[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Feb 16 11:37:21 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
963074a1 by Moritz Muehlenhoff at 2022-02-16T12:36:55+01:00
buster/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -21445,6 +21445,8 @@ CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During Web
 	NOT-FOR-US: Grav CMS
 CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	- vim 2:8.2.3565-1
+	[bullseye] - vim <no-dsa> (Minor issue)
+	[buster] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
 	NOTE: https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
@@ -33471,6 +33473,8 @@ CVE-2021-3701
 CVE-2021-3700
 	RESERVED
 	- usbredir 0.11.0-1
+	[bullseye] - usbredir <no-dsa> (Minor issue)
+	[buster] - usbredir <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba75120e00ebebbf1d5a1f7220ab (usbredir-0.11.0)
 CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4. ...)
 	- request-tracker5 <unfixed> (bug #995167)
@@ -43286,10 +43290,9 @@ CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerabilit
 	NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-3596 [NULL pointer dereference in ReadSVGImage() in coders/svg.c]
 	RESERVED
-	- imagemagick <undetermined>
+	- imagemagick <not-affected> (Specific to IM7)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/2624
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/43dfb1894761c4929d5d5c98dc80ba4e59a0d114
-	TODO: check if affects Imagemagick6
 CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP network ...)
 	{DLA-2753-1}
 	- libslirp 4.6.1-1 (bug #989996)
@@ -43866,11 +43869,15 @@ CVE-2021-34336
 	RESERVED
 CVE-2021-34335 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 0.27.5-1 (bug #992707)
+	[bullseye] - exiv2 <ignored> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984
 	NOTE: https://github.com/Exiv2/exiv2/pull/1750
 CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 0.27.5-1 (bug #992706)
+	[bullseye] - exiv2 <ignored> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p
 	NOTE: https://github.com/Exiv2/exiv2/pull/1766
@@ -47534,6 +47541,8 @@ CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for t
 	NOT-FOR-US: ProtonMail Web Client
 CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 0.27.5-1 (bug #992705)
+	[bullseye] - exiv2 <ignored> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m
 	NOTE: https://github.com/Exiv2/exiv2/pull/1739


=====================================
data/dsa-needed.txt
=====================================
@@ -18,8 +18,12 @@ chromium
 --
 condor
 --
+expat
+--
 faad2/oldstable (jmm)
 --
+freecad (aron)
+--
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v4.19.y versions.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/963074a13a6f07f735753e249b795c83c79b8e18

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/963074a13a6f07f735753e249b795c83c79b8e18
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220216/5b222314/attachment.htm>

More information about the debian-security-tracker-commits mailing list