[Git][security-tracker-team/security-tracker][master] Merge already accepted packages for 10.10

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jun 19 09:59:41 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
55d4a6bb by Salvatore Bonaccorso at 2021-06-19T10:59:00+02:00
Merge already accepted packages for 10.10

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2657,7 +2657,7 @@ CVE-2021-33834
 	RESERVED
 CVE-2021-33833 (ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based b ...)
 	- connman 1.36-2.2 (bug #989662)
-	[buster] - connman <no-dsa> (Minor issue)
+	[buster] - connman 1.36-2.1~deb10u2
 	[stretch] - connman <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/09/1
 	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c
@@ -2729,7 +2729,7 @@ CVE-2021-3579
 CVE-2021-3578 [possible remote code execution in isync/mbsync]
 	RESERVED
 	- isync 1.3.0-2.2 (bug #989564)
-	[buster] - isync <no-dsa> (Minor issue)
+	[buster] - isync 1.3.0-2.2~deb10u1
 	[stretch] - isync <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/1
 CVE-2021-33806 (The BDew BdLib library before 1.16.1.7 for Minecraft allows remote cod ...)
@@ -3341,7 +3341,7 @@ CVE-2021-33561 (A stored cross-site scripting (XSS) vulnerability in Shopizer be
 	NOT-FOR-US: Shopizer
 CVE-2021-33560 (Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encry ...)
 	- libgcrypt20 1.8.7-6
-	[buster] - libgcrypt20 <no-dsa> (Minor issue)
+	[buster] - libgcrypt20 1.8.4-5+deb10u1
 	[stretch] - libgcrypt20 <no-dsa> (Minor issue)
 	NOTE: https://dev.gnupg.org/T5328 (not yet public)
 	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=3462280f2e23e16adf3ed5176e0f2413d8861320
@@ -3535,7 +3535,7 @@ CVE-2021-33478
 	RESERVED
 CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bound ...)
 	- fig2dev 1:3.2.8-3
-	[buster] - fig2dev <no-dsa> (Minor issue)
+	[buster] - fig2dev 1:3.2.7a-5+deb10u4
 	[stretch] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/116/
@@ -4209,10 +4209,10 @@ CVE-2021-33477 (rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 all
 	{DLA-2683-1 DLA-2682-1 DLA-2681-1 DLA-2671-1}
 	- rxvt <removed>
 	- rxvt-unicode 9.22-11 (bug #988763)
-	[buster] - rxvt-unicode <no-dsa> (Minor issue)
+	[buster] - rxvt-unicode 9.22-6+deb10u1
 	- mrxvt <removed>
 	- eterm 0.9.6-6.1 (bug #989041)
-	[buster] - eterm <no-dsa> (Minor issue)
+	[buster] - eterm 0.9.6-5+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/17/1
 	NOTE: Mentioned first in: https://www.openwall.com/lists/oss-security/2017/05/01/20
 	NOTE: Fixed by: http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583
@@ -5390,7 +5390,7 @@ CVE-2021-32641 (auth0-lock is Auth0's signin solution. Versions of nauth0-lock b
 	NOT-FOR-US: auth0-lock
 CVE-2021-32640 (ws is an open source WebSocket client and server library for Node.js.  ...)
 	- node-ws 7.4.2+~cs18.0.8-2
-	[buster] - node-ws <no-dsa> (Minor issue)
+	[buster] - node-ws 1.1.0+ds1.e6ddaae4-5+deb10u1
 	[stretch] - node-ws <no-dsa> (Minor issue)
 	NOTE: https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693
 	NOTE: https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
@@ -5817,7 +5817,7 @@ CVE-2021-3541
 	RESERVED
 	{DLA-2669-1}
 	- libxml2 2.9.10+dfsg-6.7 (bug #988603)
-	[buster] - libxml2 <no-dsa> (Minor issue)
+	[buster] - libxml2 2.9.4+dfsg1-7+deb10u2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950515
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/228 (currently private)
@@ -6691,7 +6691,7 @@ CVE-2019-25043 (ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing,
 CVE-2021-3537 (A vulnerability found in libxml2 in versions before 2.9.11 shows that  ...)
 	{DLA-2653-1}
 	- libxml2 2.9.10+dfsg-6.6 (bug #988123)
-	[buster] - libxml2 <no-dsa> (Minor issue)
+	[buster] - libxml2 2.9.4+dfsg1-7+deb10u2
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/243
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/244
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/245
@@ -7236,25 +7236,25 @@ CVE-2021-31874
 	RESERVED
 CVE-2021-31873 (An issue was discovered in klibc before 2.0.9. Additions in the malloc ...)
 	- klibc 2.0.8-6 (bug #989505)
-	[buster] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data)
+	[buster] - klibc 2.0.6-1+deb10u1
 	[stretch] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data)
 	NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=a31ae8c508fc8d1bca4f57e9f9f88127572d5202
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
 CVE-2021-31872 (An issue was discovered in klibc before 2.0.9. Multiple possible integ ...)
 	- klibc 2.0.8-6 (bug #989505)
-	[buster] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data)
+	[buster] - klibc 2.0.6-1+deb10u1
 	[stretch] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data)
 	NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
 CVE-2021-31871 (An issue was discovered in klibc before 2.0.9. An integer overflow in  ...)
 	- klibc 2.0.8-6 (bug #989505)
-	[buster] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data)
+	[buster] - klibc 2.0.6-1+deb10u1
 	[stretch] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data)
 	NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
 CVE-2021-31870 (An issue was discovered in klibc before 2.0.9. Multiplication in the c ...)
 	- klibc 2.0.8-6 (bug #989505)
-	[buster] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data)
+	[buster] - klibc 2.0.6-1+deb10u1
 	[stretch] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data)
 	NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
@@ -7406,19 +7406,19 @@ CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through Ph
 CVE-2021-3518 (There's a flaw in libxml2 in versions before 2.9.11. An attacker who i ...)
 	{DLA-2653-1}
 	- libxml2 2.9.10+dfsg-6.6 (bug #987737)
-	[buster] - libxml2 <no-dsa> (Minor issue)
+	[buster] - libxml2 2.9.4+dfsg1-7+deb10u2
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7
 CVE-2021-3517 (There is a flaw in the xml entity encoding functionality of libxml2 in ...)
 	{DLA-2653-1}
 	- libxml2 2.9.10+dfsg-6.6 (bug #987738)
-	[buster] - libxml2 <no-dsa> (Minor issue)
+	[buster] - libxml2 2.9.4+dfsg1-7+deb10u2
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2
 CVE-2021-3516 (There's a flaw in libxml2's xmllint in versions before 2.9.11. An atta ...)
 	{DLA-2653-1}
 	- libxml2 2.9.10+dfsg-6.6 (bug #987739)
-	[buster] - libxml2 <no-dsa> (Minor issue)
+	[buster] - libxml2 2.9.4+dfsg1-7+deb10u2
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539
 CVE-2021-3515 (A shell injection flaw was found in pglogical in versions before 2.3.4 ...)
@@ -13215,7 +13215,7 @@ CVE-2021-29470 (Exiv2 is a command-line utility and C++ library for reading, wri
 	NOTE: https://github.com/Exiv2/exiv2/commit/c372f2677d6f7cf88a8f26ef6bc175561e406ee2
 CVE-2021-29469 (Node-redis is a Node.js Redis client. Before version 3.1.1, when a cli ...)
 	- node-redis 3.0.2+~cs5.18.1-3
-	[buster] - node-redis <no-dsa> (Minor issue)
+	[buster] - node-redis 2.8.0-1+deb10u1
 	NOTE: https://github.com/NodeRedis/node-redis/issues/1569
 	NOTE: https://github.com/NodeRedis/node-redis/security/advisories/GHSA-35q2-47q7-3pc3
 	NOTE: https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e
@@ -13503,10 +13503,10 @@ CVE-2021-29377
 CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a denial of ser ...)
 	- ircii-pana <removed>
 	- ircii 20210314-1 (bug #986214)
-	[buster] - ircii <no-dsa> (Minor issue)
+	[buster] - ircii 20190117-1+deb10u1
 	[stretch] - ircii <postponed> (Minor issue; can be fixed in next update)
 	- scrollz 2.2.3-2 (bug #986215)
-	[buster] - scrollz <no-dsa> (Minor issue)
+	[buster] - scrollz 2.2.3-1+deb10u1
 	[stretch] - scrollz <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/2
 	NOTE: https://github.com/ScrollZ/ScrollZ/issues/25
@@ -15733,7 +15733,7 @@ CVE-2021-28422
 	RESERVED
 CVE-2021-28421 (FluidSynth 2.1.7 contains a use after free vulnerability in sfloader/f ...)
 	- fluidsynth 2.1.7-1.1 (bug #987168)
-	[buster] - fluidsynth <no-dsa> (Minor issue)
+	[buster] - fluidsynth 1.1.11-1+deb10u1
 	[stretch] - fluidsynth <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/FluidSynth/fluidsynth/issues/808
 	NOTE: https://github.com/FluidSynth/fluidsynth/pull/810
@@ -16384,7 +16384,7 @@ CVE-2016-20009 (** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based buffer
 	NOT-FOR-US: Wind River VxWorks
 CVE-2021-28153 (An issue was discovered in GNOME GLib before 2.66.8. When g_file_repla ...)
 	- glib2.0 2.66.7-2 (bug #984969)
-	[buster] - glib2.0 <no-dsa> (Minor issue)
+	[buster] - glib2.0 2.58.3-2+deb10u3
 	[stretch] - glib2.0 <postponed> (Minor issue, directory traversal exploitable in file-roller)
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2325
 CVE-2021-3435
@@ -18558,7 +18558,7 @@ CVE-2021-27230 (ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Co
 CVE-2021-27229 (Mumble before 1.3.4 allows remote code execution if a victim navigates ...)
 	{DLA-2562-1}
 	- mumble 1.3.4-1 (bug #982904)
-	[buster] - mumble <no-dsa> (Minor issue)
+	[buster] - mumble 1.3.0~git20190125.440b173+dfsg-2+deb10u1
 	NOTE: https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648
 	NOTE: https://github.com/mumble-voip/mumble/pull/4733
 CVE-2021-27228 (An issue was discovered in Shinobi through ocean version 1. lib/auth.j ...)
@@ -18848,7 +18848,7 @@ CVE-2021-27105
 CVE-2021-3407 (A flaw was found in mupdf 1.18.0. Double free of object during lineari ...)
 	{DLA-2589-1}
 	- mupdf 1.17.0+ds1-1.3 (bug #983684)
-	[buster] - mupdf <no-dsa> (Minor issue)
+	[buster] - mupdf 1.14.0+ds1-4+deb10u3
 	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703366 (not public yet)
 CVE-2021-3406 (A flaw was found in keylime 5.8.1 and older. The issue in the Keylime  ...)
@@ -19267,7 +19267,7 @@ CVE-2021-26930 (An issue was discovered in the Linux kernel 3.11 through 5.10.16
 CVE-2021-26929 (An XSS issue was discovered in Horde Groupware Webmail Edition through ...)
 	{DLA-2564-1}
 	- php-horde-text-filter 2.3.7-1 (bug #982769)
-	[buster] - php-horde-text-filter <no-dsa> (Minor issue)
+	[buster] - php-horde-text-filter 2.3.5-3+deb10u2
 	NOTE: https://lists.horde.org/archives/announce/2021/001298.html
 	NOTE: https://github.com/horde/Text_Filter/commit/c26f938854c36b981558a3b1b9b2f81403cff60e (master)
 	NOTE: https://github.com/horde/Text_Filter/commit/a2f67da064d7a91440b7a2448e56a6387ab94c67 (v2.3.7)
@@ -19489,13 +19489,13 @@ CVE-2021-21299 (hyper is an open-source HTTP library for Rust (crates.io). In hy
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0020.html
 CVE-2021-27218 (An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before  ...)
 	- glib2.0 2.66.7-1 (bug #982779)
-	[buster] - glib2.0 <no-dsa> (Minor issue)
+	[buster] - glib2.0 2.58.3-2+deb10u3
 	[stretch] - glib2.0 <postponed> (fix along with CVE-2021-27219)
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942
 	NOTE: Test case depends on CVE-2021-27219 fix
 CVE-2021-27219 (An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before  ...)
 	- glib2.0 2.66.6-1 (bug #982778)
-	[buster] - glib2.0 <no-dsa> (Minor issue)
+	[buster] - glib2.0 2.58.3-2+deb10u3
 	[stretch] - glib2.0 <postponed> (requires fixing vulnerable rdeps, follow buster strategy)
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2319
 	NOTE: Fix introduces new API 'g_memdup2'
@@ -23690,7 +23690,7 @@ CVE-2021-25218
 CVE-2021-25217 (In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 ( ...)
 	{DLA-2674-1}
 	- isc-dhcp 4.4.1-2.3 (bug #989157)
-	[buster] - isc-dhcp <no-dsa> (Can be fixed via point release)
+	[buster] - isc-dhcp 4.4.1-2+deb10u1
 	NOTE: https://kb.isc.org/docs/cve-2021-25217
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/6
 	NOTE: https://downloads.isc.org/isc/dhcp/4.4.2-P1/patches/4.4.2.CVE-2021-25217.patch
@@ -27755,7 +27755,7 @@ CVE-2021-23370 (This affects the package swiper before 6.5.1. ...)
 	NOT-FOR-US: swiper
 CVE-2021-23369 (The package handlebars before 4.7.7 are vulnerable to Remote Code Exec ...)
 	- node-handlebars 3:4.7.6+~4.1.0-2
-	[buster] - node-handlebars <no-dsa> (Minor issue; will be fixed via point release)
+	[buster] - node-handlebars 3:4.1.0-1+deb10u3
 	- libjs-handlebars <removed>
 	[stretch] - libjs-handlebars <ignored> (Minor issue and too intrusive to backport)
 	NOTE: https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8
@@ -27783,7 +27783,7 @@ CVE-2021-23363 (This affects the package kill-by-port before 0.0.2. If (attacker
 	NOT-FOR-US: Node kill-by-port
 CVE-2021-23362 (The package hosted-git-info before 3.0.8 are vulnerable to Regular Exp ...)
 	- node-hosted-git-info 3.0.8-1
-	[buster] - node-hosted-git-info <no-dsa> (Minor issue)
+	[buster] - node-hosted-git-info 2.7.1-1+deb10u1
 	[stretch] - node-hosted-git-info <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3
 	NOTE: https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
@@ -29194,7 +29194,7 @@ CVE-2021-22697 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulne
 CVE-2020-36189 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2996
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -29202,7 +29202,7 @@ CVE-2020-36189 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 CVE-2020-36188 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2996
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -29210,7 +29210,7 @@ CVE-2020-36188 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 CVE-2020-36187 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2997
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -29218,7 +29218,7 @@ CVE-2020-36187 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 CVE-2020-36186 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2997
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -29226,7 +29226,7 @@ CVE-2020-36186 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 CVE-2020-36185 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2998
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -29234,7 +29234,7 @@ CVE-2020-36185 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 CVE-2020-36184 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2998
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -29242,7 +29242,7 @@ CVE-2020-36184 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 CVE-2020-36183 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/3003
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -29250,7 +29250,7 @@ CVE-2020-36183 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 CVE-2020-36182 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -29258,7 +29258,7 @@ CVE-2020-36182 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 CVE-2020-36181 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -29266,7 +29266,7 @@ CVE-2020-36181 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 CVE-2020-36180 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -29274,7 +29274,7 @@ CVE-2020-36180 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 CVE-2020-36179 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -32979,7 +32979,7 @@ CVE-2020-35729 (KLog Server 2.4.1 allows OS command injection via shell metachar
 CVE-2020-35728 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2999
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -36384,7 +36384,7 @@ CVE-2021-20248
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927740
 CVE-2021-20247 (A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of th ...)
 	- isync 1.3.0-2.1 (bug #983351)
-	[buster] - isync <no-dsa> (Minor issue)
+	[buster] - isync 1.3.0-2.2~deb10u1
 	[stretch] - isync <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/22/1
 CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An attacker  ...)
@@ -36481,13 +36481,13 @@ CVE-2021-20233 (A flaw was found in grub2 in versions prior to 2.06. Setparam_pr
 	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 CVE-2021-20232 (A flaw was found in gnutls. A use after free issue in client_send_para ...)
 	- gnutls28 3.7.1-1
-	[buster] - gnutls28 <no-dsa> (Minor issue)
+	[buster] - gnutls28 3.6.7-4+deb10u7
 	[stretch] - gnutls28 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
 	NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1151
 CVE-2021-20231 (A flaw was found in gnutls. A use after free issue in client sending k ...)
 	- gnutls28 3.7.1-1
-	[buster] - gnutls28 <no-dsa> (Minor issue)
+	[buster] - gnutls28 3.6.7-4+deb10u7
 	[stretch] - gnutls28 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
 	NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1151
@@ -36625,7 +36625,7 @@ CVE-2021-20205 (Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a deni
 CVE-2021-20204 (A heap memory corruption problem (use after free) can be triggered in  ...)
 	{DLA-2660-1}
 	- libgetdata 0.10.0-10 (bug #988239)
-	[buster] - libgetdata <no-dsa> (Minor issue)
+	[buster] - libgetdata 0.10.0-5+deb10u1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956348
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/libgetdata/+bug/1912050
 CVE-2021-20203 (An integer overflow issue was found in the vmxnet3 NIC emulator of the ...)
@@ -36700,7 +36700,7 @@ CVE-2021-20191 (A flaw was found in ansible. Credentials, such as secrets, are b
 CVE-2021-20190 (A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishan ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2854
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -37207,7 +37207,7 @@ CVE-2020-35492 (A flaw was found in cairo's image-compositor.c in all versions p
 CVE-2020-35491 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2986
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -37215,7 +37215,7 @@ CVE-2020-35491 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 CVE-2020-35490 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2986
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -37434,7 +37434,7 @@ CVE-2020-35460 (common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allo
 CVE-2020-35459 (An issue was discovered in ClusterLabs crmsh through 4.2.1. Local atta ...)
 	{DLA-2533-1}
 	- crmsh 4.2.1-2 (bug #985376)
-	[buster] - crmsh <no-dsa> (Minor issue)
+	[buster] - crmsh 4.0.0~git20190108.3d56538-3+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/3
 CVE-2020-35458 (An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There ...)
 	- hawk <itp> (bug #634344)
@@ -38025,7 +38025,7 @@ CVE-2020-35177 (HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the
 CVE-2020-35176 (In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial a ...)
 	{DLA-2506-1}
 	- awstats 7.8-2 (bug #977190)
-	[buster] - awstats <no-dsa> (Minor issue; can be fixed via point release)
+	[buster] - awstats 7.6+dfsg-2+deb10u1
 	NOTE: https://github.com/eldy/awstats/issues/195
 	NOTE: https://github.com/eldy/AWStats/commit/96756d7f40e002cc1e6ba72c633fb66b92e54f49
 CVE-2020-35175 (Frappe Framework 12 and 13 does not properly validate the HTTP method  ...)
@@ -39975,7 +39975,7 @@ CVE-2020-29601 (The official notary docker images before signer-0.6.1-1 contain
 CVE-2020-29600 (In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute ...)
 	{DLA-2506-1}
 	- awstats 7.8-1 (bug #891469)
-	[buster] - awstats <no-dsa> (Minor issue; can be fixed via point release)
+	[buster] - awstats 7.6+dfsg-2+deb10u1
 	NOTE: https://github.com/eldy/awstats/issues/90
 	NOTE: https://github.com/eldy/awstats/commit/d4d815d0caae3dbae83ac70a1ae4581bd57cf376
 CVE-2020-29599 (ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the - ...)
@@ -42885,7 +42885,7 @@ CVE-2021-1406 (A vulnerability in Cisco Unified Communications Manager (Unified
 CVE-2021-1405 (A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) ...)
 	{DLA-2626-1}
 	- clamav 0.103.2+dfsg-1 (bug #986622; bug #986790)
-	[buster] - clamav <no-dsa> (clamav is updated via -updates)
+	[buster] - clamav 0.103.2+dfsg-0+deb10u1
 	NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
 CVE-2021-1404 (A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) S ...)
 	- clamav 0.103.2+dfsg-1 (bug #986622; bug #986790)
@@ -43711,12 +43711,12 @@ CVE-2021-1077 (NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 dr
 	- nvidia-graphics-drivers-tesla-460 460.73.01-1 (bug #987222)
 CVE-2021-1076 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...)
 	- nvidia-graphics-drivers 460.73.01-1 (bug #987216)
-	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers 418.197.02-1
 	- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #987217)
 	[buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
 	[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-390xx 390.143-1 (bug #987218)
-	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers-legacy-390xx 390.143-1~deb10u1
 	- nvidia-graphics-drivers-tesla-418 418.197.02-1 (bug #987219)
 	- nvidia-graphics-drivers-tesla-440 <unfixed> (bug #987220)
 	- nvidia-graphics-drivers-tesla-450 450.119.03-1 (bug #987221)
@@ -44037,7 +44037,7 @@ CVE-2020-28470 (This affects the package @scullyio/scully before 1.0.9. The tran
 	NOT-FOR-US: scully
 CVE-2020-28469 (This affects the package glob-parent before 5.1.2. The enclosure regex ...)
 	- node-glob-parent 5.1.1+~5.1.0-2
-	[buster] - node-glob-parent <no-dsa> (Minor issue)
+	[buster] - node-glob-parent 3.1.0-1+deb10u1
 	[stretch] - node-glob-parent <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
 	NOTE: https://github.com/gulpjs/glob-parent/commit/f9231168b0041fea3f8f954b3cceb56269fc6366
@@ -51782,7 +51782,7 @@ CVE-2019-20921 (bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS)
 	NOT-FOR-US: bootstrap-select
 CVE-2019-20920 (Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrar ...)
 	- node-handlebars 3:4.5.3-1
-	[buster] - node-handlebars <no-dsa> (Minor issue)
+	[buster] - node-handlebars 3:4.1.0-1+deb10u3
 	- libjs-handlebars <removed>
 	[stretch] - libjs-handlebars <ignored> (Only reverse depends was diaspora which not in stretch and too intrusive to backport)
 	NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
@@ -53165,7 +53165,7 @@ CVE-2020-25650 (A flaw was found in the way the spice-vdagentd daemon handled fi
 CVE-2020-25649 (A flaw was found in FasterXML Jackson Databind, where it did not have  ...)
 	{DLA-2406-1}
 	- jackson-databind 2.11.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2589
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59 (jackson-databind-2.11.0.rc1)
 CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) message ...)
@@ -54766,6 +54766,7 @@ CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_t
 CVE-2020-24977 (GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerabil ...)
 	{DLA-2369-1}
 	- libxml2 2.9.10+dfsg-6.2 (unimportant; bug #969529)
+	[buster] - libxml2 2.9.4+dfsg1-7+deb10u2
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
 	NOTE: The issue is specific and restricted to xmllint:
@@ -55252,7 +55253,7 @@ CVE-2020-24751
 CVE-2020-24750 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2798
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -55451,7 +55452,7 @@ CVE-2020-24660 (An issue was discovered in LemonLDAP::NG through 2.0.8, when NGI
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2290
 CVE-2020-24659 (An issue was discovered in GnuTLS before 3.6.15. A server can trigger  ...)
 	- gnutls28 3.6.15-1 (bug #969547)
-	[buster] - gnutls28 <no-dsa> (Minor issue)
+	[buster] - gnutls28 3.6.7-4+deb10u7
 	[stretch] - gnutls28 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04
 	NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1071
@@ -55547,7 +55548,7 @@ CVE-2020-24617 (Mailtrain through 1.24.1 allows SQL Injection in statsClickedSub
 CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...)
 	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
-	[buster] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind 2.9.8-3+deb10u3
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2814
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
@@ -72039,7 +72040,7 @@ CVE-2020-16601
 	RESERVED
 CVE-2020-16600 (A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF  ...)
 	- mupdf 1.17.0+ds1-1 (bug #989526)
-	[buster] - mupdf <no-dsa> (only reads formerly used memory)
+	[buster] - mupdf 1.14.0+ds1-4+deb10u3
 	[stretch] - mupdf <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702253
 	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=96751b25462f83d6e16a9afaf8980b0c3f979c8b
@@ -76044,7 +76045,7 @@ CVE-2020-15079 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, t
 	NOT-FOR-US: PrestaShop
 CVE-2020-15078 (OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass ...)
 	- openvpn 2.5.1-2 (bug #987380)
-	[buster] - openvpn <no-dsa> (Minor issue)
+	[buster] - openvpn 2.4.7-1+deb10u1
 	[stretch] - openvpn <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenVPN/openvpn/commit/f7b3bf067ffce72e7de49a4174fd17a3a83f0573 (v2.5.2)
 	NOTE: https://github.com/OpenVPN/openvpn/commit/3d18e308c4e7e6f7ab7c2826c70d2d07b031c18a (v2.5.2)
@@ -79343,7 +79344,7 @@ CVE-2020-13937 (Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.
 CVE-2020-13936 (An attacker that is able to modify Velocity templates may execute arbi ...)
 	{DLA-2595-1}
 	- velocity 1.7-6 (bug #985220)
-	[buster] - velocity <no-dsa> (Minor issue)
+	[buster] - velocity 1.7-5+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/10/1
 	NOTE: Fixed by: https://github.com/apache/velocity-engine/commit/1ba60771d23dae7e6b3138ae6bee09cf6f9d2485
 CVE-2020-13935 (The payload length in a WebSocket frame was not correctly validated in ...)
@@ -81517,7 +81518,7 @@ CVE-2020-13125 (An issue was discovered in the "Ultimate Addons for Elementor" p
 	NOT-FOR-US: "Ultimate Addons for Elementor" plugin for WordPress
 CVE-2020-13124 (SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in ...)
 	- sabnzbdplus 3.1.1+dfsg-1
-	[buster] - sabnzbdplus <no-dsa> (Minor issue, can be fixed via point release, contrib not supported)
+	[buster] - sabnzbdplus 2.3.6+dfsg-1+deb10u1
 	[stretch] - sabnzbdplus <ignored> (contrib not supported)
 	NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-9x87-96gg-33w2
 	NOTE: https://github.com/sabnzbd/sabnzbd/commit/dfcba6e2fb37f58fea06b453b1ba258c7f110429
@@ -83178,7 +83179,7 @@ CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has
 CVE-2020-12460 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper nul ...)
 	{DLA-2639-1}
 	- opendmarc 1.4.0~beta1+dfsg-3 (bug #966464)
-	[buster] - opendmarc <no-dsa> (Minor issue)
+	[buster] - opendmarc 1.3.2-6+deb10u2
 	NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/64
 	NOTE: https://github.com/trusteddomainproject/OpenDMARC/commit/50d28af25d8735504b6103537228ce7f76ad765f
 CVE-2020-12459 (In certain Red Hat packages for Grafana 6.x through 6.3.6, the configu ...)
@@ -85616,7 +85617,7 @@ CVE-2020-11811 (In qdPM 9.1, an attacker can upload a malicious .php file to the
 	NOT-FOR-US: qdPM
 CVE-2020-11810 (An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can ...)
 	- openvpn 2.4.9-1 (low)
-	[buster] - openvpn <no-dsa> (Minor issue)
+	[buster] - openvpn 2.4.7-1+deb10u1
 	[stretch] - openvpn <no-dsa> (Minor issue)
 	[jessie] - openvpn <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab
@@ -97069,7 +97070,7 @@ CVE-2020-7664 (In all versions of the package github.com/unknwon/cae/zip, the Ex
 CVE-2020-7663 (websocket-extensions ruby module prior to 0.1.5 allows Denial of Servi ...)
 	{DLA-2334-1}
 	- ruby-websocket-extensions 0.1.5-1 (bug #964274)
-	[buster] - ruby-websocket-extensions <no-dsa> (Minor issue)
+	[buster] - ruby-websocket-extensions 0.1.2-1+deb10u1
 	NOTE: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2
 	NOTE: https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b
 CVE-2020-7662 (websocket-extensions npm module prior to 0.1.4 allows Denial of Servic ...)
@@ -101161,7 +101162,7 @@ CVE-2020-6099
 	RESERVED
 CVE-2020-6098 (An exploitable denial of service vulnerability exists in the freeDiame ...)
 	- freediameter 1.2.1-8 (bug #985088)
-	[buster] - freediameter <no-dsa> (Minor issue)
+	[buster] - freediameter 1.2.1-7+deb10u1
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030
 	NOTE: Possible fix: http://www.freediameter.net/trac/changeset/19ab8ac08a361642e7f9ec9f2657202c6f8ef9ee/freeDiameter?old=edfb2b662b91af94b2fccc48b11eec904ccab370
 CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atftpd da ...)
@@ -103278,7 +103279,7 @@ CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i
 CVE-2020-5208 (It's been found that multiple functions in ipmitool before 1.8.19 negl ...)
 	{DLA-2098-1}
 	- ipmitool 1.8.18-10.1 (bug #950761)
-	[buster] - ipmitool <no-dsa> (Minor issue)
+	[buster] - ipmitool 1.8.18-6+deb10u1
 	[stretch] - ipmitool <no-dsa> (Minor issue)
 	NOTE: https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
 	NOTE: https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2
@@ -115170,7 +115171,7 @@ CVE-2019-18850 (TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via
 CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the victim' ...)
 	{DLA-2005-1}
 	- tnef 1.4.18-1 (bug #944851)
-	[buster] - tnef <no-dsa> (Minor issue; can be fixed via point release)
+	[buster] - tnef 1.4.12-1.2+deb10u1
 	[stretch] - tnef <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://github.com/verdammelt/tnef/pull/40
 CVE-2019-18848 (The json-jwt gem before 1.11.0 for Ruby lacks an element count during  ...)
@@ -132462,7 +132463,7 @@ CVE-2019-1020015 (graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3
 	NOT-FOR-US: graphql-engine (aka Hasura GraphQL Engine)
 CVE-2019-1020014 (docker-credential-helpers before 0.6.3 has a double free in the List f ...)
 	- golang-github-docker-docker-credential-helpers 0.6.1-3 (bug #933801)
-	[buster] - golang-github-docker-docker-credential-helpers <no-dsa> (Minor issue, can be fixed in point release)
+	[buster] - golang-github-docker-docker-credential-helpers 0.6.1-2+deb10u1
 	[stretch] - golang-github-docker-docker-credential-helpers <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a
 CVE-2019-1020013 (parse-server before 3.6.0 allows account enumeration. ...)
@@ -174336,7 +174337,7 @@ CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT fra
 	- activemq 5.15.9-1 (bug #925964; unimportant)
 	[jessie] - activemq <not-affected> (MQTT support not enabled)
 	- mqtt-client 1.16-1 (bug #988109)
-	[buster] - mqtt-client <no-dsa> (Minor issue)
+	[buster] - mqtt-client 1.14-1+deb10u1
 	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
 	NOTE: activemq disabled MQTT transport in 5.6.0+dfsg-1 (d/patches/exclude_mqtt.diff)
 	NOTE: but enabled activemq-mqtt in 5.13.2+dfsg-2 using the external mqtt-client.


=====================================
data/next-point-update.txt
=====================================
@@ -1,147 +1,3 @@
-CVE-2019-1020014
-	[buster] - golang-github-docker-docker-credential-helpers 0.6.1-2+deb10u1
-CVE-2020-29600
-	[buster] - awstats 7.6+dfsg-2+deb10u1
-CVE-2020-35176
-	[buster] - awstats 7.6+dfsg-2+deb10u1
-CVE-2020-5208
-	[buster] - ipmitool 1.8.18-6+deb10u1
-CVE-2020-13124
-	[buster] - sabnzbdplus 2.3.6+dfsg-1+deb10u1
-CVE-2021-23362
-	[buster] - node-hosted-git-info 2.7.1-1+deb10u1
-CVE-2021-28153
-	[buster] - glib2.0 2.58.3-2+deb10u3
-CVE-2021-27219
-	[buster] - glib2.0 2.58.3-2+deb10u3
-CVE-2021-27218
-	[buster] - glib2.0 2.58.3-2+deb10u3
-CVE-2020-35459
-	[buster] - crmsh 4.0.0~git20190108.3d56538-3+deb10u1
-CVE-2020-6098
-	[buster] - freediameter 1.2.1-7+deb10u1
-CVE-2021-1405
-	[buster] - clamav 0.103.2+dfsg-0+deb10u1
-CVE-2019-20920
-	[buster] - node-handlebars 3:4.1.0-1+deb10u3
-CVE-2021-23369
-	[buster] - node-handlebars 3:4.1.0-1+deb10u3
-CVE-2020-28469
-	[buster] - node-glob-parent 3.1.0-1+deb10u1
-CVE-2019-18849
-	[buster] - tnef 1.4.12-1.2+deb10u1
-CVE-2020-24616
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2020-24750
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2020-25649
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2020-35490
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2020-35491
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2020-35728
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2020-36179
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2020-36180
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2020-36181
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2020-36182
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2020-36183
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2020-36184
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2020-36185
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2020-36186
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2020-36187
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2020-36188
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2020-36189
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2021-20190
-	[buster] - jackson-databind 2.9.8-3+deb10u3
-CVE-2021-28421
-	[buster] - fluidsynth 1.1.11-1+deb10u1
-CVE-2020-12460
-	[buster] - opendmarc 1.3.2-6+deb10u2
-CVE-2021-29469
-	[buster] - node-redis 2.8.0-1+deb10u1
-CVE-2021-1076
-	[buster] - nvidia-graphics-drivers 418.197.02-1
-	[buster] - nvidia-graphics-drivers-legacy-390xx 390.143-1~deb10u1
-CVE-2020-11810
-	[buster] - openvpn 2.4.7-1+deb10u1
-CVE-2020-15078
-	[buster] - openvpn 2.4.7-1+deb10u1
-CVE-2021-27229
-	[buster] - mumble 1.3.0~git20190125.440b173+dfsg-2+deb10u1
-CVE-2020-13936
-	[buster] - velocity 1.7-5+deb10u1
- CVE-2020-7663
-	[buster] - ruby-websocket-extensions 0.1.2-1+deb10u1
-CVE-2021-20204
-	[buster] - libgetdata 0.10.0-5+deb10u1
-CVE-2021-29376
-	[buster] - ircii 20190117-1+deb10u1
-	[buster] - scrollz 2.2.3-1+deb10u1
-CVE-2020-24659
-	[buster] - gnutls28 3.6.7-4+deb10u7
-CVE-2021-20231
-	[buster] - gnutls28 3.6.7-4+deb10u7
-CVE-2021-20232
-	[buster] - gnutls28 3.6.7-4+deb10u7
-CVE-2019-0222
-	[buster] - mqtt-client 1.14-1+deb10u1
-CVE-2021-33477
-	[buster] - rxvt-unicode 9.22-6+deb10u1
-CVE-2021-3561
-	[buster] - fig2dev 1:3.2.7a-5+deb10u4
-CVE-2021-26929
-	[buster] - php-horde-text-filter 2.3.5-3+deb10u2
-CVE-2021-32640
-	[buster] - node-ws 1.1.0+ds1.e6ddaae4-5+deb10u1
-CVE-2021-25217
-	[buster] - isc-dhcp 4.4.1-2+deb10u1
-CVE-2021-33560
-	[buster] - libgcrypt20 1.8.4-5+deb10u1
-CVE-2021-31871
-	[buster] - klibc 2.0.6-1+deb10u1
-CVE-2021-31872
-	[buster] - klibc 2.0.6-1+deb10u1
-CVE-2021-31873
-	[buster] - klibc 2.0.6-1+deb10u1
-CVE-2021-31874
-	[buster] - klibc 2.0.6-1+deb10u1
-CVE-2020-16600
-	[buster] - mupdf 1.14.0+ds1-4+deb10u3
-CVE-2021-3407
-	[buster] - mupdf 1.14.0+ds1-4+deb10u3
-CVE-2021-20247
-	[buster] - isync 1.3.0-2.2~deb10u1
-CVE-2021-3578
-	[buster] - isync 1.3.0-2.2~deb10u1
-CVE-2021-33477
-	[buster] - eterm 0.9.6-5+deb10u1
-CVE-2020-24977
-	[buster] - libxml2 2.9.4+dfsg1-7+deb10u2
-CVE-2021-3516
-	[buster] - libxml2 2.9.4+dfsg1-7+deb10u2
-CVE-2021-3517
-	[buster] - libxml2 2.9.4+dfsg1-7+deb10u2
-CVE-2021-3518
-	[buster] - libxml2 2.9.4+dfsg1-7+deb10u2
-CVE-2021-3537
-	[buster] - libxml2 2.9.4+dfsg1-7+deb10u2
-CVE-2021-3541
-	[buster] - libxml2 2.9.4+dfsg1-7+deb10u2
-CVE-2021-33833
-	[buster] - connman 1.36-2.1~deb10u2
 CVE-2019-20446
 	[buster] - librsvg 2.44.10-2.1+deb10u1
 CVE-2019-17134



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55d4a6bb113a0028d39c30bd635be25f6bcc3578

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55d4a6bb113a0028d39c30bd635be25f6bcc3578
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210619/66b7140d/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list