[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Oct 12 18:21:50 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81bd3a7b by Moritz Muehlenhoff at 2021-10-12T19:21:35+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1832,16 +1832,22 @@ CVE-2021-41460
 	RESERVED
 CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...)
 	- gpac <unfixed>
+	[buster] - gpac <not-affected> (Vulnerable code not present)
+	[stretch] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/1912
 	NOTE: Fixed by: https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339
 CVE-2021-41458
 	RESERVED
 CVE-2021-41457 (There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nh ...)
 	- gpac <unfixed>
+	[buster] - gpac <not-affected> (Vulnerable code not present)
+	[stretch] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/1909
 	NOTE: Fixed by: https://github.com/gpac/gpac/commit/ae2828284f2fc0381548aaa991958f1eb9b90619
 CVE-2021-41456 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...)
 	- gpac <unfixed>
+	[buster] - gpac <not-affected> (Vulnerable code not present)
+	[stretch] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/1911
 	NOTE: Fixed by: https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e
 CVE-2021-41455
@@ -10912,6 +10918,8 @@ CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading, wri
 	NOTE: https://github.com/Exiv2/exiv2/pull/1752
 CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed>
+	[bullseye] - exiv2 <ignored> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2
 	NOTE: https://github.com/Exiv2/exiv2/pull/1759
 CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
@@ -10919,10 +10927,14 @@ CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from
 	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v
 CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed>
+	[bullseye] - exiv2 <ignored> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w
 	NOTE: https://github.com/Exiv2/exiv2/pull/1758
 CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed>
+	[bullseye] - exiv2 <ignored> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w
 	NOTE: https://github.com/Exiv2/exiv2/pull/1758
 CVE-2021-37614 (In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0 ...)
@@ -64489,6 +64501,8 @@ CVE-2020-28283 (Prototype pollution vulnerability in 'libnested' versions 0.0.0
 	NOT-FOR-US: libnested
 CVE-2020-28282 (Prototype pollution vulnerability in 'getobject' version 0.1.0 allows  ...)
 	- node-getobject 1.0.2-1
+	[bullseye] - node-getobject <no-dsa> (Minor issue)
+	[buster] - node-getobject <no-dsa> (Minor issue)
 	NOTE: https://github.com/cowboy/node-getobject/commit/84071748fa407caa8f824e0d0b9c1cde9ec56633 (v1.0.0)
 CVE-2020-28281 (Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 ...)
 	NOT-FOR-US: react-atomic-organism
@@ -79956,6 +79970,7 @@ CVE-2020-21913 (International Components for Unicode (ICU-20850) v66.1 was disco
 	- icu 67.1-2
 	NOTE: https://github.com/unicode-org/icu/pull/886
 	NOTE: https://unicode-org.atlassian.net/browse/ICU-20850
+	NOTE: https://github.com/unicode-org/icu/commit/727505bddab0bfd527f1db6697cb4d4f7febe4a9
 CVE-2020-21912
 	RESERVED
 CVE-2020-21911



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81bd3a7b208689200f963c1d74491c6bc585584d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81bd3a7b208689200f963c1d74491c6bc585584d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211012/8baa4def/attachment.htm>

More information about the debian-security-tracker-commits mailing list