[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff
jmm at debian.org
Mon Mar 15 18:46:44 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e76a6e38 by Moritz Muehlenhoff at 2021-03-15T19:46:32+01:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1038,6 +1038,7 @@ CVE-2021-3422
CVE-2021-3421
RESERVED
- rpm <unfixed>
+ [bullseye] - rpm <no-dsa> (Minor issue)
[buster] - rpm <no-dsa> (Minor issue)
[stretch] - rpm <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927747
@@ -2288,8 +2289,7 @@ CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86 Inte
NOTE: the issue more precisely only affects Xen versions up to 4.11 with version
NOTE: containing broken backport for XSA-321 / CVE-2020-15565
CVE-2021-27378 (An issue was discovered in the rand_core crate before 0.6.2 for Rust. ...)
- - rust-rand-core <unfixed> (bug #985087)
- [buster] - rust-rand-core <ignored> (Minor issue)
+ - rust-rand-core <not-affected> (0.5.1 not affected, see #985087)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0023.html
CVE-2021-27377 (An issue was discovered in the yottadb crate before 1.2.0 for Rust. Fo ...)
NOT-FOR-US: Rust crate yottadb
@@ -19661,6 +19661,8 @@ CVE-2021-20272 (A flaw was found in privoxy before 3.0.32. An assertion failure
CVE-2021-20271
RESERVED
- rpm <unfixed>
+ [bullseye] - rpm <no-dsa> (Minor issue)
+ [buster] - rpm <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1934125
CVE-2021-20270
RESERVED
@@ -19686,6 +19688,8 @@ CVE-2021-20267
CVE-2021-20266
RESERVED
- rpm <unfixed>
+ [bullseye] - rpm <no-dsa> (Minor issue)
+ [buster] - rpm <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927741
CVE-2021-20265 (A flaw was found in the way memory resources were freed in the unix_st ...)
- linux 4.4.4-1
@@ -19723,6 +19727,7 @@ CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface exposes
NOT-FOR-US: Red Hat Satellite
CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was found in ...)
- qemu <unfixed> (bug #984451)
+ [bullseye] - qemu <postponed> (Minor issue)
[buster] - qemu <postponed> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
@@ -19740,10 +19745,14 @@ CVE-2021-20250
CVE-2021-20249
RESERVED
- rpm <unfixed>
+ [bullseye] - rpm <no-dsa> (Minor issue)
+ [buster] - rpm <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927742
CVE-2021-20248
RESERVED
- rpm <unfixed>
+ [bullseye] - rpm <no-dsa> (Minor issue)
+ [buster] - rpm <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927740
CVE-2021-20247 (A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of th ...)
- isync 1.3.0-2.1 (bug #983351)
@@ -27285,6 +27294,7 @@ CVE-2020-28464 (This affects the package djv before 2.1.4. By controlling the sc
NOT-FOR-US: Node djv
CVE-2020-28463 (All versions of package reportlab are vulnerable to Server-side Reques ...)
- python-reportlab <unfixed>
+ [bullseye] - python-reportlab <no-dsa> (Minor issue)
[buster] - python-reportlab <no-dsa> (Minor issue)
[stretch] - python-reportlab <postponed> (Can be fixed in next DLA)
NOTE: https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145
@@ -85935,6 +85945,7 @@ CVE-2020-5238 (The table extension in GitHub Flavored Markdown before version 0.
- cmark-gfm <unfixed> (bug #965984)
[buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm <unfixed> (bug #965983)
+ [bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
[buster] - python-cmarkgfm <no-dsa> (Minor issue)
- ruby-commonmarker 0.21.0-1 (bug #965981)
[buster] - ruby-commonmarker <no-dsa> (Minor issue)
@@ -124479,7 +124490,7 @@ CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when set
CVE-2019-11292 (Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2. ...)
NOT-FOR-US: Pivotal
CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior ...)
- - rabbitmq-server <unfixed> (bug #945601)
+ - rabbitmq-server 3.8.3-1 (bug #945601)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
[stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <postponed> (Minor issue)
@@ -124491,7 +124502,7 @@ CVE-2019-11289 (Cloud Foundry Routing, all versions before 0.193.0, does not pro
CVE-2019-11288 (In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions pr ...)
NOT-FOR-US: Pivotal
CVE-2019-11287 (Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3. ...)
- - rabbitmq-server <unfixed> (bug #945600)
+ - rabbitmq-server 3.8.3-1 (bug #945600)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
[stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <postponed> (Minor issue)
@@ -125255,7 +125266,8 @@ CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability all
NOT-FOR-US: GAT-Ship Web Module
CVE-2015-9284 (The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vuln ...)
- ruby-omniauth <unfixed> (bug #973384)
- [buster] - ruby-omniauth <no-dsa> (Minor issue)
+ [bullseye] - ruby-omniauth <ignored> (Minor issue)
+ [buster] - ruby-omniauth <ignored> (Minor issue)
[stretch] - ruby-omniauth <no-dsa> (Minor issue)
[jessie] - ruby-omniauth <no-dsa> (Fix is in additional gem and needs CSRF protection in apps)
NOTE: https://github.com/omniauth/omniauth/pull/809
@@ -125907,6 +125919,7 @@ CVE-2019-10785 (dojox is vulnerable to Cross-site Scripting in all versions befo
NOTE: https://github.com/dojo/dojox/pull/315
CVE-2019-10784 (phppgadmin through 7.12.1 allows sensitive actions to be performed wit ...)
- phppgadmin <unfixed> (bug #953945)
+ [bullseye] - phppgadmin <no-dsa> (Minor issue)
[buster] - phppgadmin <no-dsa> (Minor issue)
[stretch] - phppgadmin <no-dsa> (Minor issue)
[jessie] - phppgadmin <no-dsa> (Minor issue)
@@ -129206,7 +129219,7 @@ CVE-2019-1010019
CVE-2019-1010018 (Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Script ...)
- zammad <itp> (bug #841355)
CVE-2019-1010017 (libnmap < v0.6.3 is affected by: XML Injection. The impact is: Deni ...)
- - python-libnmap <unfixed> (low)
+ - python-libnmap 0.7.2-1 (low)
[buster] - python-libnmap <no-dsa> (Minor issue)
NOTE: https://github.com/savon-noir/python-libnmap/issues/87
NOTE: https://github.com/savon-noir/python-libnmap/pull/109
@@ -130441,6 +130454,7 @@ CVE-2019-9546 (SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege
NOT-FOR-US: SolarWinds Orion Platform
CVE-2019-9545 (An issue was discovered in Poppler 0.74.0. A recursive function call, ...)
- poppler <unfixed> (low; bug #923552)
+ [bullseye] - poppler <ignored> (Minor issue)
[buster] - poppler <ignored> (Minor issue)
[stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <ignored> (Minor issue)
@@ -130449,6 +130463,7 @@ CVE-2019-9544 (An issue was discovered in Bento4 1.5.1-628. An out of bounds wri
NOT-FOR-US: Bento4
CVE-2019-9543 (An issue was discovered in Poppler 0.74.0. A recursive function call, ...)
- poppler <unfixed> (low; bug #923553)
+ [bullseye] - poppler <ignored> (Minor issue)
[buster] - poppler <ignored> (Minor issue)
[stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <postponed> (Minor issue; revisit when fixed upstream)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e76a6e38906759a22530b56f8793545e1121dfb8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e76a6e38906759a22530b56f8793545e1121dfb8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210315/ce50c3f6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list