[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff jmm at debian.org
Fri Mar 12 17:57:37 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
270ca809 by Moritz Muehlenhoff at 2021-03-12T18:57:18+01:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1154,6 +1154,7 @@ CVE-2020-35358
 CVE-2021-27803 (A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant b ...)
 	{DLA-2581-1}
 	- wpa 2:2.9.0-21
+	[buster] - wpa <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/25/3
 	NOTE: https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
 	NOTE: https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
@@ -19149,6 +19150,7 @@ CVE-2021-20329
 	RESERVED
 CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...)
 	- mongo-java-driver <unfixed>
+	[buster] - mongo-java-driver <no-dsa> (Minor issue)
 	[stretch] - mongo-java-driver <no-dsa> (Minor issue)
 	NOTE: https://jira.mongodb.org/browse/JAVA-4017
 	NOTE: https://github.com/mongodb/mongo-java-driver/commit/60d87d5a76645a331a77ccc45ef7c67aac88b234
@@ -26858,6 +26860,7 @@ CVE-2020-28484
 	RESERVED
 CVE-2020-28483 (This affects all versions of package github.com/gin-gonic/gin. When gi ...)
 	- golang-github-gin-gonic-gin <unfixed>
+	[buster] - golang-github-gin-gonic-gin <no-dsa> (Minor issue)
 	NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736
 	NOTE: https://github.com/gin-gonic/gin/pull/2474#issuecomment-729696437
 	NOTE: https://github.com/gin-gonic/gin/commit/c9ea8ece4a3881028f7f715f008414346a7f4b88
@@ -35310,14 +35313,17 @@ CVE-2020-25790 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to u
 	NOT-FOR-US: Typesetter CMS
 CVE-2020-25789 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...)
 	- tt-rss 21~git20210204.b4cbc79+dfsg-1 (bug #970633)
+	[buster] - tt-rss <no-dsa> (Minor issue)
 	NOTE: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
 	NOTE: https://git.tt-rss.org/fox/tt-rss/commit/da5af2fae091041cca27b24b6f0e69e4a6d0dc60
 CVE-2020-25788 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...)
 	- tt-rss 21~git20210204.b4cbc79+dfsg-1 (bug #970633)
+	[buster] - tt-rss <no-dsa> (Minor issue)
 	NOTE: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
 	NOTE: https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
 CVE-2020-25787 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...)
 	- tt-rss 21~git20210204.b4cbc79+dfsg-1 (bug #970633)
+	[buster] - tt-rss <no-dsa> (Minor issue)
 	NOTE: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
 	NOTE: https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
 CVE-2020-25786 (** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L  ...)
@@ -52543,6 +52549,7 @@ CVE-2020-17522 (When ORT (now via atstccfg) generates ip_allow.config files in A
 	NOT-FOR-US: Apache Traffic Control
 CVE-2020-17521 (Apache Groovy provides extension methods to aid with creating temporar ...)
 	- groovy 2.4.21-1 (bug #977399)
+	[buster] - groovy <no-dsa> (Minor issue)
 	[stretch] - groovy <no-dsa> (Minor issue)
 	- groovy2 <removed>
 	NOTE: https://issues.apache.org/jira/browse/GROOVY-9824
@@ -77754,17 +77761,20 @@ CVE-2020-8287 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow t
 CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check for cert ...)
 	{DLA-2500-1}
 	- curl 7.74.0-1 (bug #977161)
+	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2020-8286.html
 	NOTE: https://github.com/curl/curl/commit/d9d01672785b8ac04aab1abb6de95fe3072ae199 (curl-7_74_0)
 CVE-2020-8285 (curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recu ...)
 	{DLA-2500-1}
 	- curl 7.74.0-1 (bug #977162)
+	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2020-8285.html
 	NOTE: https://github.com/curl/curl/issues/6255
 	NOTE: https://github.com/curl/curl/commit/69a358f2186e04cf44698b5100332cbf1ee7f01d (curl-7_74_0)
 CVE-2020-8284 (A malicious server can use the FTP PASV response to trick curl 7.73.0  ...)
 	{DLA-2500-1}
 	- curl 7.74.0-1 (bug #977163)
+	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2020-8284.html
 	NOTE: https://github.com/curl/curl/commit/ec9cc725d598ac77de7b6df8afeec292b3c8ad46 (curl-7_74_0)
 CVE-2020-8283 (An authorised user on a Windows host running Citrix Universal Print Se ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -35,6 +35,8 @@ python-pysaml2 (jmm)
 --
 salt
 --
+tiff (jmm)
+--
 tomcat9
 --
 xen (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/270ca809733d06313eb5f7c4018b99ba4e2ddbd0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/270ca809733d06313eb5f7c4018b99ba4e2ddbd0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210312/dc5d0d8f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list