[Git][security-tracker-team/security-tracker][master] 3 commits: Add Debian bug references for rpm issues

Mon Mar 15 19:33:44 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
873f9a0f by Salvatore Bonaccorso at 2021-03-15T20:26:49+01:00
Add Debian bug references for rpm issues

- - - - -
68e6db4d by Salvatore Bonaccorso at 2021-03-15T20:27:34+01:00
Add Debian bug reference for CVE-2021-21235

- - - - -
ddba15af by Salvatore Bonaccorso at 2021-03-15T20:31:55+01:00
Add references to upstream issue and pull request for CVE-2020-28591

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1037,7 +1037,7 @@ CVE-2021-3422
 	RESERVED
 CVE-2021-3421
 	RESERVED
-	- rpm <unfixed>
+	- rpm <unfixed> (bug #985308)
 	[bullseye] - rpm <no-dsa> (Minor issue)
 	[buster] - rpm <no-dsa> (Minor issue)
 	[stretch] - rpm <no-dsa> (Minor issue)
@@ -17388,7 +17388,7 @@ CVE-2021-21236 (CairoSVG is a Python (pypi) package. CairoSVG is an SVG converte
 	NOTE: Introduced by: https://github.com/Kozea/CairoSVG/commit/4f14d2e8f2d7f9b534c5342e26519b7c27386a81
 	NOTE: Fixed by: https://github.com/Kozea/CairoSVG/commit/063185b60588a41d4df661ad70f9f7b699901abc (2.5.1)
 CVE-2021-21235 (kamadak-exif is an exif parsing library written in pure Rust. In kamad ...)
-	- rust-kamadak-exif <unfixed>
+	- rust-kamadak-exif <unfixed> (bug #985309)
 	NOTE: https://github.com/kamadak/exif-rs/security/advisories/GHSA-px9g-8hgv-jvg2
 CVE-2021-21234 (spring-boot-actuator-logview in a library that adds a simple logfile v ...)
 	NOT-FOR-US: Spring actuator logview
@@ -19660,7 +19660,7 @@ CVE-2021-20272 (A flaw was found in privoxy before 3.0.32. An assertion failure
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=2256d7b4d67dd9c364386877d5af59943433458b
 CVE-2021-20271
 	RESERVED
-	- rpm <unfixed>
+	- rpm <unfixed> (bug #985308)
 	[bullseye] - rpm <no-dsa> (Minor issue)
 	[buster] - rpm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1934125
@@ -19687,7 +19687,7 @@ CVE-2021-20267
 	NOTE: https://review.opendev.org/c/openstack/neutron/+/776599
 CVE-2021-20266
 	RESERVED
-	- rpm <unfixed>
+	- rpm <unfixed> (bug #985308)
 	[bullseye] - rpm <no-dsa> (Minor issue)
 	[buster] - rpm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927741
@@ -19744,13 +19744,13 @@ CVE-2021-20250
 	- wildfly <itp> (bug #752018)
 CVE-2021-20249
 	RESERVED
-	- rpm <unfixed>
+	- rpm <unfixed> (bug #985308)
 	[bullseye] - rpm <no-dsa> (Minor issue)
 	[buster] - rpm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927742
 CVE-2021-20248
 	RESERVED
-	- rpm <unfixed>
+	- rpm <unfixed> (bug #985308)
 	[bullseye] - rpm <no-dsa> (Minor issue)
 	[buster] - rpm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927740
@@ -26838,6 +26838,8 @@ CVE-2020-28592
 CVE-2020-28591 (An out-of-bounds read vulnerability exists in the AMF File AMFParserCo ...)
 	- slic3r <unfixed>
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1215
+	NOTE: https://github.com/slic3r/Slic3r/issues/5061
+	NOTE: https://github.com/slic3r/Slic3r/pull/5063
 CVE-2020-28590
 	RESERVED
 CVE-2020-28589



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c17c2bb31c0c91f269187dc1447515a9e122db72...ddba15af996da237db21917b1b0c1c41342afa8b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c17c2bb31c0c91f269187dc1447515a9e122db72...ddba15af996da237db21917b1b0c1c41342afa8b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210315/5567467f/attachment.htm>
