[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Sep 20 09:29:24 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0e90c43b by Moritz Muehlenhoff at 2021-09-20T10:28:48+02:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7080,6 +7080,8 @@ CVE-2021-38374
RESERVED
CVE-2021-38373 (In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not hon ...)
- kmail <unfixed>
+ [bullseye] - kmail <no-dsa> (Minor issue)
+ [buster] - kmail <no-dsa> (Minor issue)
NOTE: https://bugs.kde.org/show_bug.cgi?id=423423
NOTE: https://nostarttls.secvuln.info
CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle attackers can create new folders ...)
@@ -7108,6 +7110,8 @@ CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 allo
CVE-2021-3698 [authenticates with revoked certificates]
RESERVED
- cockpit <unfixed>
+ [bullseye] - cockpit <no-dsa> (Minor issue)
+ [buster] - cockpit <not-affected> (Vulnerable code not present, introduced in 208)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1992149
CVE-2021-3697
RESERVED
@@ -78288,42 +78292,68 @@ CVE-2020-21607
RESERVED
CVE-2020-21606 (libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_ ...)
- libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/232
CVE-2020-21605 (libde265 v1.0.4 contains a segmentation fault in the apply_sao_interna ...)
- libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/234
CVE-2020-21604 (libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl ...)
- libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/231
CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fa ...)
- libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/240
CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bi ...)
- libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/242
CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallb ...)
- libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/241
CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pr ...)
- libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/243
CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_image::av ...)
- libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/235
CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unw ...)
- libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/237
CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma funct ...)
- libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/238
CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_ ...)
- libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/236
CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...)
- libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/239
CVE-2020-21594 (libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fal ...)
- libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/233
CVE-2020-21593
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e90c43bd9fe2110496fb68adf5480e458ec8673
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e90c43bd9fe2110496fb68adf5480e458ec8673
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210920/270a918e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list