[Git][security-tracker-team/security-tracker][master] Stretch triage

Abhijith PA abhijith at debian.org
Sun Mar 7 14:57:30 GMT 2021 


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c220ce4b by Abhijith PA at 2021-03-07T20:27:05+05:30
Stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1138,6 +1138,7 @@ CVE-2021-27516 (URI.js (aka urijs) before 1.19.6 mishandles certain uses of back
 	NOT-FOR-US: urijs
 CVE-2021-27515 (url-parse before 1.5.0 mishandles certain uses of backslash such as ht ...)
 	- node-url-parse <unfixed>
+	[stretch] - node-url-parse <no-dsa> (Minor issue)
 	NOTE: https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0
 	NOTE: https://github.com/unshiftio/url-parse/pull/197
 CVE-2021-27514 (EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for th ...)
@@ -2505,6 +2506,7 @@ CVE-2021-26907
 	RESERVED
 CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium Asterisk thro ...)
 	- asterisk 1:16.16.1~dfsg-1 (bug #983159)
+	[stretch] - asterisk <no-dsa> (Minor issue)
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2021-005.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29196
 CVE-2021-3402
@@ -15641,6 +15643,7 @@ CVE-2020-35777 (NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by comma
 	NOT-FOR-US: Netgear
 CVE-2020-35776 (A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk version ...)
 	- asterisk 1:16.16.1~dfsg-1 (bug #983158)
+	[stretch] - asterisk <no-dsa> (Minor issue)
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2021-001.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29227
 CVE-2020-35775 (CITSmart before 9.1.2.23 allows LDAP Injection. ...)
@@ -16475,7 +16478,7 @@ CVE-2021-21239 (PySAML2 is a pure python implementation of SAML Version 2 Standa
 	NOTE: https://github.com/IdentityPython/pysaml2/commit/751dbf50a51131b13d55989395f9b115045f9737
 CVE-2021-21238 (PySAML2 is a pure python implementation of SAML Version 2 Standard. Py ...)
 	- python-pysaml2 6.5.1-1 (bug #980773)
-	[stretch] - python-pysaml2 <no-dsa> (python3-xmlschema not available in stretch for fix)
+	[stretch] - python-pysaml2 <ignored> (python3-xmlschema not available in stretch for fix)
 	NOTE: https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9
 	NOTE: https://github.com/IdentityPython/pysaml2/commit/3b707723dcf1bf60677b424aac398c0c3557641d
 CVE-2021-21237 (Git LFS is a command line extension for managing large files with Git. ...)
@@ -18644,6 +18647,7 @@ CVE-2021-20329
 	RESERVED
 CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...)
 	- mongo-java-driver <unfixed>
+	[stretch] - mongo-java-driver <no-dsa> (Minor issue)
 	NOTE: https://jira.mongodb.org/browse/JAVA-4017
 	NOTE: https://github.com/mongodb/mongo-java-driver/commit/60d87d5a76645a331a77ccc45ef7c67aac88b234
 CVE-2021-20327 (A specific version of the Node.js mongodb-client-encryption module doe ...)
@@ -19104,6 +19108,7 @@ CVE-2021-20201 [Client initiated renegotiation denial of service]
 	RESERVED
 	- spice <unfixed> (bug #983698)
 	[buster] - spice <no-dsa> (Minor issue)
+	[stretch] - spice <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/spice/spice/-/issues/49
 	NOTE: https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749
 	NOTE: https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9
@@ -31467,6 +31472,7 @@ CVE-2020-27224 (In Eclipse Theia versions up to and including 1.2.0, the Markdow
 	NOT-FOR-US: Eclipse Theia
 CVE-2020-27223 (In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0 ...)
 	- jetty9 9.4.38-1
+	[stretch] - jetty9 <no-dsa> (Minor issue)
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7
 CVE-2020-27222 (In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based ( ...)
@@ -38132,6 +38138,7 @@ CVE-2020-24393 (TweetStream 2.6.1 uses the library eventmachine in an insecure w
 	NOT-FOR-US: TweetStream
 CVE-2020-24392 (In voloko twitter-stream 0.1.10, missing TLS hostname validation allow ...)
 	- ruby-twitter-stream <unfixed>
+	[stretch] - ruby-twitter-stream <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream
 CVE-2020-24391
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c220ce4b2c4e79fe5bf698336c243b868194d03c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c220ce4b2c4e79fe5bf698336c243b868194d03c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210307/f6bd0e45/attachment.htm>

More information about the debian-security-tracker-commits mailing list