[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2021-29623 as no-dsa for Stretch

Sun May 23 14:33:44 BST 2021


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e10116b3 by Thorsten Alteholz at 2021-05-23T14:22:12+02:00
mark CVE-2021-29623 as no-dsa for Stretch

- - - - -
d6ef9944 by Thorsten Alteholz at 2021-05-23T14:22:14+02:00
mark CVE-2021-32617 as no-dsa for Stretch

- - - - -
3cda859d by Thorsten Alteholz at 2021-05-23T15:26:42+02:00
add libxml2

- - - - -
6b83f9cc by Thorsten Alteholz at 2021-05-23T15:31:29+02:00
add djvulibre

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1908,6 +1908,7 @@ CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, wri
 	- exiv2 <unfixed> (bug #988731)
 	[bullseye] - exiv2 <no-dsa> (Minor issue)
 	[buster] - exiv2 <no-dsa> (Minor issue)
+	[stretch] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj
 	NOTE: https://github.com/Exiv2/exiv2/pull/1657
 CVE-2021-32616
@@ -9047,6 +9048,7 @@ CVE-2021-29623 (Exiv2 is a C++ library and a command-line utility to read, write
 	- exiv2 <unfixed> (bug #988481)
 	[bullseye] - exiv2 <no-dsa> (Minor issue)
 	[buster] - exiv2 <no-dsa> (Minor issue)
+	[stretch] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
 	NOTE: https://github.com/Exiv2/exiv2/pull/1627
 CVE-2021-29622 (Prometheus is an open-source monitoring system and time series databas ...)


=====================================
data/dla-needed.txt
=====================================
@@ -39,6 +39,8 @@ condor
   NOTE: 20200727: Waiting on maintainer feedback: https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto)
   NOTE: 20210205: Some patches seems to be available but not clear if it solves the whole issue or not. (ola)
 --
+djvulibre
+--
 eterm (Utkarsh)
   NOTE: 20210521: src/term.c:process_escape_seq(), probably just disable vulnerable escape sequence
 --
@@ -56,6 +58,8 @@ imagemagick (Anton Gladky)
 libwebp (Anton Gladky)
   NOTE: 20210516: WIP
 --
+libxml2 (Thorsten Alteholz)
+--
 libx11 (Emilio)
 --
 linux (Ben Hutchings)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03bb2c4af291c6ef7f8756f630e706cea5e74dc6...6b83f9cc4d554720dbdc50f7d6bb39d8e290a940

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03bb2c4af291c6ef7f8756f630e706cea5e74dc6...6b83f9cc4d554720dbdc50f7d6bb39d8e290a940
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210523/f368b488/attachment-0001.htm>
