[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jan 3 10:50:28 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a683fc19 by Moritz Muehlenhoff at 2022-01-03T11:44:28+01:00
buster/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -307,6 +307,8 @@ CVE-2021-45919
RESERVED
CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of ...)
- wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811
CVE-2021-4189 [ftplib should not use the host from the PASV response]
@@ -546,26 +548,38 @@ CVE-2021-45885 (An issue was discovered in Stormshield Network Security (SNS) 4.
NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows den ...)
- wireshark 3.6.0-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-16.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17737
CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3 ...)
- wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-17.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17745
CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3 ...)
- wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-18.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17754
CVE-2021-4183 (Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of se ...)
- wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-19.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17755
CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 ...)
- wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-20.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17801
CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3. ...)
- wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-21.html
NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/5429
CVE-2021-45884 (In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based a ...)
@@ -1511,6 +1525,8 @@ CVE-2021-45464
RESERVED
CVE-2021-45463 (GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allo ...)
- gegl 1:0.4.34-1 (bug #1002661)
+ [bullseye] - gegl <no-dsa> (Minor issue)
+ [buster] - gegl <no-dsa> (Minor issue)
[stretch] - gegl <no-dsa> (Minor issue; can be fixed later)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b (GEGL_0_4_34)
NOTE: Followup: https://gitlab.gnome.org/GNOME/gegl/-/commit/2172cf7e8d7e8891ae2053d6eef213d5bef939cb (GEGL_0_4_34)
=====================================
data/dsa-needed.txt
=====================================
@@ -27,6 +27,8 @@ condor
--
faad2/oldstable (jmm)
--
+ghostscript
+--
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v4.19.y versions.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a683fc19f56af499938ee5f02a09f9e872676cf4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a683fc19f56af499938ee5f02a09f9e872676cf4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220103/583caf20/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list