[Git][security-tracker-team/security-tracker][master] 6 commits: mark CVE-2020-16154 as no-dsa for Stretch

Thorsten Alteholz (@alteholz) alteholz at debian.org
Thu Nov 25 22:35:41 GMT 2021



Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3efbfb89 by Thorsten Alteholz at 2021-11-25T23:23:50+01:00
mark CVE-2020-16154 as no-dsa for Stretch

- - - - -
2722ec12 by Thorsten Alteholz at 2021-11-25T23:25:10+01:00
mark CVE-2020-16154 as no-dsa for Stretch

- - - - -
fd44970d by Thorsten Alteholz at 2021-11-25T23:25:43+01:00
mark CVE-2020-16156 as no-dsa for Stretch

- - - - -
4dde7d42 by Thorsten Alteholz at 2021-11-25T23:31:12+01:00
mark CVE-2021-43398 as no-dsa for Stretch

- - - - -
e8404b05 by Thorsten Alteholz at 2021-11-25T23:32:26+01:00
mark CVE-2021-37592 as no-dsa for Stretch

- - - - -
f0583f19 by Thorsten Alteholz at 2021-11-25T23:34:21+01:00
mark CVE-2021-44223 as no-dsa for Stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,6 +4,7 @@ CVE-2021-44223 (WordPress before 5.8 lacks support for the Update URI plugin hea
 	- wordpress 5.8.1+dfsg1-1
 	[bullseye] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
 	[buster] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
+	[stretch] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
 	NOTE: WordPress 5.8 introduces a new "Update URI" plugin header. Further mitigation
 	NOTE: options documented in:
 	NOTE: https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/
@@ -3012,6 +3013,7 @@ CVE-2021-43398 (Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leak
 	- libcrypto++ <unfixed> (bug #1000227)
 	[bullseye] - libcrypto++ <no-dsa> (Minor issue)
 	[buster] - libcrypto++ <no-dsa> (Minor issue)
+	[stretch] - libcrypto++ <no-dsa> (Minor issue)
 	NOTE: https://github.com/weidai11/cryptopp/issues/1080
 CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate their priv ...)
 	NOT-FOR-US: LiquidFiles
@@ -19222,6 +19224,7 @@ CVE-2021-37592 (Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion vi
 	- suricata 1:6.0.4-1
 	[bullseye] - suricata <no-dsa> (Minor issue)
 	[buster] - suricata <no-dsa> (Minor issue)
+	[stretch] - suricata <no-dsa> (Minor issue)
 	NOTE: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942
 	NOTE: https://redmine.openinfosecfoundation.org/issues/4569 (not public)
 CVE-2021-37591
@@ -100677,6 +100680,7 @@ CVE-2020-16156 [Signature Verification Bypass]
 	- perl <unfixed>
 	[bullseye] - perl <no-dsa> (Minor issue)
 	[buster] - perl <no-dsa> (Minor issue)
+	[stretch] - perl <no-dsa> (Minor issue)
 	NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
 	NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
 CVE-2020-16155 [does not uniquely define signed data]
@@ -100684,6 +100688,7 @@ CVE-2020-16155 [does not uniquely define signed data]
 	- libcpan-checksums-perl <unfixed>
 	[bullseye] - libcpan-checksums-perl <no-dsa> (Minor issue)
 	[buster] - libcpan-checksums-perl <no-dsa> (Minor issue)
+	[stretch] - libcpan-checksums-perl <no-dsa> (Minor issue)
 	NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
 	NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
 CVE-2020-16154 [Signature Verification Bypass]
@@ -100691,6 +100696,7 @@ CVE-2020-16154 [Signature Verification Bypass]
 	- cpanminus <unfixed>
 	[bullseye] - cpanminus <no-dsa> (Minor issue)
 	[buster] - cpanminus <no-dsa> (Minor issue)
+	[stretch] - cpanminus <no-dsa> (Minor issue)
 	NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
 	NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
 CVE-2020-16153



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1fe330570bc100033f56bceadbde43e54b0c50d0...f0583f1979575e6e253c07fed80f920611d8574a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1fe330570bc100033f56bceadbde43e54b0c50d0...f0583f1979575e6e253c07fed80f920611d8574a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211125/aa3547a3/attachment.htm>


More information about the debian-security-tracker-commits mailing list