[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Nov 22 11:02:19 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c72c97f8 by Moritz Muehlenhoff at 2021-11-22T12:02:05+01:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2065,6 +2065,8 @@ CVE-2021-3957 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: kimai2
CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ...)
- npm <unfixed>
+ [bullseye] - npm <no-dsa> (Minor issue)
+ [buster] - npm <no-dsa> (Minor issue)
NOTE: https://github.com/npm/cli/issues/2701
CVE-2021-43615
RESERVED
@@ -4158,6 +4160,8 @@ CVE-2021-43175
RESERVED
CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification of Obj ...)
- node-json-schema 0.4.0+~7.0.9-1 (bug #999765)
+ [bullseye] - node-json-schema <no-dsa> (Minor issue)
+ [buster] - node-json-schema <no-dsa> (Minor issue)
NOTE: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 (v0.4.0)
CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, suppo ...)
- routinator <itp> (bug #929024)
@@ -5190,6 +5194,8 @@ CVE-2020-36490 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site s
NOT-FOR-US: DedeCMS
CVE-2021-XXXX [RUSTSEC-2020-0159: Potential segfault in localtime_r invocations]
- rust-chrono <unfixed> (bug #996913)
+ [bullseye] - rust-chrono <no-dsa> (Minor issue)
+ [buster] - rust-chrono <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0159.html
NOTE: https://github.com/chronotope/chrono/issues/499
CVE-2021-42742
@@ -28404,6 +28410,7 @@ CVE-2021-33516 (An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.
NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac (master)
CVE-2021-33515 (The submission service in Dovecot before 2.3.15 allows STARTTLS comman ...)
- dovecot 1:2.3.13+dfsg1-2 (bug #990566)
+ [bullseye] - dovecot <postponed> (Minor issue, fix along with next update)
[buster] - dovecot <postponed> (Minor issue, fix along with next update)
[stretch] - dovecot <not-affected> (Vulnerable code (smtp_server_command queue) introduced later)
NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html
@@ -83872,9 +83879,13 @@ CVE-2020-23905
RESERVED
CVE-2020-23904 (A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers t ...)
- speex <unfixed>
+ [bullseye] - speex <no-dsa> (Minor issue)
+ [buster] - speex <no-dsa> (Minor issue)
NOTE: https://github.com/xiph/speex/issues/14
CVE-2020-23903 (A Divide by Zero vulnerability in the function static int read_samples ...)
- speex <unfixed>
+ [bullseye] - speex <no-dsa> (Minor issue)
+ [buster] - speex <no-dsa> (Minor issue)
NOTE: https://github.com/xiph/speex/issues/13
CVE-2020-23902 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...)
NOT-FOR-US: WildBit Viewer
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c72c97f8af266b80bb36db2848903881fd1f894d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c72c97f8af266b80bb36db2848903881fd1f894d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211122/82472351/attachment.htm>
More information about the debian-security-tracker-commits
mailing list