[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jan 3 10:50:28 GMT 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a683fc19 by Moritz Muehlenhoff at 2022-01-03T11:44:28+01:00
buster/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -307,6 +307,8 @@ CVE-2021-45919
 	RESERVED
 CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of  ...)
 	- wireshark <unfixed>
+	[bullseye] - wireshark <no-dsa> (Minor issue)
+	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811
 CVE-2021-4189 [ftplib should not use the host from the PASV response]
@@ -546,26 +548,38 @@ CVE-2021-45885 (An issue was discovered in Stormshield Network Security (SNS) 4.
 	NOT-FOR-US: Stormshield Network Security (SNS)
 CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows den ...)
 	- wireshark 3.6.0-1
+	[bullseye] - wireshark <no-dsa> (Minor issue)
+	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-16.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17737
 CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3 ...)
 	- wireshark <unfixed>
+	[bullseye] - wireshark <no-dsa> (Minor issue)
+	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-17.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17745
 CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3 ...)
 	- wireshark <unfixed>
+	[bullseye] - wireshark <no-dsa> (Minor issue)
+	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-18.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17754
 CVE-2021-4183 (Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of se ...)
 	- wireshark <unfixed>
+	[bullseye] - wireshark <no-dsa> (Minor issue)
+	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-19.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17755
 CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 ...)
 	- wireshark <unfixed>
+	[bullseye] - wireshark <no-dsa> (Minor issue)
+	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-20.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17801
 CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3. ...)
 	- wireshark <unfixed>
+	[bullseye] - wireshark <no-dsa> (Minor issue)
+	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-21.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/5429
 CVE-2021-45884 (In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based a ...)
@@ -1511,6 +1525,8 @@ CVE-2021-45464
 	RESERVED
 CVE-2021-45463 (GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allo ...)
 	- gegl 1:0.4.34-1 (bug #1002661)
+	[bullseye] - gegl <no-dsa> (Minor issue)
+	[buster] - gegl <no-dsa> (Minor issue)
 	[stretch] - gegl <no-dsa> (Minor issue; can be fixed later)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b (GEGL_0_4_34)
 	NOTE: Followup: https://gitlab.gnome.org/GNOME/gegl/-/commit/2172cf7e8d7e8891ae2053d6eef213d5bef939cb (GEGL_0_4_34)


=====================================
data/dsa-needed.txt
=====================================
@@ -27,6 +27,8 @@ condor
 --
 faad2/oldstable (jmm)
 --
+ghostscript
+--
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v4.19.y versions.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a683fc19f56af499938ee5f02a09f9e872676cf4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a683fc19f56af499938ee5f02a09f9e872676cf4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220103/583caf20/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list