[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2021-36489 as no-dsa for Buster

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sat Mar 11 18:36:45 GMT 2023 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
86c8c6fb by Thorsten Alteholz at 2023-03-11T19:13:06+01:00
mark CVE-2021-36489 as no-dsa for Buster

- - - - -
b49273d5 by Thorsten Alteholz at 2023-03-11T19:15:11+01:00
mark CVE-2021-37311 as no-dsa for Buster

- - - - -
c4b51c8c by Thorsten Alteholz at 2023-03-11T19:26:07+01:00
mark CVE-2023-0996 as no-dsa for Buster

- - - - -
b9ddbc55 by Thorsten Alteholz at 2023-03-11T19:33:54+01:00
mark CVE-2021-36647 as no-dsa for Buster

- - - - -
0a95a705 by Thorsten Alteholz at 2023-03-11T19:35:33+01:00
mark CVE-2023-0193 and CVE-2023-0196 as no-dsa for Buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4395,6 +4395,7 @@ CVE-2023-22293
 CVE-2023-0996 (There is a vulnerability in the strided image data parsing code in the ...)
 	- libheif 1.15.1-1 (bug #1032101)
 	[bullseye] - libheif <no-dsa> (Minor issue)
+	[buster] - libheif <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libheif/pull/759
 	NOTE: https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html
 CVE-2023-0995 (Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bum ...)
@@ -14477,6 +14478,7 @@ CVE-2023-0197
 CVE-2023-0196 (NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local use ...)
 	- nvidia-cuda-toolkit <unfixed> (bug #1032668)
 	[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
+	[buster] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5446
 CVE-2023-0195
 	RESERVED
@@ -14485,6 +14487,7 @@ CVE-2023-0194
 CVE-2023-0193 (NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a ...)
 	- nvidia-cuda-toolkit <unfixed> (bug #1032668)
 	[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
+	[buster] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5446
 CVE-2023-0192
 	RESERVED
@@ -124683,6 +124686,7 @@ CVE-2021-37312
 CVE-2021-37311 (Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to caus ...)
 	- fcitx5 5.0.9-1
 	[bullseye] - fcitx5 <no-dsa> (Minor issue)
+	[buster] - fcitx5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/fcitx/fcitx5/pull/308
 	NOTE: https://github.com/fcitx/fcitx5/commit/6393480542178623c0af7a7e76647a401264f227 (5.0.9)
 CVE-2021-37310
@@ -126310,6 +126314,7 @@ CVE-2021-36648
 CVE-2021-36647 (Use of a Broken or Risky Cryptographic Algorithm in the function mbedt ...)
 	- mbedtls 2.16.11-0.1
 	[bullseye] - mbedtls <no-dsa> (Minor issue)
+	[buster] - mbedtls <no-dsa> (Minor issue)
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1/
 CVE-2021-36646
 	RESERVED
@@ -126632,8 +126637,10 @@ CVE-2021-36490
 	RESERVED
 CVE-2021-36489 (Buffer Overflow vulnerability in Allegro through 5.2.6 allows attacker ...)
 	- allegro4.4 <unfixed> (bug #1032670)
+	[buster] - allegro4.4 <no-dsa> (Minor issue)
 	- allegro5 2:5.2.8.0-1
 	[bullseye] - allegro5 <no-dsa> (Minor issue)
+	[buster] - allegro5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/liballeg/allegro5/issues/1251
 	NOTE: https://github.com/liballeg/allegro5/pull/1253
 	NOTE: https://github.com/liballeg/allegro5/commit/3f2dbd494241774d33aaf83910fd05b2a590604a (5.2.8.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d764bd636a498dbb8d5653e047ef2196ca5d554e...0a95a705b2b7cec3837df8f08d211572c027e3cc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d764bd636a498dbb8d5653e047ef2196ca5d554e...0a95a705b2b7cec3837df8f08d211572c027e3cc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230311/6c4e39f0/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list