[Git][security-tracker-team/security-tracker][master] libsolv no-dsa

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Sep 22 09:40:15 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b112cb6 by Moritz Muehlenhoff at 2021-09-22T10:40:01+02:00
libsolv no-dsa
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17457,9 +17457,9 @@ CVE-2021-33939
 	RESERVED
 CVE-2021-33938 (Buffer overflow vulnerability in function prune_to_recommended in src/ ...)
 	- libsolv 0.7.17-1
+	[buster] - libsolv <no-dsa> (Minor issue)
 	NOTE: https://github.com/openSUSE/libsolv/issues/420
 	NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
-	TODO: check, completeness
 CVE-2021-33937
 	RESERVED
 CVE-2021-33936
@@ -17476,19 +17476,19 @@ CVE-2021-33931
 	RESERVED
 CVE-2021-33930 (Buffer overflow vulnerability in function pool_installable_whatprovide ...)
 	- libsolv 0.7.17-1
+	[buster] - libsolv <no-dsa> (Minor issue)
 	NOTE: https://github.com/openSUSE/libsolv/issues/417
 	NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
-	TODO: check, completeness
 CVE-2021-33929 (Buffer overflow vulnerability in function pool_disabled_solvable in sr ...)
 	- libsolv 0.7.17-1
+	[buster] - libsolv <no-dsa> (Minor issue)
 	NOTE: https://github.com/openSUSE/libsolv/issues/417
 	NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
-	TODO: check, completeness
 CVE-2021-33928 (Buffer overflow vulnerability in function pool_installable in src/repo ...)
 	- libsolv 0.7.17-1
+	[buster] - libsolv <no-dsa> (Minor issue)
 	NOTE: https://github.com/openSUSE/libsolv/issues/417
 	NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
-	TODO: check, completeness
 CVE-2021-33927
 	RESERVED
 CVE-2021-33926
@@ -22924,7 +22924,7 @@ CVE-2021-31821
 CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server Web Req ...)
 	NOT-FOR-US: Octopus Server
 CVE-2021-31819 (In Halibut versions prior to 4.4.7 there is a deserialisation vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Octopus
 CVE-2021-31818 (Affected versions of Octopus Server are prone to an authenticated SQL  ...)
 	NOT-FOR-US: Octopus Server
 CVE-2021-31817 (When configuring Octopus Server if it is configured with an external S ...)
@@ -36634,7 +36634,7 @@ CVE-2021-26335
 CVE-2021-26334
 	RESERVED
 CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform Securit ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-26332
 	RESERVED
 CVE-2021-26331
@@ -43562,9 +43562,9 @@ CVE-2021-23446
 CVE-2021-23445
 	RESERVED
 CVE-2021-23444 (This affects the package jointjs before 3.4.2. A type confusion vulner ...)
-	TODO: check
+	NOT-FOR-US: Node jointjs
 CVE-2021-23443 (This affects the package edge.js before 5.3.2. A type confusion vulner ...)
-	TODO: check
+	NOT-FOR-US: Node edge.js
 CVE-2021-23442 (This affects all versions of package @cookiex/deep. The global proto o ...)
 	NOT-FOR-US: Node @cookiex/deep
 CVE-2021-23441 (All versions of package com.jsoniter:jsoniter are vulnerable to Deseri ...)
@@ -61187,7 +61187,7 @@ CVE-2021-0871
 CVE-2021-0870
 	RESERVED
 CVE-2021-0869 (In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2021-0868
 	RESERVED
 CVE-2021-0867
@@ -67893,7 +67893,7 @@ CVE-2020-26303
 CVE-2020-26302
 	RESERVED
 CVE-2020-26301 (ssh2 is client and server modules written in pure JavaScript for node. ...)
-	TODO: check
+	NOT-FOR-US: Node ssh2
 CVE-2020-26300 (systeminformation is an npm package that provides system and OS inform ...)
 	NOT-FOR-US: Node systeminformation
 CVE-2020-26299 (ftp-srv is an open-source FTP server designed to be simple yet configu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b112cb62d9144fb3452c50506a96edc971b903e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b112cb62d9144fb3452c50506a96edc971b903e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210922/b60842e3/attachment.htm>

More information about the debian-security-tracker-commits mailing list