[Git][security-tracker-team/security-tracker][master] numpy non-issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Jul 10 21:49:00 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9064af80 by Moritz Muehlenhoff at 2022-07-10T22:48:45+02:00
numpy non-issue
rpm bug filed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -74436,10 +74436,10 @@ CVE-2021-34143 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C
 CVE-2021-34142
 	RESERVED
 CVE-2021-34141 (An incomplete string comparison in the numpy.core component in NumPy b ...)
-	- numpy <unfixed>
-	[bullseye] - numpy <no-dsa> (Minor issue)
+	- numpy <unfixed> (unimportant)
 	NOTE: https://github.com/numpy/numpy/issues/18993
 	NOTE: https://github.com/numpy/numpy/commit/eeef9d4646103c3b1afd3085f1393f2b3f9575b2 (v1.23.0.dev0)
+	NOTE: Negligible security impact
 CVE-2021-34140
 	RESERVED
 CVE-2021-34139
@@ -80339,11 +80339,12 @@ CVE-2020-36327 (Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes
 	NOTE: https://github.com/rubygems/rubygems/issues/3982
 CVE-2021-3521
 	RESERVED
-	- rpm <unfixed>
+	- rpm <unfixed> (bug #1014723)
 	[bullseye] - rpm <no-dsa> (Minor issue)
 	[buster] - rpm <no-dsa> (Minor issue)
 	[stretch] - rpm <no-dsa> (Minor issue)
 	NOTE: https://github.com/rpm-software-management/rpm/pull/1788
+	NOTE: https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8
 CVE-2021-3520 (There's a flaw in lz4. An attacker who submits a crafted file to an ap ...)
 	{DSA-4919-1 DLA-2657-1}
 	- lz4 1.9.3-2 (bug #987856)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9064af80a3b5f693f34563ee2efc40442ac53c70

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9064af80a3b5f693f34563ee2efc40442ac53c70
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220710/ed7da3df/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list