[Git][security-tracker-team/security-tracker][master] buster triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jun 17 14:14:53 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5c141398 by Moritz Muehlenhoff at 2021-06-17T15:14:13+02:00
buster triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -989,6 +989,7 @@ CVE-2021-34364 (The Refined GitHub browser extension before 21.6.8 might allow X
NOT-FOR-US: Refined GitHub browser extension
CVE-2021-34363 (The thefuck (aka The Fuck) package before 3.31 for Python allows Path ...)
- thefuck <unfixed>
+ [buster] - thefuck <no-dsa> (Minor issue)
[stretch] - thefuck <no-dsa> (Minor issue)
NOTE: https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092 (3.31)
NOTE: https://github.com/nvbn/thefuck/pull/1206
@@ -1990,6 +1991,7 @@ CVE-2021-33897
RESERVED
CVE-2021-33896 (Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (o ...)
- dino-im 0.2.0-3
+ [buster] - dino-im <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/2
NOTE: https://github.com/dino/dino/commit/0c8d25b7a3e7a10a506f1e19b868fe9b0c761495 (master)
NOTE: https://github.com/dino/dino/commit/1eaad1ccfbd00c6e76650535496531c172453994 (v0.2.1)
@@ -2145,6 +2147,7 @@ CVE-2021-33830
RESERVED
CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...)
- ckeditor 4.16.0+dfsg-2
+ [buster] - ckeditor <no-dsa> (Minor issue)
[stretch] - ckeditor <postponed> (Fix along next DLA)
NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
NOTE: https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed
@@ -15615,6 +15618,7 @@ CVE-2021-28214
RESERVED
CVE-2021-28213 (Example EDK2 encrypted private key in the IpSecDxe.efi present potenti ...)
- edk2 <unfixed>
+ [buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1866
CVE-2021-28212
RESERVED
@@ -20591,20 +20595,25 @@ CVE-2021-26200 (The user area for Library System 1.0 is vulnerable to SQL inject
NOT-FOR-US: Library System
CVE-2021-26199 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...)
- iotjs <unfixed>
+ [buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4056
CVE-2021-26198 (An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_ ...)
- iotjs <unfixed>
+ [buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4402
CVE-2021-26197 (An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_ ...)
- iotjs <unfixed>
+ [buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4403
CVE-2021-26196
RESERVED
CVE-2021-26195 (An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-o ...)
- iotjs <unfixed>
+ [buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4442
CVE-2021-26194 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...)
- iotjs <unfixed>
+ [buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4445
CVE-2021-26193
RESERVED
@@ -32114,6 +32123,7 @@ CVE-2021-21440
RESERVED
CVE-2021-21439 (DoS attack can be performed when an email contains specially designed ...)
- otrs2 <unfixed>
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-09/
NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
NOTE: src:otrs2 is the znuny fork)
=====================================
data/dsa-needed.txt
=====================================
@@ -21,6 +21,8 @@ chromium
--
djvulibre
--
+intel-microcode
+--
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v4.19.y versions.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c1413980da11beaf9744d60073edd7c41868f05
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c1413980da11beaf9744d60073edd7c41868f05
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210617/38dffc70/attachment.htm>
More information about the debian-security-tracker-commits
mailing list