[Git][security-tracker-team/security-tracker][master] 7 commits: mark CVE-2021-23445 as no-dsa for Stretch
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Fri Nov 26 23:40:55 GMT 2021
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9bd1ee77 by Thorsten Alteholz at 2021-11-27T00:17:04+01:00
mark CVE-2021-23445 as no-dsa for Stretch
- - - - -
fc9c7d9e by Thorsten Alteholz at 2021-11-27T00:20:14+01:00
mark several CVEs of jqueryui as no-dsa
- - - - -
9744b5ee by Thorsten Alteholz at 2021-11-27T00:25:55+01:00
add librecad
- - - - -
11ec39dc by Thorsten Alteholz at 2021-11-27T00:29:09+01:00
mark CVE-2020-23884 as no-dsa for Stretch
- - - - -
64f392e1 by Thorsten Alteholz at 2021-11-27T00:30:49+01:00
mark CVE-2020-27511 as no-dsa for Stretch
- - - - -
f0dc9732 by Thorsten Alteholz at 2021-11-27T00:33:10+01:00
mark CVE-2021-41136 as no-dsa for Stretch
- - - - -
56a7f2ee by Thorsten Alteholz at 2021-11-27T00:38:55+01:00
mark CVE-2021-3941 as no-dsa
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2755,6 +2755,7 @@ CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $reques
CVE-2021-3941
RESERVED
- openexr <unfixed>
+ [stretch] - openexr <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019789
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39084
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1153
@@ -10552,15 +10553,18 @@ CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An
NOT-FOR-US: Mycodo
CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
- jqueryui 1.13.0+dfsg-1
+ [stretch] - jqueryui <no-dsa> (Minor issue)
NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
- jqueryui 1.13.0+dfsg-1
+ [stretch] - jqueryui <no-dsa> (Minor issue)
NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
NOTE: https://bugs.jqueryui.com/ticket/15284
NOTE: https://github.com/jquery/jquery-ui/pull/1953
CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
- jqueryui 1.13.0+dfsg-1
+ [stretch] - jqueryui <no-dsa> (Minor issue)
NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
NOTE: https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce
CVE-2021-41181
@@ -10674,6 +10678,7 @@ CVE-2021-41137 (Minio is a Kubernetes native application for cloud storage. All
NOT-FOR-US: Minio
CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...)
- puma 5.5.2-1
+ [stretch] - puma <no-dsa> (Minor issue)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
NOTE: https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f
CVE-2021-41135 (The Cosmos-SDK is a framework for building blockchain applications in ...)
@@ -54081,6 +54086,7 @@ CVE-2021-23446 (The package handsontable before 10.0.0; the package handsontable
NOT-FOR-US: Node handsontable
CVE-2021-23445 (This affects the package datatables.net before 1.11.3. If an array is ...)
- datatables.js 1.10.21+dfsg-3 (bug #995229)
+ [stretch] - datatables.js <no-dsa> (Minor issue)
NOTE: https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b (v1.11.3)
CVE-2021-23444 (This affects the package jointjs before 3.4.2. A type confusion vulner ...)
NOT-FOR-US: Node jointjs
@@ -75776,6 +75782,7 @@ CVE-2020-27512
CVE-2020-27511 (An issue was discovered in the stripTags and unescapeHTML components i ...)
- prototypejs <unfixed> (bug #991898)
[bullseye] - prototypejs <no-dsa> (Minor issue)
+ [stretch] - prototypejs <no-dsa> (Minor issue)
NOTE: https://github.com/prototypejs/prototype/blame/dee2f7d8611248abce81287e1be4156011953c90/src/prototype/lang/string.js#L283
NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2020-27511/Prototype.md
NOTE: CVE mentions newer version but vulnerable code exists in older versions too
@@ -84471,6 +84478,7 @@ CVE-2020-23885
RESERVED
CVE-2020-23884 (A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial ...)
- nomacs <unfixed>
+ [stretch] - nomacs <no-dsa> (Minor issue)
NOTE: https://github.com/nomacs/nomacs/issues/516
CVE-2020-23883
RESERVED
=====================================
data/dla-needed.txt
=====================================
@@ -56,6 +56,9 @@ libgit2 (Utkarsh)
NOTE: 20211029: and TAL later next week. (utkarsh)
NOTE: 20211116: backports prepped; checking build and smoke-testing package. (utkarsh)
--
+librecad
+ NOTE: 20211127: also take care of other suites
+--
libssh2 (Ola Lundqvist)
NOTE: 20211031: CVE-2019-13115 and CVE-2019-17498 were fixed in jessie DLAs
NOTE: 20211031: but still need fixing in stretch and buster. (bunk)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/47db394622b886b5c8414e7ac6a16f8c2d1b8104...56a7f2ee32e4f41172cf42e84362c38950c407c6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/47db394622b886b5c8414e7ac6a16f8c2d1b8104...56a7f2ee32e4f41172cf42e84362c38950c407c6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211126/5d61cc53/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list