[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff jmm at debian.org
Thu May 6 21:50:00 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
052ad0d3 by Moritz Muehlenhoff at 2021-05-06T22:49:42+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3746,24 +3746,28 @@ CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory
 CVE-2021-30472
 	RESERVED
 	- libpodofo <unfixed> (bug #986794)
+	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
 	[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://sourceforge.net/p/podofo/tickets/132/
 CVE-2021-30471
 	RESERVED
 	- libpodofo <unfixed> (bug #986793)
+	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
 	[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://sourceforge.net/p/podofo/tickets/131/
 CVE-2021-30470
 	RESERVED
 	- libpodofo <unfixed> (bug #986792)
+	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
 	[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://sourceforge.net/p/podofo/tickets/130/
 CVE-2021-30469
 	RESERVED
 	- libpodofo <unfixed> (bug #986791)
+	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
 	[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://sourceforge.net/p/podofo/tickets/129/
@@ -4348,6 +4352,7 @@ CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host heade
 	NOT-FOR-US: CERN Indico
 CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted ...)
 	- gnuchess <unfixed> (bug #986801)
+	[bullseye] - gnuchess <no-dsa> (Minor issue)
 	[buster] - gnuchess <no-dsa> (Minor issue)
 	[stretch] - gnuchess <postponed> (Minor issue in a game; can be fixed in next update)
 	NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html
@@ -6194,11 +6199,13 @@ CVE-2021-29430 (Sydent is a reference Matrix identity server. Sydent does not li
 	NOT-FOR-US: Matrix Sydent
 CVE-2021-29429 (In Gradle before version 7.0, files created with open permissions in t ...)
 	- gradle <unfixed> (bug #987284)
+	[bullseye] - gradle <no-dsa> (Minor issue)
 	[buster] - gradle <no-dsa> (Minor issue)
 	[stretch] - gradle <no-dsa> (Minor issue)
 	NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8
 CVE-2021-29428 (In Gradle before version 7.0, on Unix-like systems, the system tempora ...)
 	- gradle <unfixed> (bug #987284)
+	[bullseye] - gradle <no-dsa> (Minor issue)
 	[buster] - gradle <no-dsa> (Minor issue)
 	[stretch] - gradle <no-dsa> (Minor issue; sticky bit on /tmp is set by default)
 	NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336
@@ -24550,6 +24557,7 @@ CVE-2020-36121
 	RESERVED
 CVE-2020-36120 (Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsix ...)
 	- libsixel <unfixed> (bug #988159)
+	[bullseye] - libsixel <no-dsa> (Minor issue)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/143
 CVE-2020-36119
@@ -28867,6 +28875,7 @@ CVE-2021-20270 (An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 m
 CVE-2021-20269 [incorrect permissions on kdump dmesg file]
 	RESERVED
 	- kexec-tools <unfixed> (bug #985105)
+	[bullseye] - kexec-tools <no-dsa> (Minor issue)
 	[buster] - kexec-tools <no-dsa> (Minor issue)
 	[stretch] - kexec-tools <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/11/2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/052ad0d3ecf61f1e1fb17765d8cd1b3c7abb9dcc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/052ad0d3ecf61f1e1fb17765d8cd1b3c7abb9dcc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210506/131f3896/attachment.htm>

More information about the debian-security-tracker-commits mailing list