[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff Sun, 10 Jan 2021 14:44:47 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3f69e6dd by Moritz Muehlenhoff at 2021-01-10T23:41:26+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15561,6 +15561,7 @@ CVE-2021-1056 (NVIDIA GPU Display Driver for Linux, all 
versions, contains a vul
        [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        [stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #979671)
+       [bullseye] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free 
not supported, no updates provided by Nvidia for 340)
        [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not 
supported)
        [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not 
supported)
        - nvidia-graphics-drivers-legacy-390xx 390.141-1 (bug #979672)
@@ -100218,6 +100219,7 @@ CVE-2019-15053 (The "HTML Include and replace macro" 
plugin before 1.5.0 for Con
        NOT-FOR-US: "HTML Include and replace macro" plugin for Confluence 
Server
 CVE-2019-15052 (The HTTP client in Gradle before 5.6 sends authentication 
credentials  ...)
        - gradle <unfixed> (low; bug #941187)
+       [bullseye] - gradle <no-dsa> (Minor issue)
        [buster] - gradle <no-dsa> (Minor issue)
        [stretch] - gradle <no-dsa> (Minor issue)
        [jessie] - gradle <postponed> (Minor issue, old gradle mainly used for 
building Debian packages with system libraries)
@@ -110080,6 +110082,7 @@ CVE-2019-12215 (** DISPUTED ** A full path disclosure 
vulnerability was discover
        - matomo <itp> (bug #448532)
 CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of 
mishand ...)
        - freeimage <unfixed> (bug #947478)
+       [bullseye] - freeimage <postponed> (Revisit when upstream fixes are 
available)
        [buster] - freeimage <postponed> (Revisit when upstream fixes are 
available)
        [stretch] - freeimage <postponed> (Revisit when upstream fixes are 
available)
        [jessie] - freeimage <postponed> (Revisit when upstream fixes are 
available)
@@ -110096,6 +110099,7 @@ CVE-2019-12213 (When FreeImage 3.18.0 reads a special 
TIFF file, the TIFFReadDir
        NOTE: https://sourceforge.net/p/freeimage/svn/1825/
 CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the 
StreamCalcIFDSize  ...)
        - freeimage <unfixed> (bug #947477)
+       [bullseye] - freeimage <postponed> (Revisit when upstream fixes are 
available)
        [buster] - freeimage <postponed> (Revisit when upstream fixes are 
available)
        [stretch] - freeimage <postponed> (Revisit when upstream fixes are 
available)
        [jessie] - freeimage <postponed> (Revisit when upstream fixes are 
available)
@@ -175346,6 +175350,7 @@ CVE-2017-18227 (TitanHQ WebTitan Gateway has 
incorrect certificate validation fo
        NOT-FOR-US: TitanHQ WebTitan Gateway
 CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the 
ownership of ...)
        - jabberd2 <unfixed> (low; bug #902783)
+       [bullseye] - jabberd2 <ignored> (Minor issue, default init system not 
affected)
        [buster] - jabberd2 <ignored> (Minor issue, default init system not 
affected)
        [stretch] - jabberd2 <ignored> (Minor issue, default init system not 
affected)
        NOTE: https://bugs.gentoo.org/631068
@@ -195169,15 +195174,12 @@ CVE-2017-17508 (In HDF5 1.10.1, there is a 
divide-by-zero vulnerability in the f
        NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
        NOTE: 
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/0a7128c0d5bd035288be7b02ca9cf9bba321aadd
 CVE-2017-17507 (In HDF5 1.10.1, there is an out of bounds read vulnerability 
in the fu ...)
-       - hdf5 <unfixed> (low; bug #915807)
-       [buster] - hdf5 <no-dsa> (Minor issue, requires ABI change)
-       [stretch] - hdf5 <no-dsa> (Minor issue)
-       [jessie] - hdf5 <no-dsa> (Minor issue)
-       [wheezy] - hdf5 <no-dsa> (Minor issue)
+       - hdf5 <unfixed> (unimportant; bug #915807)
        NOTE: POC: 
https://github.com/xiaoqx/pocs/blob/master/hdf5/3-hdf5-outbound-read-H5T_conv_struct_opt
        NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
        NOTE: Fixing the bug requires an ABI changes thus upstream will only 
include a fix
        NOTE: on a major version bump.
+       NOTE: Negligible security impact
 CVE-2017-17506 (In HDF5 1.10.1, there is an out of bounds read vulnerability 
in the fu ...)
        - hdf5 1.10.4+repack-1 (bug #884365)
        [stretch] - hdf5 <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f69e6dd29cb41a89b5e9383de86df39f657df20

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f69e6dd29cb41a89b5e9383de86df39f657df20
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to