[Git][security-tracker-team/security-tracker][master] 10 commits: Mark CVE-2020-24020/ffmpeg as not-affected for stretch

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Sun May 30 13:41:57 BST 2021 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7df2b1f0 by Utkarsh Gupta at 2021-05-30T18:00:39+05:30
Mark CVE-2020-24020/ffmpeg as not-affected for stretch

- - - - -
adac8c8f by Utkarsh Gupta at 2021-05-30T18:06:29+05:30
Mark CVE-2020-22020/ffmpeg as postponed for stretch

- - - - -
028ce377 by Utkarsh Gupta at 2021-05-30T18:07:00+05:30
Mark CVE-2020-22015/ffmpeg as ignored for stretch

- - - - -
58d72504 by Utkarsh Gupta at 2021-05-30T18:07:16+05:30
Mark CVE-2020-21041/ffmpeg as postponed for stretch

- - - - -
9cc7fa88 by Utkarsh Gupta at 2021-05-30T18:07:52+05:30
Mark CVE-2021-33574/glibc as no-dsa for stretch

- - - - -
348ee250 by Utkarsh Gupta at 2021-05-30T18:08:25+05:30
Mark CVE-2021-31800/impacket as no-dsa for stretch

- - - - -
01062b68 by Utkarsh Gupta at 2021-05-30T18:09:04+05:30
Mark CVE-2021-32611/libexosip2 as no-dsa for stretch

- - - - -
a60de4a6 by Utkarsh Gupta at 2021-05-30T18:09:47+05:30
Mark CVE-2016-20011/libgrss as ignored for stretch

- - - - -
92bf81a8 by Utkarsh Gupta at 2021-05-30T18:10:21+05:30
Mark CVE-2021-32640/node-ws as no-dsa for stretch

- - - - -
9fcbed03 by Utkarsh Gupta at 2021-05-30T18:10:55+05:30
Mark CVE-2021-32563/thunar as no-dsa for stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -485,6 +485,7 @@ CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) through
 	- glibc <unfixed> (bug #989147)
 	[bullseye] - glibc <no-dsa> (Minor issue)
 	[buster] - glibc <no-dsa> (Minor issue)
+	[stretch] - glibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27896
 CVE-2021-33573
 	RESERVED
@@ -508,6 +509,7 @@ CVE-2016-20011 (libgrss through 0.7.0 fails to perform TLS certificate verificat
 	- libgrss <unfixed> (bug #989149)
 	[bullseye] - libgrss <ignored> (Minor issue)
 	[buster] - libgrss <ignored> (Minor issue)
+	[stretch] - libgrss <ignored> (Minor issue)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=772647
 	NOTE: https://gitlab.gnome.org/GNOME/libgrss/-/issues/4
 CVE-2021-3565 [during tpm2_import command invocation a fixed AES wrapping key is used]
@@ -2504,6 +2506,7 @@ CVE-2021-32641
 CVE-2021-32640 (ws is an open source WebSocket client and server library for Node.js.  ...)
 	- node-ws 7.4.2+~cs18.0.8-2
 	[buster] - node-ws <no-dsa> (Minor issue)
+	[stretch] - node-ws <no-dsa> (Minor issue)
 	NOTE: https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693
 	NOTE: https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
 CVE-2021-32639
@@ -2581,6 +2584,7 @@ CVE-2021-32612
 CVE-2021-32611 (A NULL pointer dereference vulnerability exists in eXcall_api.c in Ant ...)
 	- libexosip2 <removed>
 	[buster] - libexosip2 <no-dsa> (Minor issue)
+	[stretch] - libexosip2 <no-dsa> (Minor issue)
 	NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=f2ed389fe84613512cc560127883e51e6cf8c054
 CVE-2021-32610
 	RESERVED
@@ -2883,6 +2887,7 @@ CVE-2021-32480
 CVE-2021-32563 (An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17 ...)
 	- thunar 4.16.8-1 (bug #988394)
 	[buster] - thunar <no-dsa> (Minor issue)
+	[stretch] - thunar <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/09/2
 	NOTE: Fixed by: https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b
 	NOTE: Regression fix: https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664
@@ -4680,6 +4685,7 @@ CVE-2021-31801
 CVE-2021-31800 (Multiple path traversal vulnerabilities exist in smbserver.py in Impac ...)
 	- impacket 0.9.22-2 (bug #988141)
 	[buster] - impacket <no-dsa> (Minor issue)
+	[stretch] - impacket <no-dsa> (Minor issue)
 	NOTE: https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f
 CVE-2021-31799
 	RESERVED
@@ -53678,6 +53684,7 @@ CVE-2020-24020 (Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_lay
 	- ffmpeg 7:4.3.1-1
 	[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
 	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
+	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://trac.ffmpeg.org/ticket/8718
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb
 CVE-2020-24019
@@ -57703,6 +57710,7 @@ CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges func
 CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map func ...)
 	- ffmpeg 7:4.3-2
 	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[stretch] - ffmpeg <postponed> (Wait for 4.1.7)
 	NOTE: https://trac.ffmpeg.org/ticket/8239
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765
 CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in  ...)
@@ -57717,6 +57725,7 @@ CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_t
 	- ffmpeg <unfixed>
 	[bullseye] - ffmpeg <ignored> (Minor issue)
 	[buster] - ffmpeg <ignored> (Minor issue)
+	[stretch] - ffmpeg <ignored> (Minor issue)
 	NOTE: https://trac.ffmpeg.org/ticket/8190
 CVE-2020-22014
 	RESERVED
@@ -59671,6 +59680,7 @@ CVE-2020-21041 (Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_i
 	[experimental] - ffmpeg 7:4.4-1
 	- ffmpeg <unfixed>
 	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[stretch] - ffmpeg <postponed> (Wait for 4.1.7)
 	NOTE: https://trac.ffmpeg.org/ticket/7989
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5d9f44da460f781a1604d537d0555b78e29438ba
 CVE-2020-21040



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/224ed25fc8adf3cd7befd9f6ea645756f27113c8...9fcbed03c3f93f36d261f79e628dc858bc7e9ade

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/224ed25fc8adf3cd7befd9f6ea645756f27113c8...9fcbed03c3f93f36d261f79e628dc858bc7e9ade
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210530/67f322a3/attachment.htm>

More information about the debian-security-tracker-commits mailing list