[Git][security-tracker-team/security-tracker][master] 2 commits: Update tracking for CVE-2021-41055 in buster and remove leftover TODO

Thu Jan 27 22:18:58 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
09da837a by Salvatore Bonaccorso at 2022-01-27T23:07:38+01:00
Update tracking for CVE-2021-41055 in buster and remove leftover TODO

- - - - -
8649b4ef by Salvatore Bonaccorso at 2022-01-27T23:16:41+01:00
Add Debian bug reference for CVE-2022-23959/varnish

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -460,7 +460,7 @@ CVE-2022-23961
 CVE-2022-23960
 	RESERVED
 CVE-2022-23959 (In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0  ...)
-	- varnish <unfixed>
+	- varnish <unfixed> (bug #1004433)
 	NOTE: https://varnish-cache.org/security/VSV00008.html
 	NOTE: https://docs.varnish-software.com/security/VSV00008/
 	NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/fceaefd4d59a3b5d5a4903a3f420e35eb430d0d4 (master)
@@ -23588,11 +23588,11 @@ CVE-2021-41056
 	RESERVED
 CVE-2021-41055 (Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a  ...)
 	- python-nbxmpp 2.0.4-1
+	[buster] - python-nbxmpp <not-affected> (Vulnerable code not present)
 	[stretch] - python-nbxmpp <not-affected> (Vulnerable code introduced later (modules added in v1.0.0))
 	NOTE: https://dev.gajim.org/gajim/gajim/-/issues/10638
 	NOTE: https://dev.gajim.org/gajim/python-nbxmpp/-/commit/8a626829d7c4b14077f764e61b1d1e867d21413f
 	NOTE: Fix in python-nbxmpp, and gajim 1.3.3 bumps depends on required nbxmpp version.
-	TODO: double-check correctness for tracking of source package, underlying issue is fixed in python-nbxmpp
 CVE-2021-41053
 	RESERVED
 CVE-2021-41052



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c88a2c1581df74acfc64613aaeae52acdfef2c35...8649b4efce9d27d54cb2a166b214d7941725531c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c88a2c1581df74acfc64613aaeae52acdfef2c35...8649b4efce9d27d54cb2a166b214d7941725531c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220127/ffed8e82/attachment.htm>
