[Git][security-tracker-team/security-tracker][master] 8 commits: mark CVE-2021-44225 as no-dsa for Jessie

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sun Nov 28 23:04:20 GMT 2021 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6889515 by Thorsten Alteholz at 2021-11-28T23:35:52+01:00
mark CVE-2021-44225 as no-dsa for Jessie

- - - - -
4e9c0229 by Thorsten Alteholz at 2021-11-28T23:37:36+01:00
add pgbouncer

- - - - -
4e41a00c by Thorsten Alteholz at 2021-11-28T23:38:55+01:00
mark CVE-2020-23904 and CVE-2020-23903 as no-dsa for Stretch

- - - - -
f4ddcd4e by Thorsten Alteholz at 2021-11-28T23:46:29+01:00
mark CVE-2021-41165 and CVE-2021-41164 as no-dsa for Stretch

- - - - -
13384b5b by Thorsten Alteholz at 2021-11-28T23:55:05+01:00
mark CVE-2021-3968 as not-affected for Stretch

- - - - -
0d1f4a42 by Thorsten Alteholz at 2021-11-28T23:58:13+01:00
mark CVE-2021-3928 as no-dsa for Stretch

- - - - -
acd30c5f by Thorsten Alteholz at 2021-11-29T00:00:13+01:00
mark CVE-2021-3927 as no-dsa for Stretch

- - - - -
dd7c1e17 by Thorsten Alteholz at 2021-11-29T00:03:15+01:00
mark CVE-2021-3903 as no-dsa for Stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -133,6 +133,7 @@ CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficien
 	- keepalived 1:2.2.4-0.2
 	[bullseye] - keepalived <no-dsa> (Minor issue)
 	[buster] - keepalived <no-dsa> (Minor issue)
+	[stretch] - keepalived <no-dsa> (Minor issue)
 	NOTE: https://github.com/acassen/keepalived/pull/2063
 	NOTE: https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d
 CVE-2021-44224
@@ -833,6 +834,7 @@ CVE-2021-3969
 	RESERVED
 CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	- vim <unfixed>
+	[stretch] - vim <not-affected> (Vulnerable code not present)
 	NOTE: https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528/
 	NOTE: https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69 (v8.2.3610)
 CVE-2022-21741
@@ -3253,10 +3255,12 @@ CVE-2021-43358
 	RESERVED
 CVE-2021-3928 (vim is vulnerable to Stack-based Buffer Overflow ...)
 	- vim <unfixed>
+	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
 	NOTE: Fixed by: https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 (v8.2.3582)
 CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	- vim <unfixed>
+	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0
 	NOTE: Fixed by: https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e (v8.2.3581)
 CVE-2021-43357
@@ -5099,6 +5103,7 @@ CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During Web
 	NOT-FOR-US: Grav CMS
 CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	- vim 2:8.2.3565-1
+	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
 	NOTE: https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
 	NOTE: PoC crashes starting with https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8 (v8.2.0149)
@@ -10627,9 +10632,11 @@ CVE-2021-41166
 	RESERVED
 CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected version a ...)
 	- ckeditor <unfixed> (bug #999909)
+	[stretch] - ckeditor <no-dsa> (Minor issue)
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2 (v4.17.0)
 CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected versions  ...)
 	- ckeditor <unfixed> (bug #999909)
+	[stretch] - ckeditor <no-dsa> (Minor issue)
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj (v4.17.0)
 CVE-2021-41163 (Discourse is an open source platform for community discussion. In affe ...)
 	NOT-FOR-US: Discourse
@@ -84469,11 +84476,13 @@ CVE-2020-23904 (A stack buffer overflow in speexenc.c of Speex v1.2 allows attac
 	- speex <unfixed>
 	[bullseye] - speex <no-dsa> (Minor issue)
 	[buster] - speex <no-dsa> (Minor issue)
+	[stretch] - speex <no-dsa> (Minor issue)
 	NOTE: https://github.com/xiph/speex/issues/14
 CVE-2020-23903 (A Divide by Zero vulnerability in the function static int read_samples ...)
 	- speex <unfixed>
 	[bullseye] - speex <no-dsa> (Minor issue)
 	[buster] - speex <no-dsa> (Minor issue)
+	[stretch] - speex <no-dsa> (Minor issue)
 	NOTE: https://github.com/xiph/speex/issues/13
 CVE-2020-23902 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...)
 	NOT-FOR-US: WildBit Viewer


=====================================
data/dla-needed.txt
=====================================
@@ -76,6 +76,9 @@ nvidia-graphics-drivers
 --
 opensc (Adrian Bunk)
 --
+pgbouncer (Thorsten Alteholz)
+  NOTE: 20211128: also help with other releases
+--
 roundcube (Markus Koschany)
 --
 rustc (Roberto C. Sánchez)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5c2ba80642481650c1acb9986b0f925bf39f2854...dd7c1e17bc9aa175d39c2ff155b00640c714deb8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5c2ba80642481650c1acb9986b0f925bf39f2854...dd7c1e17bc9aa175d39c2ff155b00640c714deb8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211128/213ccab0/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list