[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jan 21 14:32:52 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1328c577 by Moritz Muehlenhoff at 2022-01-21T15:30:03+01:00
buster/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -22127,6 +22127,8 @@ CVE-2021-41044
RESERVED
CVE-2021-41043 (Use after free in tcpslice triggers AddressSanitizer, no other confirm ...)
- tcpslice <unfixed> (bug #1003190)
+ [bullseye] - tcpslice <no-dsa> (Minor issue)
+ [buster] - tcpslice <no-dsa> (Minor issue)
NOTE: https://github.com/the-tcpdump-group/tcpslice/issues/11
NOTE: https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a (tcpslice-1.5)
CVE-2021-41042
@@ -31627,6 +31629,7 @@ CVE-2021-37219 (HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer all
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024
CVE-2021-37218 (HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server ...)
- nomad <unfixed>
+ [bullseye] - nomad <no-dsa> (Minor issue)
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023
NOTE: https://github.com/hashicorp/nomad/pull/11089 (main)
NOTE: https://github.com/hashicorp/nomad/commit/768d7c72a77e9c0415d92900753fc83e8822145a (release-1.1.4)
@@ -64983,6 +64986,7 @@ CVE-2021-3122 (CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH server
NOT-FOR-US: CMCAgent in NCR Command Center Agent
CVE-2021-3121 (An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarsha ...)
- golang-gogoprotobuf 1.3.2-1
+ [buster] - golang-gogoprotobuf <no-dsa> (Minor issue)
[stretch] - golang-gogoprotobuf <no-dsa> (Minor issue)
NOTE: https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc
CVE-2021-3120 (An arbitrary file upload vulnerability in the YITH WooCommerce Gift Ca ...)
@@ -80835,12 +80839,14 @@ CVE-2020-28853
CVE-2020-28852 (In x/text in Go before v0.3.5, a "slice bounds out of range" panic occ ...)
- golang-golang-x-text 0.3.5-1 (bug #980002)
- golang-x-text <removed>
+ [buster] - golang-x-text <no-dsa> (Minor issue)
[stretch] - golang-x-text <no-dsa> (Minor issue. Golang has limited support in stretch.)
NOTE: https://github.com/golang/go/issues/42536
NOTE: https://github.com/golang/text/commit/4482a914f52311356f6f4b7a695d4075ca22c0c6 (v0.3.5)
CVE-2020-28851 (In x/text in Go 1.15.4, an "index out of range" panic occurs in langua ...)
- golang-golang-x-text 0.3.6-1 (bug #980001)
- golang-x-text <removed>
+ [buster] - golang-x-text <no-dsa> (Minor issue)
[stretch] - golang-x-text <no-dsa> (Minor issue. Golang has limited support in stretch.)
NOTE: https://github.com/golang/go/issues/42535
CVE-2020-28850
=====================================
data/dsa-needed.txt
=====================================
@@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa
--
asterisk/oldstable
--
+chromium (jmm)
+--
condor
--
faad2/oldstable (jmm)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1328c577f67bd9fb21ec1f4f20d77c41bc282cdf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1328c577f67bd9fb21ec1f4f20d77c41bc282cdf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220121/0deead54/attachment.htm>
More information about the debian-security-tracker-commits
mailing list