[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c37af92c by Moritz Muehlenhoff at 2021-09-14T21:24:11+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5299,6 +5299,8 @@ CVE-2021-38715
 	RESERVED
 CVE-2021-38714 (In Plib through 1.85, there is an integer overflow vulnerability that  ...)
 	- plib <unfixed> (bug #992973)
+	[bullseye] - plib <no-dsa> (Minor issue)
+	[buster] - plib <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/plib/bugs/55/
 CVE-2021-38713 (imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. ...)
 	NOT-FOR-US: imgURL
@@ -5621,6 +5623,8 @@ CVE-2021-38576
 CVE-2021-38575 [edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe]
 	RESERVED
 	- edk2 2021.08-1
+	[bullseye] - edk2 <no-dsa> (Minor issue)
+	[buster] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
 	NOTE: https://edk2.groups.io/g/devel/message/76198
 	NOTE: https://github.com/tianocore/edk2/pull/1698
@@ -30742,6 +30746,8 @@ CVE-2021-3436
 	RESERVED
 CVE-2021-28216 (BootPerformanceTable pointer is read from an NVRAM variable in PEI. Re ...)
 	- edk2 <unfixed>
+	[bullseye] - edk2 <no-dsa> (Minor issue)
+	[buster] - edk2 <no-dsa> (Minor issue)
 	[stretch] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2957
 CVE-2021-28215
@@ -45752,8 +45758,11 @@ CVE-2021-21898
 	RESERVED
 CVE-2021-21897 (A code execution vulnerability exists in the DL_Dxf::handleLWPolylineD ...)
 	- dxflib <unfixed>
+	[bullseye] - dxflib <no-dsa> (Minor issue)
+	[buster] - dxflib <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1346
 	TODO: check, horizon-eda, cloudcompare, kicad embedds it, but needs to check if actually used and issue affects those
+	NOTE: https://github.com/qcad/qcad/commit/1eeffc5daf5a06cf6213ffc19e95923cdebb2eb8
 CVE-2021-21896
 	RESERVED
 CVE-2021-21895
@@ -82595,10 +82604,14 @@ CVE-2020-18973
 	RESERVED
 CVE-2020-18972 (Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v ...)
 	- libpodofo <unfixed>
+	[bullseye] - libpodofo <no-dsa> (Minor issue)
+	[buster] - libpodofo <no-dsa> (Minor issue)
 	[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://sourceforge.net/p/podofo/tickets/49/
 CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause ...)
 	- libpodofo <unfixed>
+	[bullseye] - libpodofo <no-dsa> (Minor issue)
+	[buster] - libpodofo <no-dsa> (Minor issue)
 	[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://sourceforge.net/p/podofo/tickets/48/
 CVE-2020-18970



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c37af92c7597f53bc7491150511ffbb42fbae2cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c37af92c7597f53bc7491150511ffbb42fbae2cf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210914/fbc6ec46/attachment-0001.htm>