[Git][security-tracker-team/security-tracker][master] Stretch triage
Abhijith PA (@abhijith)
abhijith at debian.org
Mon Jun 14 08:22:15 BST 2021
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ad7195ce by Abhijith PA at 2021-06-14T12:50:55+05:30
Stretch triage
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1828,6 +1828,7 @@ CVE-2021-33830
RESERVED
CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...)
- ckeditor 4.16.0+dfsg-2
+ [stretch] - ckeditor <postponed> (Fix along next DLA)
NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
NOTE: https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed
CVE-2021-33828
@@ -6960,6 +6961,7 @@ CVE-2021-31685
RESERVED
CVE-2021-31684 (A vulnerability was discovered in the indexOf function of JSONParserBy ...)
- json-smart <unfixed>
+ [stretch] - json-smart <no-dsa> (Minor issue)
NOTE: https://github.com/netplex/json-smart-v2/issues/67
NOTE: https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5
NOTE: Security impact disputed by upstream
@@ -74628,6 +74630,7 @@ CVE-2020-15226 (In GLPI before version 9.5.2, there is a SQL Injection in the AP
- glpi <removed>
CVE-2020-15225 (django-filter is a generic system for filtering Django QuerySets based ...)
- django-filter 2.4.0-1
+ [stretch] - django-filter <no-dsa> (Minor issue)
NOTE: https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973
NOTE: https://github.com/carltongibson/django-filter/commit/340cf7a23a2b3dcd7183f6a0d6c383e85b130d2b
CVE-2020-15224 (In Open Enclave before version 0.12.0, an information disclosure vulne ...)
=====================================
data/dla-needed.txt
=====================================
@@ -53,6 +53,8 @@ gpac (Thorsten Alteholz)
--
htmldoc (Utkarsh Gupta)
--
+intel-microcode
+--
jetty9 (Sylvain Beucler)
--
libxstream-java
@@ -71,6 +73,8 @@ nvidia-graphics-drivers
NOTE: package is in non-free but also in packages-to-support
NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077
--
+openexr
+--
prosody (Anton Gladky)
NOTE: 20210519: at least the 10MB limit mentioned in CVE-2021-32918 is present
NOTE: 20210530: WIP
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad7195ce804fbde7305b53aaca1c4ce6cabc5c39
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad7195ce804fbde7305b53aaca1c4ce6cabc5c39
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210614/3d890864/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list