[Git][security-tracker-team/security-tracker][master] buster triage
Moritz Muehlenhoff
jmm at debian.org
Fri Mar 12 17:57:37 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
270ca809 by Moritz Muehlenhoff at 2021-03-12T18:57:18+01:00
buster triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1154,6 +1154,7 @@ CVE-2020-35358
CVE-2021-27803 (A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant b ...)
{DLA-2581-1}
- wpa 2:2.9.0-21
+ [buster] - wpa <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/25/3
NOTE: https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
NOTE: https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
@@ -19149,6 +19150,7 @@ CVE-2021-20329
RESERVED
CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...)
- mongo-java-driver <unfixed>
+ [buster] - mongo-java-driver <no-dsa> (Minor issue)
[stretch] - mongo-java-driver <no-dsa> (Minor issue)
NOTE: https://jira.mongodb.org/browse/JAVA-4017
NOTE: https://github.com/mongodb/mongo-java-driver/commit/60d87d5a76645a331a77ccc45ef7c67aac88b234
@@ -26858,6 +26860,7 @@ CVE-2020-28484
RESERVED
CVE-2020-28483 (This affects all versions of package github.com/gin-gonic/gin. When gi ...)
- golang-github-gin-gonic-gin <unfixed>
+ [buster] - golang-github-gin-gonic-gin <no-dsa> (Minor issue)
NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736
NOTE: https://github.com/gin-gonic/gin/pull/2474#issuecomment-729696437
NOTE: https://github.com/gin-gonic/gin/commit/c9ea8ece4a3881028f7f715f008414346a7f4b88
@@ -35310,14 +35313,17 @@ CVE-2020-25790 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to u
NOT-FOR-US: Typesetter CMS
CVE-2020-25789 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...)
- tt-rss 21~git20210204.b4cbc79+dfsg-1 (bug #970633)
+ [buster] - tt-rss <no-dsa> (Minor issue)
NOTE: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
NOTE: https://git.tt-rss.org/fox/tt-rss/commit/da5af2fae091041cca27b24b6f0e69e4a6d0dc60
CVE-2020-25788 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...)
- tt-rss 21~git20210204.b4cbc79+dfsg-1 (bug #970633)
+ [buster] - tt-rss <no-dsa> (Minor issue)
NOTE: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
NOTE: https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
CVE-2020-25787 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...)
- tt-rss 21~git20210204.b4cbc79+dfsg-1 (bug #970633)
+ [buster] - tt-rss <no-dsa> (Minor issue)
NOTE: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
NOTE: https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
CVE-2020-25786 (** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L ...)
@@ -52543,6 +52549,7 @@ CVE-2020-17522 (When ORT (now via atstccfg) generates ip_allow.config files in A
NOT-FOR-US: Apache Traffic Control
CVE-2020-17521 (Apache Groovy provides extension methods to aid with creating temporar ...)
- groovy 2.4.21-1 (bug #977399)
+ [buster] - groovy <no-dsa> (Minor issue)
[stretch] - groovy <no-dsa> (Minor issue)
- groovy2 <removed>
NOTE: https://issues.apache.org/jira/browse/GROOVY-9824
@@ -77754,17 +77761,20 @@ CVE-2020-8287 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow t
CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check for cert ...)
{DLA-2500-1}
- curl 7.74.0-1 (bug #977161)
+ [buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2020-8286.html
NOTE: https://github.com/curl/curl/commit/d9d01672785b8ac04aab1abb6de95fe3072ae199 (curl-7_74_0)
CVE-2020-8285 (curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recu ...)
{DLA-2500-1}
- curl 7.74.0-1 (bug #977162)
+ [buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2020-8285.html
NOTE: https://github.com/curl/curl/issues/6255
NOTE: https://github.com/curl/curl/commit/69a358f2186e04cf44698b5100332cbf1ee7f01d (curl-7_74_0)
CVE-2020-8284 (A malicious server can use the FTP PASV response to trick curl 7.73.0 ...)
{DLA-2500-1}
- curl 7.74.0-1 (bug #977163)
+ [buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2020-8284.html
NOTE: https://github.com/curl/curl/commit/ec9cc725d598ac77de7b6df8afeec292b3c8ad46 (curl-7_74_0)
CVE-2020-8283 (An authorised user on a Windows host running Citrix Universal Print Se ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -35,6 +35,8 @@ python-pysaml2 (jmm)
--
salt
--
+tiff (jmm)
+--
tomcat9
--
xen (jmm)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/270ca809733d06313eb5f7c4018b99ba4e2ddbd0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/270ca809733d06313eb5f7c4018b99ba4e2ddbd0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210312/dc5d0d8f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list