[Git][security-tracker-team/security-tracker][master] 6 commits: mark CVE-2020-16154 as no-dsa for Stretch
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Thu Nov 25 22:35:41 GMT 2021
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3efbfb89 by Thorsten Alteholz at 2021-11-25T23:23:50+01:00
mark CVE-2020-16154 as no-dsa for Stretch
- - - - -
2722ec12 by Thorsten Alteholz at 2021-11-25T23:25:10+01:00
mark CVE-2020-16154 as no-dsa for Stretch
- - - - -
fd44970d by Thorsten Alteholz at 2021-11-25T23:25:43+01:00
mark CVE-2020-16156 as no-dsa for Stretch
- - - - -
4dde7d42 by Thorsten Alteholz at 2021-11-25T23:31:12+01:00
mark CVE-2021-43398 as no-dsa for Stretch
- - - - -
e8404b05 by Thorsten Alteholz at 2021-11-25T23:32:26+01:00
mark CVE-2021-37592 as no-dsa for Stretch
- - - - -
f0583f19 by Thorsten Alteholz at 2021-11-25T23:34:21+01:00
mark CVE-2021-44223 as no-dsa for Stretch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,6 +4,7 @@ CVE-2021-44223 (WordPress before 5.8 lacks support for the Update URI plugin hea
- wordpress 5.8.1+dfsg1-1
[bullseye] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
[buster] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
+ [stretch] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
NOTE: WordPress 5.8 introduces a new "Update URI" plugin header. Further mitigation
NOTE: options documented in:
NOTE: https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/
@@ -3012,6 +3013,7 @@ CVE-2021-43398 (Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leak
- libcrypto++ <unfixed> (bug #1000227)
[bullseye] - libcrypto++ <no-dsa> (Minor issue)
[buster] - libcrypto++ <no-dsa> (Minor issue)
+ [stretch] - libcrypto++ <no-dsa> (Minor issue)
NOTE: https://github.com/weidai11/cryptopp/issues/1080
CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate their priv ...)
NOT-FOR-US: LiquidFiles
@@ -19222,6 +19224,7 @@ CVE-2021-37592 (Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion vi
- suricata 1:6.0.4-1
[bullseye] - suricata <no-dsa> (Minor issue)
[buster] - suricata <no-dsa> (Minor issue)
+ [stretch] - suricata <no-dsa> (Minor issue)
NOTE: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942
NOTE: https://redmine.openinfosecfoundation.org/issues/4569 (not public)
CVE-2021-37591
@@ -100677,6 +100680,7 @@ CVE-2020-16156 [Signature Verification Bypass]
- perl <unfixed>
[bullseye] - perl <no-dsa> (Minor issue)
[buster] - perl <no-dsa> (Minor issue)
+ [stretch] - perl <no-dsa> (Minor issue)
NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
CVE-2020-16155 [does not uniquely define signed data]
@@ -100684,6 +100688,7 @@ CVE-2020-16155 [does not uniquely define signed data]
- libcpan-checksums-perl <unfixed>
[bullseye] - libcpan-checksums-perl <no-dsa> (Minor issue)
[buster] - libcpan-checksums-perl <no-dsa> (Minor issue)
+ [stretch] - libcpan-checksums-perl <no-dsa> (Minor issue)
NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
CVE-2020-16154 [Signature Verification Bypass]
@@ -100691,6 +100696,7 @@ CVE-2020-16154 [Signature Verification Bypass]
- cpanminus <unfixed>
[bullseye] - cpanminus <no-dsa> (Minor issue)
[buster] - cpanminus <no-dsa> (Minor issue)
+ [stretch] - cpanminus <no-dsa> (Minor issue)
NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
CVE-2020-16153
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1fe330570bc100033f56bceadbde43e54b0c50d0...f0583f1979575e6e253c07fed80f920611d8574a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1fe330570bc100033f56bceadbde43e54b0c50d0...f0583f1979575e6e253c07fed80f920611d8574a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211125/aa3547a3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list