[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2021-31879 as postponed for Stretch

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sat May 22 12:03:11 BST 2021



Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
842e764f by Thorsten Alteholz at 2021-05-22T13:02:46+02:00
mark CVE-2021-31879 as postponed for Stretch

- - - - -
9719dd61 by Thorsten Alteholz at 2021-05-22T13:02:47+02:00
mark CVE-2020-15522 as no-dsa for Stretch

- - - - -
8ca1c79f by Thorsten Alteholz at 2021-05-22T13:02:48+02:00
mark CVE-2021-21419 as not-affected for Stretch

- - - - -
dc893f40 by Thorsten Alteholz at 2021-05-22T13:02:49+02:00
mark CVE-2021-21419 as not-affected for Buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3641,6 +3641,7 @@ CVE-2021-31880
 	RESERVED
 CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header upon a  ...)
 	- wget <unfixed> (bug #988209)
+	[stretch] - wget <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
 CVE-2021-31878
 	RESERVED
@@ -29313,6 +29314,8 @@ CVE-2021-21420 (vscode-stripe is an extension for Visual Studio Code. A vulnerab
 	NOT-FOR-US: vscode-stripe Visual Studio Code extension
 CVE-2021-21419 (Eventlet is a concurrent networking library for Python. A websocket pe ...)
 	- python-eventlet 0.26.1-7 (bug #988342)
+	[buster] - python-eventlet <not-affected> (Vulnerable code (compression extension) introduced later)
+	[stretch] - python-eventlet <not-affected> (Vulnerable code (compression extension) introduced later)
 	NOTE: https://github.com/eventlet/eventlet/security/advisories/GHSA-9p9m-jm8w-94p2
 	NOTE: Fixed by: https://github.com/eventlet/eventlet/commit/1412f5e4125b4313f815778a1acb4d3336efcd07
 CVE-2021-21418 (ps_emailsubscription is a newsletter subscription module for the Prest ...)
@@ -70755,6 +70758,7 @@ CVE-2020-15523 (In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8
 	- python2.7 <not-affected> (Python on Windows)
 CVE-2020-15522 (Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA bef ...)
 	- bouncycastle 1.68-1
+	[stretch] - bouncycastle <no-dsa> (Minor issue)
 	NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2020-15522
 CVE-2020-15521 (Zoho ManageEngine Applications Manager before 14 build 14730 has no pr ...)
 	NOT-FOR-US: Zoho



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e3afc37683784966394df66466f2eae009273fe7...dc893f404583c840bf069f9f02c4a67e369ed524

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e3afc37683784966394df66466f2eae009273fe7...dc893f404583c840bf069f9f02c4a67e369ed524
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210522/211ebcb2/attachment.htm>


More information about the debian-security-tracker-commits mailing list