[Git][security-tracker-team/security-tracker][master] add varnish-modules patch reference, older suites not affected

Tue Mar 23 10:23:21 GMT 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7d406cf by Moritz Muehlenhoff at 2021-03-23T11:22:49+01:00
add varnish-modules patch reference, older suites not affected

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1164,8 +1164,10 @@ CVE-2021-28544
 	RESERVED
 CVE-2021-28543 (Varnish varnish-modules before 0.17.1 allows remote attackers to cause ...)
 	- varnish-modules <unfixed>
+	[buster] - varnish-modules <not-affected> (Vulnerable code not present)
+	[stretch] - varnish-modules <not-affected> (Vulnerable code not present)
 	NOTE: https://varnish-cache.org/security/VSV00006.html
-	TODO: check, if only 0.17.0 and later affected?
+	NOTE: https://github.com/varnish/varnish-modules/commit/2c120e576ebb73bc247790184702ba58dc0afc39
 CVE-2021-28542
 	RESERVED
 CVE-2021-28541
@@ -21343,12 +21345,14 @@ CVE-2021-20247 (A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations
 CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An attacker  ...)
 	{DLA-2602-1}
 	- imagemagick <unfixed>
+	[bullseye] - imagemagick <ignored> (Minor issue)
 	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/3195
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/8d25d94a363b104acd6ff23df7470aeedb806c51
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f3190d4a6e6e8556575c84b5d976f77d111caa74
 CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker who subm ...)
 	- imagemagick <unfixed>
+	[bullseye] - imagemagick <ignored> (Minor issue)
 	[buster] - imagemagick <ignored> (Minor issue)
 	[stretch] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/3176
@@ -21357,6 +21361,7 @@ CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker wh
 CVE-2021-20244 (A flaw was found in ImageMagick in MagickCore/visual-effects.c. An att ...)
 	{DLA-2602-1}
 	- imagemagick <unfixed>
+	[bullseye] - imagemagick <ignored> (Minor issue)
 	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/pull/3194
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d
@@ -21372,6 +21377,7 @@ CVE-2021-20242
 CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker who submi ...)
 	{DLA-2602-1}
 	- imagemagick <unfixed>
+	[bullseye] - imagemagick <ignored> (Minor issue)
 	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/pull/3177
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/dd33b451c3e01098efad34bbaca2df78d5391dc8



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7d406cf0d3c3a52f5b3792f5ed1426446295082

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7d406cf0d3c3a52f5b3792f5ed1426446295082
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210323/8a998bbb/attachment-0001.htm>
