[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2021-40528 in libgcrypt20 for stretch LTS.

Sat Sep 11 09:21:42 BST 2021


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a769c069 by Chris Lamb at 2021-09-11T09:19:56+01:00
Triage CVE-2021-40528 in libgcrypt20 for stretch LTS.

- - - - -
9dada1b0 by Chris Lamb at 2021-09-11T09:20:31+01:00
Triage CVE-2021-39200 in wordpress for stretch LTS.

- - - - -
f8c16020 by Chris Lamb at 2021-09-11T09:21:11+01:00
data/dla-needed.txt: Triage tiff for stretch LTS (CVE-2020-19131 & CVE-2020-19144)

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -739,6 +739,7 @@ CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plai
 	- libgcrypt20 1.9.4-2
 	[bullseye] - libgcrypt20 <no-dsa> (Minor issue)
 	[buster] - libgcrypt20 <no-dsa> (Minor issue)
+	[stretch] - libgcrypt20 <no-dsa> (Minor issue)
 	NOTE: https://eprint.iacr.org/2021/923
 	NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
 	NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
@@ -3800,6 +3801,7 @@ CVE-2021-39201 (WordPress is a free and open-source content management system wr
 CVE-2021-39200 (WordPress is a free and open-source content management system written  ...)
 	- wordpress 5.8.1+dfsg1-1 (bug #994060)
 	[buster] - wordpress <not-affected> (Vulnerable code introduced later in 5.2)
+	[stretch] - wordpress <no-dsa> (Vulnerable code added later)
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5
 CVE-2021-39199 (remark-html is an open source nodejs library which compiles Markdown t ...)
 	NOT-FOR-US: Node remark-html


=====================================
data/dla-needed.txt
=====================================
@@ -121,3 +121,5 @@ sssd (Anton Gladky)
 --
 thunderbird (Emilio)
 --
+tiff
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/485d425f12b9ff2697c078c290d50f6585730836...f8c16020b6bf23f113c4db1321a5af9f2eecb4ec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/485d425f12b9ff2697c078c290d50f6585730836...f8c16020b6bf23f113c4db1321a5af9f2eecb4ec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210911/939b6454/attachment-0001.htm>
