[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2020-24994 as no-dsa

Fri Mar 26 23:11:00 GMT 2021


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3e6d75f9 by Thorsten Alteholz at 2021-03-27T00:10:21+01:00
mark CVE-2020-24994 as no-dsa

- - - - -
785dcf61 by Thorsten Alteholz at 2021-03-27T00:10:22+01:00
mark CVE-2021-20267 as no-dsa for Stretch

- - - - -
9cba1830 by Thorsten Alteholz at 2021-03-27T00:10:24+01:00
mark CVE-2021-27807 as no-dsa for Stretch

- - - - -
a98898ff by Thorsten Alteholz at 2021-03-27T00:10:25+01:00
mark CVE-2021-27906 as no-dsa for Stretch

- - - - -
9c53719a by Thorsten Alteholz at 2021-03-27T00:10:26+01:00
mark CVE-2021-23362 as not-affected for Stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3107,6 +3107,7 @@ CVE-2021-27906 (A carefully crafted PDF file can trigger an OutOfMemory-Exceptio
 	[buster] - libpdfbox2-java <no-dsa> (Minor issue)
 	- libpdfbox-java <unfixed>
 	[buster] - libpdfbox-java <no-dsa> (Minor issue)
+	[stretch] - libpdfbox-java <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/10
 	NOTE: https://issues.apache.org/jira/browse/PDFBOX-5112
 CVE-2021-27905
@@ -3315,6 +3316,7 @@ CVE-2021-27807 (A carefully crafted PDF file can trigger an infinite loop while
 	[buster] - libpdfbox2-java <no-dsa> (Minor issue)
 	- libpdfbox-java <unfixed>
 	[buster] - libpdfbox-java <no-dsa> (Minor issue)
+	[stretch] - libpdfbox-java <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/9
 CVE-2021-27806
 	RESERVED
@@ -13587,6 +13589,7 @@ CVE-2021-23363
 	RESERVED
 CVE-2021-23362 (The package hosted-git-info before 3.0.8 are vulnerable to Regular Exp ...)
 	- node-hosted-git-info 3.0.8-1
+	[stretch] - node-hosted-git-info <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3
 	NOTE: https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
 CVE-2021-23361
@@ -21742,6 +21745,7 @@ CVE-2021-20267
 	RESERVED
 	- neutron <unfixed> (bug #985104)
 	[buster] - neutron <no-dsa> (Minor issue)
+	[stretch] - neutron <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/neutron/+bug/1902917
 	NOTE: https://review.opendev.org/c/openstack/neutron/+/776599
 CVE-2021-20266
@@ -39892,6 +39896,7 @@ CVE-2020-24995
 CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c in liba ...)
 	- libass 1:0.15.0-1
 	[buster] - libass <no-dsa> (Minor issue)
+	[stretch] - libass <no-dsa> (Minor issue)
 	NOTE: https://github.com/libass/libass/issues/422
 	NOTE: https://github.com/libass/libass/issues/423
 	NOTE: https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e799 (0.15.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/69d20e07c65c3d1132b44ea598f25f7afcc18627...9c53719ac96cc8611191cce9b0443caf9232be4a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/69d20e07c65c3d1132b44ea598f25f7afcc18627...9c53719ac96cc8611191cce9b0443caf9232be4a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210326/53761580/attachment.htm>
