[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Oct 4 17:24:07 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
17b945ef by Moritz Muehlenhoff at 2021-10-04T18:23:28+02:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5864,6 +5864,8 @@ CVE-2021-39362 (An XSS issue was discovered in ReCaptcha Solver 5.7. A response
NOT-FOR-US: ReCaptcha Solver
CVE-2021-39361 (In GNOME evolution-rss through 0.3.96, network-soup.c does not enable ...)
- evolution-rss <unfixed>
+ [bullseye] - evolution-rss <no-dsa> (Minor issue)
+ [buster] - evolution-rss <no-dsa> (Minor issue)
[stretch] - evolution-rss <postponed> (Minor issue, revisit when/if fixed upstream)
NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
NOTE: https://gitlab.gnome.org/GNOME/evolution-rss/-/issues/11
@@ -6573,10 +6575,14 @@ CVE-2021-39136 (baserCMS is an open source content management system with a focu
CVE-2021-39135 (`@npmcli/arborist`, the library that calculates dependency trees and m ...)
[experimental] - npm 7.24.0+ds-1
- npm 7.24.0+ds-2 (bug #993405)
+ [bullseye] - npm <no-dsa> (Minor issue)
+ [buster] - npm <no-dsa> (Minor issue)
NOTE: https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2
CVE-2021-39134 (`@npmcli/arborist`, the library that calculates dependency trees and m ...)
[experimental] - npm 7.24.0+ds-1
- npm 7.24.0+ds-2 (bug #993407)
+ [bullseye] - npm <no-dsa> (Minor issue)
+ [buster] - npm <no-dsa> (Minor issue)
NOTE: https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
CVE-2021-39133 (Rundeck is an open source automation service with a web console, comma ...)
NOT-FOR-US: Rundeck
@@ -33496,8 +33502,8 @@ CVE-2021-28117 (libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover
NOTE: Plasma 5.18: https://commits.kde.org/plasma/discover/fcd3b30552bf03a384b1a16f9bb8db029c111356
CVE-2021-28116 (Squid through 4.14 and 5.x through 5.0.5, in some configurations, allo ...)
- squid <unfixed> (bug #986804)
- [bullseye] - squid <postponed> (Minor issue, revisit once fixed upstream)
- [buster] - squid <postponed> (Minor issue, revisit once fixed upstream)
+ [bullseye] - squid <postponed> (Minor issue)
+ [buster] - squid <postponed> (Minor issue)
- squid3 <removed>
[stretch] - squid3 <postponed> (Check later when information is public)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-11610/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17b945efb5400bc763065f4f6521b7e1af4f809f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17b945efb5400bc763065f4f6521b7e1af4f809f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211004/320d4f48/attachment.htm>
More information about the debian-security-tracker-commits
mailing list