[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Sep 13 15:44:01 BST 2021



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f219cb1e by Moritz Muehlenhoff at 2021-09-13T16:43:35+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -62,6 +62,8 @@ CVE-2021-40840
 	RESERVED
 CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite loop i ...)
 	- python-rencode 1.0.6-2
+	[bullseye] - python-rencode <no-dsa> (Minor issue)
+	[buster] - python-rencode <no-dsa> (Minor issue)
 	NOTE: https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75
 	NOTE: https://github.com/aresch/rencode/pull/29
 CVE-2021-40838
@@ -5644,6 +5646,8 @@ CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response inje
 	NOTE: https://www.exim.org/static/doc/security/CVE-2021-38371.txt
 CVE-2021-38370 (In Alpine through 2.24, untagged responses from an IMAP server are acc ...)
 	- alpine <unfixed> (bug #992171)
+	[bullseye] - alpine <no-dsa> (Minor issue)
+	[buster] - alpine <no-dsa> (Minor issue)
 	[stretch] - alpine <postponed> (Minor issue, revisit when/if fixed upstream)
 	NOTE: https://nostarttls.secvuln.info
 CVE-2021-38369
@@ -8255,11 +8259,15 @@ CVE-2021-37233
 CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley 20210124.204813 ...)
 	- atomicparsley <unfixed> (bug #993366)
 	- gtkpod <unfixed> (bug #993376)
+	[bullseye] - gtkpod <ignored> (Minor issue)
+	[buster] - gtkpod <ignored> (Minor issue)
 	NOTE: https://github.com/wez/atomicparsley/commit/d72ccf06c98259d7261e0f3ac4fd8717778782c1
 	NOTE: https://github.com/wez/atomicparsley/issues/32
 CVE-2021-37231 (A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499 ...)
 	- atomicparsley <unfixed> (bug #993372)
 	- gtkpod <unfixed> (bug #993375)
+	[bullseye] - gtkpod <ignored> (Minor issue)
+	[buster] - gtkpod <ignored> (Minor issue)
 	NOTE: https://github.com/wez/atomicparsley/issues/30
 	NOTE: https://github.com/wez/atomicparsley/pull/31#issue-687280335
 CVE-2021-37230
@@ -76476,6 +76484,8 @@ CVE-2020-21698
 	RESERVED
 CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...)
 	- ffmpeg 7:4.4-5
+	[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	NOTE: https://trac.ffmpeg.org/ticket/8188
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6
 CVE-2020-21696
@@ -76496,6 +76506,8 @@ CVE-2020-21689
 	RESERVED
 CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...)
 	- ffmpeg 7:4.4-5
+	[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	NOTE: https://trac.ffmpeg.org/ticket/8186
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1
 CVE-2020-21687
@@ -80447,9 +80459,10 @@ CVE-2020-19754
 CVE-2020-19753
 	RESERVED
 CVE-2020-19752 (The find_color_or_error function in gifsicle 1.92 contains a NULL poin ...)
-	- gifsicle 1.93-2
+	- gifsicle 1.93-2 (unimportant)
 	NOTE: https://github.com/kohler/gifsicle/issues/140
 	NOTE: https://github.com/kohler/gifsicle/commit/eb9e083dcc0050996d79de2076ddc76011ad2f10 (v1.93)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2020-19751 (An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool functi ...)
 	- gpac 1.0.1+dfsg1-2
 	[buster] - gpac <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f219cb1e0f56586bc0544b5bd6856a6c81976410

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f219cb1e0f56586bc0544b5bd6856a6c81976410
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210913/e13e087a/attachment.htm>


More information about the debian-security-tracker-commits mailing list