[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Nov 3 15:11:37 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4211c616 by Moritz Muehlenhoff at 2021-11-03T16:11:26+01:00
buster/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -7234,18 +7234,23 @@ CVE-2021-41093 (Wire is an open source secure messenger. In affected versions if
NOT-FOR-US: Wire iOS
CVE-2021-41092 (Docker CLI is the command line interface for the docker container runt ...)
- docker.io <unfixed> (bug #998292)
+ [bullseye] - docker.io <no-dsa> (Minor issue)
+ [buster] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
NOTE: https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
CVE-2021-41091 (Moby is an open-source project created by Docker to enable software co ...)
- docker.io <unfixed>
+ [bullseye] - docker.io <no-dsa> (Minor issue)
+ [buster] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
NOTE: https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
CVE-2021-41090
RESERVED
CVE-2021-41089 (Moby is an open-source project created by Docker to enable software co ...)
- docker.io <unfixed>
+ [bullseye] - docker.io <no-dsa> (Minor issue)
+ [buster] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4
- TODO: check details
CVE-2021-41088 (Elvish is a programming language and interactive shell, combined into ...)
- elvish 0.14.0-1
[buster] - elvish <no-dsa> (Minor issue)
@@ -15619,25 +15624,35 @@ CVE-2021-37624 (FreeSWITCH is a Software Defined Telecom Stack enabling the digi
NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3
CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 <unfixed>
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq
NOTE: https://github.com/Exiv2/exiv2/pull/1790
CVE-2021-37622 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 <unfixed>
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv
NOTE: https://github.com/Exiv2/exiv2/pull/1788
CVE-2021-37621 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 <unfixed>
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg
NOTE: https://github.com/Exiv2/exiv2/pull/1778
CVE-2021-37620 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 <unfixed>
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v5g7-46xf-h728
NOTE: https://github.com/Exiv2/exiv2/pull/1769
CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 <unfixed>
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v
NOTE: https://github.com/Exiv2/exiv2/pull/1752
=====================================
data/dsa-needed.txt
=====================================
@@ -56,5 +56,8 @@ tomcat9
from previous CVE-2021-30640 and another non-security fix for #987179, might
need a SRM ack.
--
+trafficserver (jmm)
+ wait until status for CVE-2021-38161 is clarified (upstream patch got reverted)
+--
varnish
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4211c616563795a774305ffa87f9435ab6adbe76
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4211c616563795a774305ffa87f9435ab6adbe76
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211103/871170c0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list