[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun May 23 10:44:50 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e823a25c by Moritz Mühlenhoff at 2021-05-23T11:41:31+02:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1906,6 +1906,8 @@ CVE-2021-32618 (The Python "Flask-Security-Too" package is used for adding secur
TODO: check
CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 <unfixed> (bug #988731)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj
NOTE: https://github.com/Exiv2/exiv2/pull/1657
CVE-2021-32616
@@ -1916,9 +1918,9 @@ CVE-2021-32615 (Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] S
- piwigo <removed>
CVE-2021-32614 [read in memcpy() for up to 204 bytes in fill_mishblk()]
RESERVED
- - dmg2img <unfixed>
- [stretch] - dmg2img <no-dsa> (Minor issue)
+ - dmg2img <unfixed> (unimportant; bug #989008)
NOTE: https://github.com/Lekensteyn/dmg2img/issues/11
+ NOTE: Crash in CLI tool, no security impact
CVE-2021-32613 (In radare2 through 5.3.0 there is a double free vulnerability in the p ...)
- radare2 <unfixed>
NOTE: https://github.com/radareorg/radare2/issues/18679
@@ -9043,6 +9045,8 @@ CVE-2021-29624 (fastify-csrf is an open-source plugin helps developers protect t
TODO: check
CVE-2021-29623 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
- exiv2 <unfixed> (bug #988481)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
NOTE: https://github.com/Exiv2/exiv2/pull/1627
CVE-2021-29622 (Prometheus is an open-source monitoring system and time series databas ...)
@@ -9386,6 +9390,7 @@ CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source collaborat
NOT-FOR-US: HedgeDoc
CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
- exiv2 <unfixed> (bug #987736)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
[buster] - exiv2 <not-affected> (Vulnerable code introduced later)
[stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
@@ -68995,6 +69000,8 @@ CVE-2020-16120 (Overlayfs did not properly perform permission checking when copy
NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/6
CVE-2020-16119 (Use-after-free vulnerability in the Linux kernel exploitable by a loca ...)
- linux <unfixed>
+ [bullseye] - linux <no-dsa> (Minor issue, blacklisted by default, revisit if fixed upstream)
+ [buster] - linux <no-dsa> (Minor issue, blacklisted by default, revisit if fixed upstream)
NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/7
CVE-2020-16118 (In GNOME Balsa before 2.6.0, a malicious server operator or man in the ...)
- balsa 2.6.0-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e823a25ca170fab2f0f1d86cba014232df63395f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e823a25ca170fab2f0f1d86cba014232df63395f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210523/4e6b7ec6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list