[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff Sat, 09 Jan 2021 15:35:44 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0abec4fc by Moritz Mühlenhoff at 2021-01-10T00:35:19+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19364,6 +19364,7 @@ CVE-2018-21269 (checkpath in OpenRC through 0.42.1 
might allow local users to ta
        [stretch] - openrc <no-dsa> (Minor issue)
        NOTE: https://github.com/OpenRC/openrc/issues/201
        NOTE: http://michael.orlitzky.com/cves/cve-2018-21269.xhtml
+       NOTE: 
https://github.com/OpenRC/openrc/commit/b6fef599bf8493480664b766040fa9b0d4b1e335
 CVE-2020-27734
        RESERVED
 CVE-2020-27733
@@ -72529,7 +72530,8 @@ CVE-2020-5967 (NVIDIA Linux GPU Display Driver, all 
versions, contains a vulnera
        - nvidia-graphics-drivers-legacy-390xx 390.138-1 (bug #963908)
        [buster] - nvidia-graphics-drivers-legacy-390xx 390.138-1~deb10u1
        - nvidia-graphics-drivers-legacy-340xx <unfixed>
-       [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not 
supported)
+       [bullseye] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free 
not supported, no updates provided by Nvidia for 340)
+       [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not 
supported, no updates provided by Nvidia for 340)
        [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not 
supported)
        - nvidia-graphics-drivers-legacy-304xx <unfixed>
        [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not 
supported)
@@ -72551,7 +72553,8 @@ CVE-2020-5963 (NVIDIA Windows GPU Display Driver, all 
versions, contains a vulne
        - nvidia-graphics-drivers-legacy-390xx 390.138-1 (bug #963908)
        [buster] - nvidia-graphics-drivers-legacy-390xx 390.138-1~deb10u1
        - nvidia-graphics-drivers-legacy-340xx <unfixed>
-       [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not 
supported)
+       [bullseye] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free 
not supported, no updates provided by Nvidia for 340)
+       [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not 
supported, no updates provided by Nvidia for 340)
        [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not 
supported)
        - nvidia-graphics-drivers-legacy-304xx <unfixed>
        [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not 
supported)
@@ -181087,7 +181090,8 @@ CVE-2018-6260 (NVIDIA graphics driver contains a 
vulnerability that may allow ac
        - nvidia-graphics-drivers-legacy-390xx 390.116-1
        [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not 
supported)
        - nvidia-graphics-drivers-legacy-340xx <unfixed>
-       [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not 
supported)
+       [bullseye] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free 
not supported, no updates provided by Nvidia for 340)
+       [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not 
supported, no updates provided by Nvidia for 340)
        [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free 
not supported)
        - nvidia-graphics-drivers-legacy-304xx <unfixed>
        [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free 
not supported)
@@ -181112,6 +181116,7 @@ CVE-2018-6253 (NVIDIA GPU Display Driver contains a 
vulnerability in the DirectX
        [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        [wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not 
supported)
        - nvidia-graphics-drivers-legacy-340xx <unfixed>
+       [bullseye] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free 
not supported, no updates provided by Nvidia for 340)
        [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not 
supported, no updates provided by Nvidia for 340)
        [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free 
not supported)
        - nvidia-graphics-drivers-legacy-304xx <unfixed>
@@ -181130,6 +181135,7 @@ CVE-2018-6249 (NVIDIA GPU Display Driver contains a 
vulnerability in kernel mode
        [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        [wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not 
supported)
        - nvidia-graphics-drivers-legacy-340xx <unfixed>
+       [bullseye] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free 
not supported, no updates provided by Nvidia for 340)
        [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not 
supported, no updates provided by Nvidia for 340)
        [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free 
not supported)
        - nvidia-graphics-drivers-legacy-304xx <unfixed>
@@ -233039,6 +233045,7 @@ CVE-2017-6272 (NVIDIA GPU Display Driver contains a 
vulnerability in the kernel
        [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        [wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not 
supported)
        - nvidia-graphics-drivers-legacy-340xx <unfixed>
+       [bullseye] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free 
not supported, no updates provided by Nvidia for 340)
        [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not 
supported, no updates provided by Nvidia for 340)
        [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free 
not supported)
        - nvidia-graphics-drivers-legacy-304xx <unfixed>
@@ -233060,6 +233067,7 @@ CVE-2017-6267 (NVIDIA GPU Display Driver contains a 
vulnerability in the kernel
        [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        [wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not 
supported)
        - nvidia-graphics-drivers-legacy-340xx <unfixed>
+       [bullseye] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free 
not supported, no updates provided by Nvidia for 340)
        [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not 
supported, no updates provided by Nvidia for 340)
        [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free 
not supported)
        - nvidia-graphics-drivers-legacy-304xx <unfixed>
@@ -233073,6 +233081,7 @@ CVE-2017-6266 (NVIDIA GPU Display Driver contains a 
vulnerability in the kernel
        [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        [wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not 
supported)
        - nvidia-graphics-drivers-legacy-340xx <unfixed>
+       [bullseye] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free 
not supported, no updates provided by Nvidia for 340)
        [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not 
supported, no updates provided by Nvidia for 340)
        [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free 
not supported)
        - nvidia-graphics-drivers-legacy-304xx <unfixed>
@@ -350788,6 +350797,7 @@ CVE-2013-0338 (libxml2 2.9.0 and earlier allows 
context-dependent attackers to c
        - libxml2 2.8.0+dfsg1-7+nmu1 (bug #702260)
 CVE-2013-0337 (The default configuration of nginx, possibly 1.3.13 and 
earlier, uses  ...)
        - nginx <unfixed> (low; bug #701112)
+       [bullseye] - nginx <ignored> (Minor issue)
        [buster] - nginx <ignored> (Minor issue)
        [stretch] - nginx <ignored> (Minor issue)
        [jessie] - nginx <ignored> (Minor issue)
@@ -365368,13 +365378,8 @@ CVE-2012-1097 (The regset (aka register set) feature 
in the Linux kernel before
        {DSA-2443-1}
        - linux-2.6 3.2.10-1 (low)
 CVE-2012-1096 (NetworkManager 0.9 and earlier allows local users to use other 
users'  ...)
-       - network-manager <unfixed> (low; bug #684259)
-       [buster] - network-manager <ignored> (Minor issue)
-       [stretch] - network-manager <ignored> (Minor issue)
-       [jessie] - network-manager <ignored> (Minor issue)
-       [wheezy] - network-manager <ignored> (Minor issue)
-       [squeeze] - network-manager <no-dsa> (Minor issue)
-       NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=793329
+       NOTE: Design limitation, not treated as a security issue by upstream:
+       NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=793329#c1
 CVE-2012-1095 (osc before 0.134 might allow remote OBS repository servers or 
package  ...)
        - osc 0.134.0-1 (unimportant)
        NOTE: This is ultimately a bug in the respectice terminal emulations 
and not a vulnerability in osc



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0abec4fcd17dd321a1cb505b1a2b6f7926fd51d4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0abec4fcd17dd321a1cb505b1a2b6f7926fd51d4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to