[Git][security-tracker-team/security-tracker][master] 2 commits: various bugs

Moritz Muehlenhoff jmm at debian.org
Sat Mar 6 20:17:58 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a736b065 by Moritz Mühlenhoff at 2021-03-06T21:17:39+01:00
various bugs

- - - - -
e466c26f by Moritz Mühlenhoff at 2021-03-06T21:17:41+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2021-28044
 CVE-2021-28043
 	RESERVED
 CVE-2021-28042 (Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Tra ...)
-	TODO: check
+	NOT-FOR-US: Deutsche Post Mailoptimizer
 CVE-2021-3423
 	RESERVED
 CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...)
@@ -25,27 +25,27 @@ CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be re
 CVE-2021-28040 (An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vuln ...)
 	- ossec-hids <itp> (bug #361954)
 CVE-2021-28037 (An issue was discovered in the internment crate before 0.4.2 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate internment
 CVE-2021-28036 (An issue was discovered in the quinn crate before 0.7.0 for Rust. It m ...)
-	TODO: check
+	NOT-FOR-US: Rust crate quinn
 CVE-2021-28035 (An issue was discovered in the stack_dst crate before 0.6.1 for Rust.  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate stack_dst
 CVE-2021-28034 (An issue was discovered in the stack_dst crate before 0.6.1 for Rust.  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate stack_dst
 CVE-2021-28033 (An issue was discovered in the byte_struct crate before 0.6.1 for Rust ...)
-	TODO: check
+	NOT-FOR-US: Rust crate byte_struct
 CVE-2021-28032 (An issue was discovered in the nano_arena crate before 0.5.2 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate nano_arena
 CVE-2021-28031 (An issue was discovered in the scratchpad crate before 1.3.1 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate scratchpad
 CVE-2021-28030 (An issue was discovered in the truetype crate before 0.30.1 for Rust.  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate truetype
 CVE-2021-28029 (An issue was discovered in the toodee crate before 0.3.0 for Rust. The ...)
-	TODO: check
+	NOT-FOR-US: Rust crate toodee
 CVE-2021-28028 (An issue was discovered in the toodee crate before 0.3.0 for Rust. Row ...)
-	TODO: check
+	NOT-FOR-US: Rust crate toodee
 CVE-2021-28027 (An issue was discovered in the bam crate before 0.1.3 for Rust. There  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate bam
 CVE-2021-28026 (jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff ...)
 	- jpeg-xl <itp> (bug #948862)
 CVE-2021-28025
@@ -9553,7 +9553,7 @@ CVE-2021-23898
 CVE-2021-23897
 	RESERVED
 CVE-2021-25900 (An issue was discovered in the smallvec crate before 0.6.14 and 1.x be ...)
-	- rust-smallvec <unfixed>
+	- rust-smallvec <unfixed> (bug #984665)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0003.html
 	NOTE: https://github.com/servo/rust-smallvec/issues/252
 CVE-2021-3127
@@ -15335,7 +15335,7 @@ CVE-2019-25009 (An issue was discovered in the http crate before 0.1.20 for Rust
 	- rust-http <unfixed>
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0034.html
 CVE-2019-25008 (An issue was discovered in the http crate before 0.1.20 for Rust. Head ...)
-	- rust-http <unfixed>
+	- rust-http <unfixed> (bug #969896)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0033.html
 CVE-2019-25007 (An issue was discovered in the streebog crate before 0.8.0 for Rust. T ...)
 	NOT-FOR-US: streebog rust crate
@@ -74209,7 +74209,7 @@ CVE-2020-9490 (Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted
 	NOTE: https://github.com/apache/httpd/commit/a61223e9cb906110f35ec144b93fee9eb80ad6e4
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2030
 CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit in Tika' ...)
-	- tika <unfixed>
+	- tika <unfixed> (bug #984666)
 	[bullseye] - tika <no-dsa> (Minor issue)
 	[buster] - tika <no-dsa> (Minor issue)
 	[jessie] - tika <ignored> (the fix is too invasive to backport)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0baaf4a49cc766af0c50e00266bb97bac62dfa24...e466c26fa7aa30d78c669f0353d879490d53be34

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0baaf4a49cc766af0c50e00266bb97bac62dfa24...e466c26fa7aa30d78c669f0353d879490d53be34
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210306/3587b2a4/attachment.htm>

More information about the debian-security-tracker-commits mailing list