[Git][security-tracker-team/security-tracker][master] 8 commits: Triage CVE-2015-20107 in python2.7 for stretch LTS.

Chris Lamb (@lamby) lamby at debian.org
Tue Apr 26 18:15:06 BST 2022 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9827f0bd by Chris Lamb at 2022-04-26T10:14:35-07:00
Triage CVE-2015-20107 in python2.7 for stretch LTS.

- - - - -
314d716f by Chris Lamb at 2022-04-26T10:14:36-07:00
Triage CVE-2022-27404, CVE-2022-27405 & CVE-2022-27406 in freetype for stretch LTS.

- - - - -
d120a9b0 by Chris Lamb at 2022-04-26T10:14:36-07:00
Triage CVE-2022-24765 in git for stretch LTS.

- - - - -
36137555 by Chris Lamb at 2022-04-26T10:14:36-07:00
Triage CVE-2021-41119 in haskell-aeson for stretch LTS.

- - - - -
7f3f7610 by Chris Lamb at 2022-04-26T10:14:36-07:00
Triage CVE-2021-40656, CVE-2021-41715, CVE-2022-27044 & CVE-2022-27046 in libsixel for stretch LTS.

- - - - -
71375989 by Chris Lamb at 2022-04-26T10:14:36-07:00
Triage CVE-2022-24851 in ldap-account-manager for stretch LTS.

- - - - -
221eeb69 by Chris Lamb at 2022-04-26T10:14:36-07:00
Triage CVE-2015-20107 in python3.5 for stretch LTS.

- - - - -
bffca032 by Chris Lamb at 2022-04-26T10:14:37-07:00
Actually mark this one as ignored.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1674,9 +1674,11 @@ CVE-2015-20107 (In Python (aka CPython) through 3.10.4, the mailcap module does
 	- python3.7 <removed>
 	[buster] - python3.7 <no-dsa> (Minor issue)
 	- python3.5 <removed>
+	[stretch] - python3.5 <no-dsa> (Minor issue)
 	- python2.7 <unfixed>
 	[bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support)
 	[buster] - python2.7 <no-dsa> (Minor issue)
+	[stretch] - python2.7 <ignored> (Python 2.7 in stretch LTS not covered as a runtime concern)
 	NOTE: https://bugs.python.org/issue24778
 	NOTE: https://github.com/python/cpython/issues/68966
 	NOTE: https://github.com/python/cpython/pull/91542
@@ -6444,18 +6446,21 @@ CVE-2022-27406 (FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was dis
 	- freetype <unfixed> (bug #1010183)
 	[bullseye] - freetype <no-dsa> (Minor issue)
 	[buster] - freetype <no-dsa> (Minor issue)
+	[stretch] - freetype <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140
 	NOTE: Fixed by: https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2 (VER-2-12-0)
 CVE-2022-27405 (FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovere ...)
 	- freetype <unfixed> (bug #1010183)
 	[bullseye] - freetype <no-dsa> (Minor issue)
 	[buster] - freetype <no-dsa> (Minor issue)
+	[stretch] - freetype <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139
 	NOTE: Fixed by: https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 (VER-2-12-0)
 CVE-2022-27404 (FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovere ...)
 	- freetype <unfixed> (bug #1010183)
 	[bullseye] - freetype <no-dsa> (Minor issue)
 	[buster] - freetype <no-dsa> (Minor issue)
+	[stretch] - freetype <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138
 	NOTE: Fixed by: https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db (VER-2-12-0)
 CVE-2022-27403
@@ -7582,6 +7587,7 @@ CVE-2022-27046 (libsixel 1.8.6 suffers from a Heap Use After Free vulnerability
 	- libsixel 1.10.3-1
 	[bullseye] - libsixel <no-dsa> (Minor issue)
 	[buster] - libsixel <no-dsa> (Minor issue)
+	[stretch] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/157
 	NOTE: https://github.com/libsixel/libsixel/issues/27
 	NOTE: https://github.com/libsixel/libsixel/pull/28
@@ -7592,6 +7598,7 @@ CVE-2022-27044 (libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/qu
 	- libsixel 1.10.3-1
 	[bullseye] - libsixel <no-dsa> (Minor issue)
 	[buster] - libsixel <no-dsa> (Minor issue)
+	[stretch] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/156
 	NOTE: https://github.com/libsixel/libsixel/issues/25
 	NOTE: https://github.com/libsixel/libsixel/pull/26
@@ -13558,6 +13565,7 @@ CVE-2022-24852
 CVE-2022-24851 (LDAP Account Manager (LAM) is an open source web frontend for managing ...)
 	- ldap-account-manager 7.9.1-1
 	[bullseye] - ldap-account-manager <no-dsa> (Minor issue; can be fixed via point release)
+	[stretch] - ldap-account-manager <no-dsa> (Minor issue)
 	NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-f2fr-cccr-583v
 	NOTE: https://github.com/LDAPAccountManager/lam/commit/3c6f09a3579e048e224eb5a4c4e3eefaa8bccd49
 	NOTE: https://github.com/LDAPAccountManager/lam/issues/170
@@ -13803,6 +13811,7 @@ CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific pat
 	- git 1:2.35.2-1
 	[bullseye] - git <no-dsa> (Minor issue)
 	[buster] - git <no-dsa> (Minor issue)
+	[stretch] - git <not-affected> (MS Windows)
 	NOTE: https://github.com/git/git/commit/6e7ad1e4c22e7038975ba37c7413374fe566b064 (v2.30.3)
 	NOTE: https://github.com/git/git/commit/bdc77d1d685be9c10b88abb281a42bc620548595 (v2.30.3)
 	NOTE: https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9 (v2.30.3)
@@ -39244,6 +39253,7 @@ CVE-2021-41715 (libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/
 	- libsixel 1.10.3-1
 	[bullseye] - libsixel <no-dsa> (Minor issue)
 	[buster] - libsixel <no-dsa> (Minor issue)
+	[stretch] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/libsixel/libsixel/commit/d299d67c532a5133a57aade5c35ff8e612c73dd8 (1.10.1)
 	NOTE: https://github.com/libsixel/libsixel/pull/28
 	NOTE: https://github.com/libsixel/libsixel/issues/27
@@ -40686,6 +40696,7 @@ CVE-2021-41119 (Wire-server is the system server for the wire back-end services.
 	- haskell-aeson <unfixed> (bug #1009678)
 	[bullseye] - haskell-aeson <no-dsa> (Minor issue)
 	[buster] - haskell-aeson <no-dsa> (Minor issue)
+	[stretch] - haskell-aeson <no-dsa> (Minor issue)
 	NOTE: https://cs-syd.eu/posts/2021-09-11-json-vulnerability
 	NOTE: https://github.com/haskell/aeson/issues/864
 	NOTE: https://hackage.haskell.org/package/aeson-2.0.1.0
@@ -41841,6 +41852,7 @@ CVE-2021-40656 (libsixel before 1.10 is vulnerable to Buffer Overflow in libsixe
 	- libsixel 1.10.3-1
 	[bullseye] - libsixel <no-dsa> (Minor issue)
 	[buster] - libsixel <no-dsa> (Minor issue)
+	[stretch] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/libsixel/libsixel/commit/dc96cdc27fb53e8595af67aaf68001033c808e42 (1.10.0)
 	NOTE: https://github.com/libsixel/libsixel/pull/26
 	NOTE: https://github.com/libsixel/libsixel/issues/25



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b5ef9a2fda23f8501698eca5fe3b78e7be56b7b2...bffca03273c7fb0e2f8f54643f99d2f6eac5c991

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b5ef9a2fda23f8501698eca5fe3b78e7be56b7b2...bffca03273c7fb0e2f8f54643f99d2f6eac5c991
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220426/30cc1b14/attachment.htm>

More information about the debian-security-tracker-commits mailing list