[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2021-41736,CVE-2021-41737/faust: stretch postponed
Sylvain Beucler (@beuc)
beuc at debian.org
Thu Mar 31 09:31:13 BST 2022
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e6fdd805 by Sylvain Beucler at 2022-03-31T10:24:22+02:00
CVE-2021-41736,CVE-2021-41737/faust: stretch postponed
- - - - -
3dd1fc06 by Sylvain Beucler at 2022-03-31T10:24:23+02:00
CVE-2021-23556/guake: stretch postponed
- - - - -
df330379 by Sylvain Beucler at 2022-03-31T10:30:29+02:00
CVE-2021-4219/imagemagick: stretch postponed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8228,6 +8228,7 @@ CVE-2021-4219 (A flaw was found in ImageMagick. The vulnerability occurs due to
- imagemagick <unfixed>
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
+ [stretch] - imagemagick <postponed> (Minor issue, DoS)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4626
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c10351c16b8d2cabd11d2627a02de522570f6ceb
CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plu ...)
@@ -34516,11 +34517,13 @@ CVE-2021-41737
- faust <unfixed>
[bullseye] - faust <no-dsa> (Minor issue)
[buster] - faust <no-dsa> (Minor issue)
+ [stretch] - faust <postponed> (Minor issue, no patch/acknowledgment yet)
NOTE: https://github.com/grame-cncm/faust/issues/653
CVE-2021-41736 (Faust v2.35.0 was discovered to contain a heap-buffer overflow in the ...)
- faust <unfixed>
[bullseye] - faust <no-dsa> (Minor issue)
[buster] - faust <no-dsa> (Minor issue)
+ [stretch] - faust <postponed> (Minor issue, no patch/acknowledgment yet)
NOTE: https://github.com/grame-cncm/faust/issues/653
CVE-2021-41735
RESERVED
@@ -79897,10 +79900,12 @@ CVE-2021-23556 (The package guake before 3.8.5 are vulnerable to Exposed Dangero
- guake 3.8.5-1
[bullseye] - guake <no-dsa> (Minor issue)
[buster] - guake <no-dsa> (Minor issue)
+ [stretch] - guake <postponed> (Minor issue, unclear crossed security boundaries, no final fix yet)
NOTE: https://github.com/Guake/guake/commit/b769b3a5fd71a107c58679d217cccc971b4196b4 (3.8.2)
NOTE: https://github.com/Guake/guake/issues/1796
NOTE: https://github.com/Guake/guake/pull/2017
NOTE: https://snyk.io/vuln/SNYK-PYTHON-GUAKE-2386334
+ NOTE: Regression/reversion: https://github.com/Guake/guake/issues/2042
CVE-2021-23555 (The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via dire ...)
NOT-FOR-US: Node vm2
CVE-2021-23554
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c6872d22db04f7d6f2deb12e09040f1babb77c5...df3303798ba2f8fd951c082cdbb8f2b12d844f12
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c6872d22db04f7d6f2deb12e09040f1babb77c5...df3303798ba2f8fd951c082cdbb8f2b12d844f12
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220331/b8c1bdbc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list