[Git][security-tracker-team/security-tracker][master] various bugs filed

Moritz Muehlenhoff jmm at debian.org
Thu May 6 18:59:03 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c2d9ad9e by Moritz Mühlenhoff at 2021-05-06T19:58:39+02:00
various bugs filed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -378,7 +378,7 @@ CVE-2021-3528
 	NOT-FOR-US: noobaa
 CVE-2021-3527 [usb: unbounded stack allocation in usbredir]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #988157)
 	[bullseye] - qemu <no-dsa> (Minor issue)
 	[buster] - qemu <no-dsa> (Minor issue)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00564.html
@@ -13538,7 +13538,7 @@ CVE-2021-26293 (An issue was discovered in AfterLogic Aurora through 8.5.3 and W
 CVE-2021-26292
 	RESERVED
 CVE-2021-26291 (Apache Maven will follow repositories that are defined in a dependency ...)
-	- maven <unfixed>
+	- maven <unfixed> (bug #988155)
 	[stretch] - maven <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/23/5
 	NOTE: https://issues.apache.org/jira/browse/MNG-7118
@@ -45330,7 +45330,7 @@ CVE-2020-25716
 	NOT-FOR-US: Red Hat CloudForm
 CVE-2020-25715
 	RESERVED
-	- dogtag-pki <unfixed>
+	- dogtag-pki <unfixed> (bug #988153)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1891016
 	NOTE: https://github.com/dogtagpki/pki/commit/13f4c7fe7d71d42b46b25f3e8472ef7f35da5dd6
 CVE-2020-25714
@@ -49567,7 +49567,7 @@ CVE-2020-23924
 CVE-2020-23923
 	RESERVED
 CVE-2020-23922 (An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif ...)
-	- giflib <unfixed>
+	- giflib <unfixed> (bug #988151)
 	[bullseye] - giflib <no-dsa> (Minor issue)
 	[buster] - giflib <no-dsa> (Minor issue)
 	[stretch] - giflib <no-dsa> (Minor issue)
@@ -244672,7 +244672,7 @@ CVE-2017-9273 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susc
 CVE-2017-9272 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptib ...)
 	NOT-FOR-US: IDM
 CVE-2017-9271 (The commandline package update tool zypper writes HTTP proxy credentia ...)
-	- zypper <unfixed> (low)
+	- zypper <unfixed> (low; bug #988152)
 	[buster] - zypper <ignored> (Minor issue)
 	[jessie] - zypper <ignored> (Minor issue)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1050625



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2d9ad9e1cec474b8a916fcee8d1162db1c24c7f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2d9ad9e1cec474b8a916fcee8d1162db1c24c7f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210506/b816b050/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list