[Git][security-tracker-team/security-tracker][master] Stretch triage

Abhijith PA abhijith at debian.org
Sat Mar 6 08:43:51 GMT 2021



Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38c02cf1 by Abhijith PA at 2021-03-06T14:13:22+05:30
Stretch triage

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -262,6 +262,7 @@ CVE-2021-27928
 	RESERVED
 CVE-2021-27927 (In Zabbix before 4.0.28rc1, 5.x before 5.0.8rc1, 5.1.x and 5.2.x befor ...)
 	- zabbix 1:5.0.8+dfsg-1
+	[stretch] - zabbix <no-dsa> (minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-18942
 CVE-2021-27926
 	RESERVED
@@ -287,6 +288,7 @@ CVE-2021-27918
 CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper overfl ...)
 	- newlib <unfixed> (bug #984446)
 	[buster] - newlib <no-dsa> (Minor issue)
+	[stretch] - newlib <no-dsa> (Minor issue)
 	- picolibc 1.5-1
 	- libnewlib-nano <unfixed> (bug #984424)
 	[buster] - libnewlib-nano <no-dsa> (Minor issue)
@@ -19477,11 +19479,13 @@ CVE-2020-35525
 CVE-2020-35524 [Heap-based buffer overflow in TIFF2PDF tool]
 	RESERVED
 	- tiff 4.1.0+git201212-1
+	[stretch] - tiff <no-dsa> (can be fixed along in next DLA)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/159
 CVE-2020-35523 [Integer overflow in tif_getimage.c]
 	RESERVED
 	- tiff 4.1.0+git201212-1
+	[stretch] - tiff <no-dsa> (can be fixed along in next DLA)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/160
 CVE-2020-35522 [Memory allocation failure in tif_pixarlog.c]
@@ -26266,6 +26270,7 @@ CVE-2020-28497
 	RESERVED
 CVE-2020-28496 (This affects the package three before 0.125.0. This can happen when ha ...)
 	- three.js <unfixed>
+	[stretch] - three.js <no-dsa> (can be fixed along in next DLA)
 	NOTE: https://github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e
 	NOTE: https://github.com/mrdoob/three.js/issues/21132
 CVE-2020-28495 (This affects the package total.js before 3.4.7. The set function can b ...)
@@ -31175,6 +31180,7 @@ CVE-2020-27353
 CVE-2020-27352
 	RESERVED
 	- snapd 2.49-1
+	[stretch] - snapd <no-dsa> (Minor issue)
 	NOTE: https://ubuntu.com/security/notices/USN-4728-1
 	NOTE: https://github.com/docker-snap/docker-snap/security/advisories/GHSA-798c-v3jq-h646
 	NOTE: https://bugs.launchpad.net/snapd/+bug/1910456


=====================================
data/dla-needed.txt
=====================================
@@ -67,6 +67,8 @@ libebml (Thorsten Alteholz)
 libupnp
   NOTE: 20210302: since utkarsh working wpa, might want to handle this as well ? (abhijith)
 --
+libcaca (Abhijith PA)
+--
 linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)
@@ -117,6 +119,8 @@ shiro
   NOTE: 20201004: Sent additional request to upstream dev list; stil no response. (roberto)
   NOTE: 20201220: Upstream has responded.  Working with them to backport fixes. (roberto)
 --
+smarty3 (Abhijith PA)
+--
 spotweb
   NOTE: 20201220: The affected code uses string concatenation to construct a SQL query.
   NOTE: 20201220: Upstream's "fix" is to blacklist all the "bad" SQL commands. (roberto)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38c02cf161216beb63ec5f43bbecc228d16cd9c1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38c02cf161216beb63ec5f43bbecc228d16cd9c1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210306/cb7e6c41/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list