[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
25783288 by Moritz Muehlenhoff at 2022-03-28T16:16:35+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3159,6 +3159,8 @@ CVE-2021-46708 (The swagger-ui-dist package before 4.1.3 for Node.js could allow
 	- swagger-ui <itp> (bug #895422)
 CVE-2020-36518 (jackson-databind before 2.13.0 allows a Java StackOverflow exception a ...)
 	- jackson-databind <unfixed> (bug #1007109)
+	[bullseye] - jackson-databind <no-dsa> (Minor issue)
+	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2816
 CVE-2018-25031 (Swagger UI before 4.1.3 could allow a remote attacker to conduct spoof ...)
 	- node-swagger-ui <itp> (bug #871461)
@@ -67725,20 +67727,23 @@ CVE-2021-28280 (CSRF + Cross-site scripting (XSS) vulnerability in search.php in
 CVE-2021-28279
 	RESERVED
 CVE-2021-28278 (A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3. ...)
-	- jhead 1:3.06.0.1-2
+	- jhead 1:3.06.0.1-2 (unimportant)
 	NOTE: https://github.com/Matthias-Wandel/jhead/commit/a50953a266583981b51a181c2fce73dad2ac5d7d (3.06.0.1)
 	NOTE: https://github.com/Matthias-Wandel/jhead/issues/15
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-28277 (A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.0 ...)
-	- jhead 1:3.06.0.1-2
+	- jhead 1:3.06.0.1-2 (unimportant)
 	NOTE: https://github.com/Matthias-Wandel/jhead/commit/b8d78e5ec982e86cdd70ebfc1ebbb2273c982eea (3.06.0.1)
 	NOTE: https://github.com/Matthias-Wandel/jhead/issues/16
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-28276 (A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a  ...)
 	TODO: check CVE reference, probably invalid report or old version.
 	NOTE: https://github.com/Matthias-Wandel/jhead/issues/26
 CVE-2021-28275 (A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to ...)
-	- jhead 1:3.06.0.1-2
+	- jhead 1:3.06.0.1-2 (unimportant)
 	NOTE: https://github.com/Matthias-Wandel/jhead/commit/a50953a266583981b51a181c2fce73dad2ac5d7d (3.06.0.1)
 	NOTE: https://github.com/Matthias-Wandel/jhead/issues/17
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-28274
 	RESERVED
 CVE-2021-28273
@@ -79818,13 +79823,14 @@ CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 3.7.0
 	- python-django 2:2.2.19-1 (bug #983090)
 	[buster] - python-django <no-dsa> (Minor issue; can be fixed via point release)
 	- python3.9 3.9.2-1
+	[buster] - python3.9 <ignored> (Will break existing applications, don't backport to released suites)
 	- python3.8 <removed>
 	- python3.7 <removed>
-	[buster] - python3.7 <no-dsa> (Minor issue)
+	[buster] - python3.7 <ignored> (Will break existing applications, don't backport to released suites)
 	- python3.5 <removed>
 	- python2.7 <unfixed>
 	[bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support)
-	[buster] - python2.7 <no-dsa> (Minor issue)
+	[buster] - python2.7 <ignored> (Will break existing applications, don't backport to released suites)
 	- pypy3 7.3.3+dfsg-3
 	[buster] - pypy3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/python/cpython/pull/24297



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/257832880b1dae25b2c24adea9ae1c728cb8a9c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/257832880b1dae25b2c24adea9ae1c728cb8a9c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220328/d2e2f8b8/attachment.htm>