[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Nov 19 16:34:59 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca0a644c by Moritz Muehlenhoff at 2021-11-19T17:33:25+01:00
buster/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,6 +75,8 @@ CVE-2021-3976
 CVE-2021-3975 [segmentation fault during VM shutdown can lead to vdsm hung]
 	RESERVED
 	- libvirt 7.6.0-1
+	[bullseye] - libvirt <no-dsa> (Minor issue)
+	[buster] - libvirt <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024326
 	NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7 (v7.1.0-rc2)
 CVE-2021-44025 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in han ...)
@@ -2234,8 +2236,14 @@ CVE-2021-43520
 CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 a ...)
 	- lua5.4 <unfixed>
 	- lua5.3 <unfixed>
+	[bullseye] - lua5.3 <no-dsa> (Minor issue)
+	[buster] - lua5.3 <no-dsa> (Minor issue)
 	- lua5.2 <unfixed>
+	[bullseye] - lua5.2 <no-dsa> (Minor issue)
+	[buster] - lua5.2 <no-dsa> (Minor issue)
 	- lua5.1 <unfixed>
+	[bullseye] - lua5.1 <no-dsa> (Minor issue)
+	[buster] - lua5.1 <no-dsa> (Minor issue)
 	NOTE: http://lua-users.org/lists/lua-l/2021-10/msg00123.html
 	NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00015.html
 	NOTE: Fixed by: https://github.com/lua/lua/commit/74d99057a5146755e737c479850f87fd0e3b6868
@@ -5096,11 +5104,15 @@ CVE-2021-42717
 	RESERVED
 CVE-2021-42716 (An issue was discovered in stb stb_image.h 2.27. The PNM loader incorr ...)
 	- libstb <unfixed>
+	[bullseye] - libstb <no-dsa> (Minor issue)
+	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://github.com/nothings/stb/issues/1166
 	NOTE: https://github.com/nothings/stb/issues/1225
 	NOTE: https://github.com/nothings/stb/pull/1223
 CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR  ...)
 	- libstb <unfixed>
+	[bullseye] - libstb <no-dsa> (Minor issue)
+	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://github.com/nothings/stb/issues/1224
 	NOTE: https://github.com/nothings/stb/pull/1223
 CVE-2021-42714


=====================================
data/dsa-needed.txt
=====================================
@@ -55,3 +55,5 @@ trafficserver (jmm)
 --
 varnish
 --
+wireshark
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca0a644cbf14fd2ef7bde52692ef572a4de15ce4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca0a644cbf14fd2ef7bde52692ef572a4de15ce4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211119/7787f7ee/attachment.htm>

More information about the debian-security-tracker-commits mailing list