[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff Wed, 09 Dec 2020 09:10:43 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c932c2dd by Moritz Muehlenhoff at 2020-12-09T18:10:10+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -58898,31 +58898,38 @@ CVE-2020-6624 (jhead through 3.04 has a heap-based 
buffer over-read in process_D
        NOTE: Crash in CLI tool, no security impact
 CVE-2020-6623 (stb stb_truetype.h through 1.22 has an assertion failure in 
stbtt__cff ...)
        - libstb <unfixed> (low; bug #949560)
+       [bullseye] - libstb <no-dsa> (Minor issue)
        [buster] - libstb <no-dsa> (Minor issue)
        NOTE: https://github.com/nothings/stb/issues/865
        NOTE: Potentially affects mame, embree, libtcod, sumo, goxel, mesa, 
godot, dart
 CVE-2020-6622 (stb stb_truetype.h through 1.22 has a heap-based buffer 
over-read in s ...)
        - libstb <unfixed> (low; bug #949559)
+       [bullseye] - libstb <no-dsa> (Minor issue)
        [buster] - libstb <no-dsa> (Minor issue)
        NOTE: https://github.com/nothings/stb/issues/869
 CVE-2020-6621 (stb stb_truetype.h through 1.22 has a heap-based buffer 
over-read in t ...)
        - libstb <unfixed> (low; bug #949558)
+       [bullseye] - libstb <no-dsa> (Minor issue)
        [buster] - libstb <no-dsa> (Minor issue)
        NOTE: https://github.com/nothings/stb/issues/867
 CVE-2020-6620 (stb stb_truetype.h through 1.22 has a heap-based buffer 
over-read in s ...)
        - libstb <unfixed> (low; bug #949557)
+       [bullseye] - libstb <no-dsa> (Minor issue)
        [buster] - libstb <no-dsa> (Minor issue)
        NOTE: https://github.com/nothings/stb/issues/868
 CVE-2020-6619 (stb stb_truetype.h through 1.22 has an assertion failure in 
stbtt__buf ...)
        - libstb <unfixed> (low; bug #949556)
+       [bullseye] - libstb <no-dsa> (Minor issue)
        [buster] - libstb <no-dsa> (Minor issue)
        NOTE: https://github.com/nothings/stb/issues/863
 CVE-2020-6618 (stb stb_truetype.h through 1.22 has a heap-based buffer 
over-read in s ...)
        - libstb <unfixed> (low; bug #949555)
+       [bullseye] - libstb <no-dsa> (Minor issue)
        [buster] - libstb <no-dsa> (Minor issue)
        NOTE: https://github.com/nothings/stb/issues/866
 CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in 
stbtt__cff ...)
        - libstb <unfixed> (low; bug #949554)
+       [bullseye] - libstb <no-dsa> (Minor issue)
        [buster] - libstb <no-dsa> (Minor issue)
        NOTE: https://github.com/nothings/stb/issues/867
 CVE-2020-6616 (Some Broadcom chips mishandle Bluetooth random-number 
generation becau ...)
@@ -65761,6 +65768,7 @@ CVE-2019-20056 (stb_image.h (aka the stb image loader) 
2.23, as used in libsixel
        [stretch] - libsixel <no-dsa> (Minor issue)
        [jessie] - libsixel <no-dsa> (Minor issue)
        - libstb <unfixed> (low)
+       [bullseye] - libstb <no-dsa> (Minor issue)
        [buster] - libstb <no-dsa> (Minor issue)
        NOTE: libsixel PR: https://github.com/saitoha/libsixel/issues/126
        NOTE: libsixel patch: 
https://github.com/saitoha/libsixel/commit/814f831555ea2492d442e784ab5d594f6a8e2e8d
@@ -88327,6 +88335,7 @@ CVE-2019-15059
        RESERVED
 CVE-2019-15058 (stb_image.h (aka the stb image loader) 2.23 has a heap-based 
buffer ov ...)
        - libstb <unfixed> (bug #934973)
+       [bullseye] - libstb <no-dsa> (Minor issue)
        [buster] - libstb <no-dsa> (Minor issue)
        NOTE: https://github.com/nothings/stb/issues/790
        NOTE: Potentially also affects libsixel, mame, libsfml, love, 
zynaddsubfx, yquake2, ccextractor, zam-plugins, osgearth, catimg, darknet, gem, 
retroarch, renderdoc, goxel
@@ -89770,8 +89779,7 @@ CVE-2019-14665 (Brandy 1.20.1 has a heap-based buffer 
overflow in define_array i
        NOTE: https://sourceforge.net/p/brandy/bugs/8/
        NOTE: Negligible security impact
 CVE-2019-14664 (In Enigmail below 2.1, an attacker in possession of PGP 
encrypted emai ...)
-       - enigmail <unfixed>
-       [buster] - enigmail <ignored> (Minor issue and too intrusive to 
backport)
+       - enigmail 2:2.1.3+ds1-1
        [jessie] - enigmail <end-of-life> (see 
https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
        NOTE: https://sourceforge.net/p/enigmail/bugs/984/
 CVE-2019-14663 (Brandy 1.20.1 has a stack-based buffer overflow in 
fileio_openin in fi ...)
@@ -109973,19 +109981,26 @@ CVE-2019-8431
 CVE-2019-8430
        RESERVED
 CVE-2019-8429 (ZoneMinder before 1.32.3 has SQL Injection via the 
ajax/status.php fil ...)
-       - zoneminder <unfixed> (bug #922724)
+       - zoneminder <unfixed> (unimportant; bug #922724)
+       NOTE: See README.Debian.security, only supported behind an 
authenticated HTTP zone
 CVE-2019-8428 (ZoneMinder before 1.32.3 has SQL Injection via the 
skins/classic/views ...)
-       - zoneminder <unfixed> (bug #922724)
+       - zoneminder <unfixed> (unimportant; bug #922724)
+       NOTE: See README.Debian.security, only supported behind an 
authenticated HTTP zone
 CVE-2019-8427 (daemonControl in includes/functions.php in ZoneMinder before 
1.32.3 al ...)
-       - zoneminder <unfixed> (bug #922724)
+       - zoneminder <unfixed> (unimportant; bug #922724)
+       NOTE: See README.Debian.security, only supported behind an 
authenticated HTTP zone
 CVE-2019-8426 (skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 
has XSS ...)
-       - zoneminder <unfixed> (bug #922724)
+       - zoneminder <unfixed> (unimportant; bug #922724)
+       NOTE: See README.Debian.security, only supported behind an 
authenticated HTTP zone
 CVE-2019-8425 (includes/database.php in ZoneMinder before 1.32.3 has XSS in 
the const ...)
-       - zoneminder <unfixed> (bug #922724)
+       - zoneminder <unfixed> (unimportant; bug #922724)
+       NOTE: See README.Debian.security, only supported behind an 
authenticated HTTP zone
 CVE-2019-8424 (ZoneMinder before 1.32.3 has SQL Injection via the 
ajax/status.php sor ...)
-       - zoneminder <unfixed> (bug #922724)
+       - zoneminder <unfixed> (unimportant; bug #922724)
+       NOTE: See README.Debian.security, only supported behind an 
authenticated HTTP zone
 CVE-2019-8423 (ZoneMinder through 1.32.3 has SQL Injection via the 
skins/classic/view ...)
-       - zoneminder <unfixed> (bug #922724)
+       - zoneminder <unfixed> (unimportant; bug #922724)
+       NOTE: See README.Debian.security, only supported behind an 
authenticated HTTP zone
 CVE-2019-8422 (A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the 
descri ...)
        NOT-FOR-US: PbootCMS
 CVE-2019-8421 (upload/protected/modules/admini/views/post/index.php in BageCMS 
throug ...)
@@ -153661,25 +153676,29 @@ CVE-2018-11741 (NEC Univerge Sv9100 WebPro 6.00.00 
devices have Predictable Sess
        NOT-FOR-US: NEC Univerge Sv9100 WebPro devices
 CVE-2018-11740 (An issue was discovered in libtskbase.a in The Sleuth Kit 
(TSK) from r ...)
        - sleuthkit <unfixed> (low; bug #902187)
-       [buster] - sleuthkit <no-dsa> (Minor issue)
+       [bullseye] - sleuthkit <ignored> (Minor issue)
+       [buster] - sleuthkit <ignored> (Minor issue)
        [stretch] - sleuthkit <no-dsa> (Minor issue)
        [jessie] - sleuthkit <no-dsa> (Minor issue)
        NOTE: https://github.com/sleuthkit/sleuthkit/issues/1264
 CVE-2018-11739 (An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) 
from re ...)
        - sleuthkit <unfixed> (low; bug #902187)
-       [buster] - sleuthkit <no-dsa> (Minor issue)
+       [bullseye] - sleuthkit <ignored> (Minor issue)
+       [buster] - sleuthkit <ignored> (Minor issue)
        [stretch] - sleuthkit <no-dsa> (Minor issue)
        [jessie] - sleuthkit <no-dsa> (Minor issue)
        NOTE: https://github.com/sleuthkit/sleuthkit/issues/1267
 CVE-2018-11738 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) 
from rel ...)
        - sleuthkit <unfixed> (low; bug #902187)
-       [buster] - sleuthkit <no-dsa> (Minor issue)
+       [bullseye] - sleuthkit <ignored> (Minor issue)
+       [buster] - sleuthkit <ignored> (Minor issue)
        [stretch] - sleuthkit <no-dsa> (Minor issue)
        [jessie] - sleuthkit <no-dsa> (Minor issue)
        NOTE: https://github.com/sleuthkit/sleuthkit/issues/1265
 CVE-2018-11737 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) 
from rel ...)
        - sleuthkit <unfixed> (low; bug #902187)
-       [buster] - sleuthkit <no-dsa> (Minor issue)
+       [bullseye] - sleuthkit <ignored> (Minor issue)
+       [buster] - sleuthkit <ignored> (Minor issue)
        [stretch] - sleuthkit <no-dsa> (Minor issue)
        [jessie] - sleuthkit <no-dsa> (Minor issue)
        NOTE: https://github.com/sleuthkit/sleuthkit/issues/1266



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c932c2dd4dd07defc90b9b7f3ee24c160e1cd79b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c932c2dd4dd07defc90b9b7f3ee24c160e1cd79b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to