVE-2021-33517
 	RESERVED
 CVE-2021-33516 (An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x befo ...)
 	- gupnp <unfixed> (bug #989098)
+	[bullseye] - gupnp <no-dsa> (Minor issue)
+	[buster] - gupnp <no-dsa> (Minor issue)
 	NOTE: https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536
 	NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/issues/24
 CVE-2021-33515
@@ -12266,6 +12268,7 @@ CVE-2021-28679
 CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ...)
 	[experimental] - pillow 8.2.0-1
 	- pillow <unfixed> (bug #989062)
+	[bullseye] - pillow <no-dsa> (Minor issue)
 	[buster] - pillow <no-dsa> (Minor issue)
 	[stretch] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
@@ -12273,6 +12276,7 @@ CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, Bl
 CVE-2021-28677 (An issue was discovered in Pillow before 8.2.0. For EPS data, the read ...)
 	[experimental] - pillow 8.2.0-1
 	- pillow <unfixed> (bug #989062)
+	[bullseye] - pillow <no-dsa> (Minor issue)
 	[buster] - pillow <no-dsa> (Minor issue)
 	[stretch] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
@@ -12280,6 +12284,7 @@ CVE-2021-28677 (An issue was discovered in Pillow before 8.2.0. For EPS data, th
 CVE-2021-28676 (An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecod ...)
 	[experimental] - pillow 8.2.0-1
 	- pillow <unfixed> (bug #989062)
+	[bullseye] - pillow <no-dsa> (Minor issue)
 	[buster] - pillow <no-dsa> (Minor issue)
 	[stretch] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
@@ -12287,6 +12292,7 @@ CVE-2021-28676 (An issue was discovered in Pillow before 8.2.0. For FLI data, Fl
 CVE-2021-28675 (An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImag ...)
 	[experimental] - pillow 8.2.0-1
 	- pillow <unfixed> (bug #989062)
+	[bullseye] - pillow <no-dsa> (Minor issue)
 	[buster] - pillow <no-dsa> (Minor issue)
 	[stretch] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
@@ -20595,6 +20601,7 @@ CVE-2021-25289 (An issue was discovered in Pillow before 8.1.1. TiffDecode has a
 CVE-2021-25288 (An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...)
 	[experimental] - pillow 8.2.0-1
 	- pillow <unfixed> (bug #989062)
+	[bullseye] - pillow <no-dsa> (Minor issue)
 	[buster] - pillow <no-dsa> (Minor issue)
 	[stretch] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
@@ -20602,6 +20609,7 @@ CVE-2021-25288 (An issue was discovered in Pillow before 8.2.0. There is an out-
 CVE-2021-25287 (An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...)
 	[experimental] - pillow 8.2.0-1
 	- pillow <unfixed> (bug #989062)
+	[bullseye] - pillow <no-dsa> (Minor issue)
 	[buster] - pillow <no-dsa> (Minor issue)
 	[stretch] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
@@ -25835,6 +25843,8 @@ CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect Secure
 CVE-2021-22898 [TELNET stack contents disclosure]
 	RESERVED
 	- curl <unfixed> (bug #989228)
+	[bullseye] - curl <no-dsa> (Minor issue)
+	[buster] - curl <no-dsa> (Minor issue)
 	[stretch] - curl <postponed> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2021-22898.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (7.7)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c86e6fbb02647c4df5954300e6ee746bdd9da19

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c86e6fbb02647c4df5954300e6ee746bdd9da19
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210604/8deec0b3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list