[Git][security-tracker-team/security-tracker][master] buster triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
136422a1 by Moritz Muehlenhoff at 2021-06-17T18:52:20+02:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -549,33 +549,33 @@ CVE-2021-3596
 CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP network ...)
 	- libslirp <unfixed> (bug #989996)
 	- qemu 1:4.1-2
+	[buster] - qemu <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/3f17948137155f025f7809fdc38576d5d2451c3d (v4.6.0)
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf3ac86b7875559f49602c4d76f46f6f30 (v4.6.0)
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
-	TODO: check completeness
 CVE-2021-3594 (An invalid pointer initialization issue was found in the SLiRP network ...)
 	- libslirp <unfixed> (bug #989995)
 	- qemu 1:4.1-2
+	[buster] - qemu <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74572be49247c8c5feae7c6e0b50c4f569ca9824 (v4.6.0)
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
-	TODO: check completeness
 CVE-2021-3593 (An invalid pointer initialization issue was found in the SLiRP network ...)
 	- libslirp <unfixed> (bug #989994)
 	- qemu 1:4.1-2
+	[buster] - qemu <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15de66ba9350bf62c45b05f8fbff166517b (v4.6.0)
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
-	TODO: check completeness
 CVE-2021-3592 (An invalid pointer initialization issue was found in the SLiRP network ...)
 	- libslirp <unfixed> (bug #989993)
 	- qemu 1:4.1-2
+	[buster] - qemu <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45b25d92760bb0ad67bec0300a4d7d5275 (v4.6.0)
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c (v4.6.0)
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
-	TODO: check completeness
 CVE-2021-34558
 	RESERVED
 CVE-2021-34556
@@ -8420,6 +8420,7 @@ CVE-2021-31216
 CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...)
 	- slurm-wlm 20.11.7-1 (bug #988439)
 	- slurm-llnl <removed>
+	[buster] - slurm-llnl <no-dsa> (Minor issue)
 	[stretch] - slurm-llnl <not-affected> (env is already SPANKed)
 	NOTE: https://github.com/SchedMD/slurm/commit/a9e9e2fedbd200ca545ab67dd753bd52c919f236 (2.11.7)
 CVE-2021-3499 (A vulnerability was found in OVN Kubernetes in versions up to and incl ...)
@@ -12276,6 +12277,7 @@ CVE-2021-29626 (In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r36955
 	- kfreebsd-10 <unfixed> (unimportant)
 CVE-2021-29625 (Adminer is open-source database management software. A cross-site scri ...)
 	- adminer 4.7.9-2 (bug #988886)
+	[buster] - adminer <no-dsa> (Minor issue)
 	[stretch] - adminer <no-dsa> (Minor issue)
 	NOTE: https://github.com/vrana/adminer/security/advisories/GHSA-2v82-5746-vwqc
 	NOTE: https://github.com/vrana/adminer/commit/4043092ec2c0de2258d60a99d0c5958637d051a7
@@ -29734,6 +29736,8 @@ CVE-2021-22223
 CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allow ...)
 	[experimental] - wireshark 3.4.6-1~exp1
 	- wireshark <unfixed>
+	[bullseye] - wireshark <postponed> (Minor issue, can be fixed along in future update)
+	[buster] - wireshark <postponed> (Minor issue, can be fixed along in future update)
 	[stretch] - wireshark <postponed> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/3130
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-05.html


=====================================
data/dsa-needed.txt
=====================================
@@ -39,3 +39,5 @@ runc
 --
 salt
 --
+tor
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/136422a15519a509102a0da38653aab80e6ecdbe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/136422a15519a509102a0da38653aab80e6ecdbe
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210617/38566367/attachment-0001.htm>