[Git][security-tracker-team/security-tracker][master] buster triage

Wed Mar 31 20:10:14 BST 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d48ec47c by Moritz Muehlenhoff at 2021-03-31T21:09:56+02:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -32,6 +32,7 @@ CVE-2021-3480
 CVE-2021-3479 [Out-of-memory caused by allocation of a very large buffer]
 	RESERVED
 	- openexr <unfixed>
+	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/830
@@ -483,14 +484,17 @@ CVE-2021-29425
 	RESERVED
 CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality in versi ...)
 	- openexr <unfixed>
+	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9
 CVE-2021-3475 (There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker  ...)
 	- openexr <unfixed>
+	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753
 CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted inp ...)
 	- openexr <unfixed>
+	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f
 CVE-2021-29424 (The Net::Netmask module before 2.0000 for Perl does not properly consi ...)
@@ -13072,6 +13076,7 @@ CVE-2021-23980 [mutation XSS via allowed math or svg; p or br; and style, title,
 	- python-bleach <unfixed>
 	NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1689399
+	NOTE: https://github.com/mozilla/bleach/commit/79b7a3c5e56a09d1d323a5006afa59b56162eb13
 CVE-2021-23979 (Mozilla developers reported memory safety bugs present in Firefox 85.  ...)
 	- firefox 86.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979
@@ -22540,6 +22545,7 @@ CVE-2021-20297 [Setting match.path and activating a profiles crashes NetworkMana
 CVE-2021-20296
 	RESERVED
 	- openexr <unfixed>
+	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a
 CVE-2021-20295 [Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.3]


=====================================
data/dsa-needed.txt
=====================================
@@ -33,6 +33,8 @@ netty
 --
 openjpeg2 (jmm)
 --
+python-bleach
+--
 python-pysaml2 (jmm)
 --
 salt



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d48ec47cfb0b6467d56c4b5e0e78a1aad595c029

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d48ec47cfb0b6467d56c4b5e0e78a1aad595c029
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210331/6624f0f2/attachment.htm>
