[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Wed Sep 29 16:32:35 BST 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
34691df1 by Moritz Muehlenhoff at 2021-09-29T17:31:30+02:00
buster/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7779,6 +7779,8 @@ CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle attackers can create new f
 	- trojita <itp> (bug #795701)
 CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response injection  ...)
 	- exim4 <unfixed> (bug #992172)
+	[bullseye] - exim4 <no-dsa> (Minor issue)
+	[buster] - exim4 <no-dsa> (Minor issue)
 	[stretch] - exim4 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://nostarttls.secvuln.info
 	NOTE: https://www.exim.org/static/doc/security/CVE-2021-38371.txt
@@ -10675,6 +10677,8 @@ CVE-2021-37147
 	RESERVED
 CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...)
 	- ros-ros-comm <unfixed>
+	[bullseye] - ros-ros-comm <no-dsa> (Minor issue)
+	[buster] - ros-ros-comm <no-dsa> (Minor issue)
 	NOTE: https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446
 	NOTE: https://discourse.ros.org/t/new-packages-for-noetic-2021-09-27/22447
 	NOTE: https://github.com/ros/ros_comm/pull/2185
@@ -79412,12 +79416,14 @@ CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the read_text
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8)
 CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfont fun ...)
 	- fig2dev 1:3.2.8-1
+	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/64/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/421afa17d8cb8dafcaf3e6044a70790fa4fe307b/ (3.2.8)
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/00cdedac7a0b029846dee891769a1e77df83a01b/ (3.2.8)
 CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_i ...)
 	- fig2dev 1:3.2.8-1
+	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/63/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/2f8d1ae9763dcdc99b88a2b14849fe37174bcd69/ (3.2.8)
@@ -79429,6 +79435,7 @@ CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the read_objects
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8)
 CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline f ...)
 	- fig2dev 1:3.2.8-1
+	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/65/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8)


=====================================
data/dsa-needed.txt
=====================================
@@ -12,8 +12,7 @@ To pick an issue, simply add your uid behind it.
 If needed, specify the release by adding a slash after the name of the source package.
 
 --
-apache2
-  Yadd prepared update for bullseye-security, ping about buster?
+apache2 (jmm)
 --
 asterisk
   Maintainer prepared update for bullseye, needs ping for buster
@@ -24,6 +23,8 @@ chromium
 --
 djvulibre
 --
+faad2/oldstable (jmm)
+--
 ffmpeg/oldstable (jmm)
   4.1.7 fixes a number of bugs, but several further one in the 4.1 branch, reaching out for a 4.1.8 release date
 --
@@ -41,6 +42,8 @@ puppetdb (jmm)
 --
 python-pysaml2 (jmm)
 --
+qemu (jmm)
+--
 rabbitmq-server
 --
 runc



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34691df1b8de64e330652517d3e3cf552d2f1368

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34691df1b8de64e330652517d3e3cf552d2f1368
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210929/e6a7b9c5/attachment-0001.htm>
