[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jun 17 14:14:53 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5c141398 by Moritz Muehlenhoff at 2021-06-17T15:14:13+02:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -989,6 +989,7 @@ CVE-2021-34364 (The Refined GitHub browser extension before 21.6.8 might allow X
 	NOT-FOR-US: Refined GitHub browser extension
 CVE-2021-34363 (The thefuck (aka The Fuck) package before 3.31 for Python allows Path  ...)
 	- thefuck <unfixed>
+	[buster] - thefuck <no-dsa> (Minor issue)
 	[stretch] - thefuck <no-dsa> (Minor issue)
 	NOTE: https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092 (3.31)
 	NOTE: https://github.com/nvbn/thefuck/pull/1206
@@ -1990,6 +1991,7 @@ CVE-2021-33897
 	RESERVED
 CVE-2021-33896 (Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (o ...)
 	- dino-im 0.2.0-3
+	[buster] - dino-im <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/2
 	NOTE: https://github.com/dino/dino/commit/0c8d25b7a3e7a10a506f1e19b868fe9b0c761495 (master)
 	NOTE: https://github.com/dino/dino/commit/1eaad1ccfbd00c6e76650535496531c172453994 (v0.2.1)
@@ -2145,6 +2147,7 @@ CVE-2021-33830
 	RESERVED
 CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor  ...)
 	- ckeditor 4.16.0+dfsg-2
+	[buster] - ckeditor <no-dsa> (Minor issue)
 	[stretch] - ckeditor <postponed> (Fix along next DLA)
 	NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
 	NOTE: https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed
@@ -15615,6 +15618,7 @@ CVE-2021-28214
 	RESERVED
 CVE-2021-28213 (Example EDK2 encrypted private key in the IpSecDxe.efi present potenti ...)
 	- edk2 <unfixed>
+	[buster] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1866
 CVE-2021-28212
 	RESERVED
@@ -20591,20 +20595,25 @@ CVE-2021-26200 (The user area for Library System 1.0 is vulnerable to SQL inject
 	NOT-FOR-US: Library System
 CVE-2021-26199 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...)
 	- iotjs <unfixed>
+	[buster] - iotjs <no-dsa> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4056
 CVE-2021-26198 (An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_ ...)
 	- iotjs <unfixed>
+	[buster] - iotjs <no-dsa> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4402
 CVE-2021-26197 (An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_ ...)
 	- iotjs <unfixed>
+	[buster] - iotjs <no-dsa> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4403
 CVE-2021-26196
 	RESERVED
 CVE-2021-26195 (An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-o ...)
 	- iotjs <unfixed>
+	[buster] - iotjs <no-dsa> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4442
 CVE-2021-26194 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...)
 	- iotjs <unfixed>
+	[buster] - iotjs <no-dsa> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4445
 CVE-2021-26193
 	RESERVED
@@ -32114,6 +32123,7 @@ CVE-2021-21440
 	RESERVED
 CVE-2021-21439 (DoS attack can be performed when an email contains specially designed  ...)
 	- otrs2 <unfixed>
+	[buster] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-09/
 	NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
 	NOTE: src:otrs2 is the znuny fork)


=====================================
data/dsa-needed.txt
=====================================
@@ -21,6 +21,8 @@ chromium
 --
 djvulibre
 --
+intel-microcode
+--
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v4.19.y versions.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c1413980da11beaf9744d60073edd7c41868f05

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c1413980da11beaf9744d60073edd7c41868f05
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210617/38dffc70/attachment.htm>

More information about the debian-security-tracker-commits mailing list