[Git][security-tracker-team/security-tracker][master] remove navit, ezxml not used

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 5 13:25:56 BST 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3435575a by Moritz Muehlenhoff at 2022-07-05T14:24:01+02:00
remove navit, ezxml not used
update information on code copies for ezxml
buster/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/embedded-code-copies


Changes:

=====================================
data/CVE/list
=====================================
@@ -13818,8 +13818,15 @@ CVE-2022-30046
 	RESERVED
 CVE-2022-30045 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
 	- mapcache <unfixed> (unimportant; bug #1014389)
-	- navit <unfixed> (bug #1014390)
 	- scilab <unfixed> (bug #1014391)
+	[bullseye] - scilab <no-dsa> (Minor issue)
+	[buster] - scilab <no-dsa> (Minor issue)
+	- netcdf 1:4.9.0-1
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/29/
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2022-30044
@@ -80472,12 +80479,12 @@ CVE-2021-31598 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi
 	[bullseye] - scilab <no-dsa> (Minor issue)
 	[buster] - scilab <no-dsa> (Minor issue)
 	- netcdf 1:4.9.0-1 (bug #989360)
-	[bullseye] - netcdf <no-dsa> (Minor issue)
-	[buster] - netcdf <no-dsa> (Minor issue)
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
 	[stretch] - netcdf <not-affected> (vulnerable code not present)
-	- netcdf-parallel <unfixed> (bug #989361)
-	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
-	[buster] - netcdf-parallel <no-dsa> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/28/
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2021-31597 (The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL c ...)
@@ -81120,12 +81127,12 @@ CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi
 	[bullseye] - scilab <no-dsa> (Minor issue)
 	[buster] - scilab <no-dsa> (Minor issue)
 	- netcdf 1:4.9.0-1 (bug #989360)
-	[bullseye] - netcdf <no-dsa> (Minor issue)
-	[buster] - netcdf <no-dsa> (Minor issue)
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
 	[stretch] - netcdf <not-affected> (vulnerable code not present)
-	- netcdf-parallel <unfixed> (bug #989361)
-	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
-	[buster] - netcdf-parallel <no-dsa> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/27/
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
@@ -81135,12 +81142,12 @@ CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi
 	[bullseye] - scilab <no-dsa> (Minor issue)
 	[buster] - scilab <no-dsa> (Minor issue)
 	- netcdf 1:4.9.0-1 (bug #989360)
-	[bullseye] - netcdf <no-dsa> (Minor issue)
-	[buster] - netcdf <no-dsa> (Minor issue)
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
 	[stretch] - netcdf <not-affected> (vulnerable code not present)
-	- netcdf-parallel <unfixed> (bug #989361)
-	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
-	[buster] - netcdf-parallel <no-dsa> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/27/
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2021-31346 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All  ...)
@@ -81435,12 +81442,12 @@ CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi
 	[bullseye] - scilab <no-dsa> (Minor issue)
 	[buster] - scilab <no-dsa> (Minor issue)
 	- netcdf 1:4.9.0-1 (bug #989360)
-	[bullseye] - netcdf <no-dsa> (Minor issue)
-	[buster] - netcdf <no-dsa> (Minor issue)
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
 	[stretch] - netcdf <not-affected> (vulnerable code not present)
-	- netcdf-parallel <unfixed> (bug #989361)
-	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
-	[buster] - netcdf-parallel <no-dsa> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/26/
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2021-31228 (An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnera ...)
@@ -83551,12 +83558,12 @@ CVE-2021-30485 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi
 	[bullseye] - scilab <no-dsa> (Minor issue)
 	[buster] - scilab <no-dsa> (Minor issue)
 	- netcdf 1:4.9.0-1 (bug #989360)
-	[bullseye] - netcdf <no-dsa> (Minor issue)
-	[buster] - netcdf <no-dsa> (Minor issue)
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
 	[stretch] - netcdf <not-affected> (vulnerable code not present)
-	- netcdf-parallel <unfixed> (bug #989361)
-	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
-	[buster] - netcdf-parallel <no-dsa> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/25
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2021-30484
@@ -94274,12 +94281,12 @@ CVE-2021-26222 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable
 	[buster] - scilab <no-dsa> (Minor issue)
 	[stretch] - scilab <no-dsa> (Minor issue)
 	- netcdf 1:4.9.0-1 (bug #989360)
-	[bullseye] - netcdf <no-dsa> (Minor issue)
-	[buster] - netcdf <no-dsa> (Minor issue)
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
 	[stretch] - netcdf <not-affected> (vulnerable code not present)
-	- netcdf-parallel <unfixed> (bug #989361)
-	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
-	[buster] - netcdf-parallel <no-dsa> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/22/
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2021-26221 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ...)
@@ -94289,12 +94296,12 @@ CVE-2021-26221 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable
 	[buster] - scilab <no-dsa> (Minor issue)
 	[stretch] - scilab <no-dsa> (Minor issue)
 	- netcdf 1:4.9.0-1 (bug #989360)
-	[bullseye] - netcdf <no-dsa> (Minor issue)
-	[buster] - netcdf <no-dsa> (Minor issue)
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
 	[stretch] - netcdf <not-affected> (vulnerable code not present)
-	- netcdf-parallel <unfixed> (bug #989361)
-	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
-	[buster] - netcdf-parallel <no-dsa> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/21/
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2021-26220 (The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to O ...)
@@ -94304,12 +94311,12 @@ CVE-2021-26220 (The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerabl
 	[buster] - scilab <no-dsa> (Minor issue)
 	[stretch] - scilab <no-dsa> (Minor issue)
 	- netcdf 1:4.9.0-1 (bug #989360)
-	[bullseye] - netcdf <no-dsa> (Minor issue)
-	[buster] - netcdf <no-dsa> (Minor issue)
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
 	[stretch] - netcdf <not-affected> (vulnerable code not present)
-	- netcdf-parallel <unfixed> (bug #989361)
-	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
-	[buster] - netcdf-parallel <no-dsa> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/223/
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2021-26219
@@ -178737,12 +178744,12 @@ CVE-2019-20202 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi
 	[buster] - scilab <no-dsa> (Minor issue)
 	[stretch] - scilab <no-dsa> (Minor issue)
 	- netcdf 1:4.9.0-1 (bug #989360)
-	[bullseye] - netcdf <no-dsa> (Minor issue)
-	[buster] - netcdf <no-dsa> (Minor issue)
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
 	[stretch] - netcdf <not-affected> (vulnerable code not present)
-	- netcdf-parallel <unfixed> (bug #989361)
-	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
-	[buster] - netcdf-parallel <no-dsa> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/17/
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_ ...)
@@ -178752,12 +178759,12 @@ CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_
 	[buster] - scilab <no-dsa> (Minor issue)
 	[stretch] - scilab <no-dsa> (Minor issue)
 	- netcdf 1:4.9.0-1 (bug #989360)
-	[bullseye] - netcdf <no-dsa> (Minor issue)
-	[buster] - netcdf <no-dsa> (Minor issue)
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
 	[stretch] - netcdf <not-affected> (vulnerable code not present)
-	- netcdf-parallel <unfixed> (bug #989361)
-	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
-	[buster] - netcdf-parallel <no-dsa> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/16/
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2019-20200 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
@@ -178767,12 +178774,12 @@ CVE-2019-20200 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi
 	[buster] - scilab <no-dsa> (Minor issue)
 	[stretch] - scilab <no-dsa> (Minor issue)
 	- netcdf 1:4.9.0-1 (bug #989360)
-	[bullseye] - netcdf <no-dsa> (Minor issue)
-	[buster] - netcdf <no-dsa> (Minor issue)
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
 	[stretch] - netcdf <not-affected> (vulnerable code not present)
-	- netcdf-parallel <unfixed> (bug #989361)
-	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
-	[buster] - netcdf-parallel <no-dsa> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/19/
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2019-20199 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
@@ -178782,12 +178789,12 @@ CVE-2019-20199 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi
 	[buster] - scilab <no-dsa> (Minor issue)
 	[stretch] - scilab <no-dsa> (Minor issue)
 	- netcdf 1:4.9.0-1 (bug #989360)
-	[bullseye] - netcdf <no-dsa> (Minor issue)
-	[buster] - netcdf <no-dsa> (Minor issue)
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
 	[stretch] - netcdf <not-affected> (vulnerable code not present)
-	- netcdf-parallel <unfixed> (bug #989361)
-	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
-	[buster] - netcdf-parallel <no-dsa> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/18/
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2019-20198 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
@@ -178797,12 +178804,12 @@ CVE-2019-20198 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi
 	[buster] - scilab <no-dsa> (Minor issue)
 	[stretch] - scilab <no-dsa> (Minor issue)
 	- netcdf 1:4.9.0-1 (bug #989360)
-	[bullseye] - netcdf <no-dsa> (Minor issue)
-	[buster] - netcdf <no-dsa> (Minor issue)
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
 	[stretch] - netcdf <not-affected> (vulnerable code not present)
-	- netcdf-parallel <unfixed> (bug #989361)
-	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
-	[buster] - netcdf-parallel <no-dsa> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/20/
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2020-5178
@@ -181891,12 +181898,12 @@ CVE-2019-20007 (An issue was discovered in ezXML 0.8.2 through 0.8.6. The functi
 	[buster] - scilab <no-dsa> (Minor issue)
 	[stretch] - scilab <no-dsa> (Minor issue)
 	- netcdf 1:4.9.0-1 (bug #989360)
-	[bullseye] - netcdf <no-dsa> (Minor issue)
-	[buster] - netcdf <no-dsa> (Minor issue)
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
 	[stretch] - netcdf <not-affected> (vulnerable code not present)
-	- netcdf-parallel <unfixed> (bug #989361)
-	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
-	[buster] - netcdf-parallel <no-dsa> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/13/
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2019-20006 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
@@ -181906,12 +181913,12 @@ CVE-2019-20006 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi
 	[buster] - scilab <no-dsa> (Minor issue)
 	[stretch] - scilab <no-dsa> (Minor issue)
 	- netcdf 1:4.9.0-1 (bug #989360)
-	[bullseye] - netcdf <no-dsa> (Minor issue)
-	[buster] - netcdf <no-dsa> (Minor issue)
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
 	[stretch] - netcdf <not-affected> (vulnerable code not present)
-	- netcdf-parallel <unfixed> (bug #989361)
-	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
-	[buster] - netcdf-parallel <no-dsa> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/15/
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
@@ -181921,12 +181928,12 @@ CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi
 	[buster] - scilab <no-dsa> (Minor issue)
 	[stretch] - scilab <no-dsa> (Minor issue)
 	- netcdf 1:4.9.0-1 (bug #989360)
-	[bullseye] - netcdf <no-dsa> (Minor issue)
-	[buster] - netcdf <no-dsa> (Minor issue)
+	[bullseye] - netcdf <ignored> (Minor issue)
+	[buster] - netcdf <ignored> (Minor issue)
 	[stretch] - netcdf <not-affected> (vulnerable code not present)
-	- netcdf-parallel <unfixed> (bug #989361)
-	[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
-	[buster] - netcdf-parallel <no-dsa> (Minor issue)
+	- netcdf-parallel 1:4.9.0-1 (bug #989361)
+	[bullseye] - netcdf-parallel <ignored> (Minor issue)
+	[buster] - netcdf-parallel <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/ezxml/bugs/14/
 	NOTE: mapcache only uses ezxml to parse config files which are trusted
 CVE-2019-20004 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the ...)


=====================================
data/embedded-code-copies
=====================================
@@ -3491,8 +3491,10 @@ ttmath (not packaged, https://www.ttmath.org/)
 	- geos <unfixed> (modified-embed)
 
 ezxml (not packaged in Debian; no ITP)
-	- netcdf <unfixed> (embed; bug #989360)
-	- netcdf-parallel <unfixed> (embed; bug #989361)
+	- netcdf 1:4.9.0-1 (embed; bug #989360)
+	NOTE: netcdf switched to libxml2 in 4.9.0
+	- netcdf-parallel 1:4.9.0-1 (embed; bug #989361)
+	NOTE: netcdf-parallel switched to libxml2 in 4.9.0
 	- navit <not-affected> (embed; bug #989362)
 	- mapcache <unfixed> (embed; bug #989363)
 	NOTE: mapcache only uses ezxml to parse config file, doesn't trust any trust boundary, no need to file bugs



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3435575a92ec4f96060a99d7ce70871f22d4a867

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3435575a92ec4f96060a99d7ce70871f22d4a867
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220705/bbc5c013/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list