[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 28 09:53:12 BST 2021



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a01f623d by Moritz Muehlenhoff at 2021-05-28T10:50:23+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11749,6 +11749,7 @@ CVE-2021-3446 (A flaw was found in libtpms in versions before 0.8.2. The commonl
 CVE-2021-28650 (autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOM ...)
 	[experimental] - gnome-autoar 0.3.1-1
 	- gnome-autoar <unfixed> (bug #985391)
+	[bullseye] - gnome-autoar <no-dsa> (Minor issue)
 	[buster] - gnome-autoar <not-affected> (Incomplete fix for CVE-2020-36241 not applied)
 	[stretch] - gnome-autoar <not-affected> (Incomplete fix for CVE-2020-36241 not applied)
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/12
@@ -66459,6 +66460,7 @@ CVE-2020-17496 (vBulletin 5.5.4 through 5.6.2 allows remote command execution vi
 	NOT-FOR-US: vBulletin
 CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the databas ...)
 	- python-django-celery-results <unfixed> (bug #968305)
+	[bullseye] - python-django-celery-results <no-dsa> (Minor issue)
 	[buster] - python-django-celery-results <no-dsa> (Minor issue)
 	NOTE: https://github.com/celery/django-celery-results/issues/142
 CVE-2020-17494 (Untangle Firewall NG before 16.0 uses MD5 for passwords. ...)
@@ -93233,6 +93235,7 @@ CVE-2020-7712 (This affects the package json before 10.0.0. It is possible to in
 	NOT-FOR-US: Node json
 CVE-2020-7711 (This affects all versions of package github.com/russellhaering/goxmlds ...)
 	- golang-github-russellhaering-goxmldsig <unfixed> (bug #968928)
+	[bullseye] - golang-github-russellhaering-goxmldsig <no-dsa> (Minor issue)
 	[buster] - golang-github-russellhaering-goxmldsig <no-dsa> (Minor issue)
 	NOTE: https://github.com/russellhaering/goxmldsig/issues/48
 CVE-2020-7710 (This affects all versions of package safe-eval. It is possible for an  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a01f623def180ba775fbd219eff4a14b71eec2b7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a01f623def180ba775fbd219eff4a14b71eec2b7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210528/9d361aad/attachment.htm>


More information about the debian-security-tracker-commits mailing list