Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2fb33b95 by Moritz Muehlenhoff at 2021-03-06T21:06:43+01:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1802,6 +1802,7 @@ CVE-2021-27212 (In OpenLDAP through 2.4.57 and 2.5.x
through 2.5.1alpha, an asse
NOTE: REL_ENG 2.4.x:
https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30
CVE-2021-27211 (steghide 0.5.1 relies on a certain 32-bit seed value, which
makes it e ...)
- steghide <unfixed> (bug #983267)
+ [bullseye] - steghide <no-dsa> (Minor issue)
[buster] - steghide <no-dsa> (Minor issue)
[stretch] - steghide <postponed> (Minor issue; can be fixed in next DLA)
NOTE: https://github.com/b4shfire/stegcrack
@@ -15325,6 +15326,8 @@ CVE-2019-25011 (NetBox through 2.6.2 allows an
Authenticated User to conduct an
NOT-FOR-US: NetBox
CVE-2019-25010 (An issue was discovered in the failure crate through
2019-11-13 for Ru ...)
- rust-failure <unfixed>
+ [bullseye] - rust-failure <no-dsa> (Minor issue,
unmaintained/deprecated upstream)
+ [buster] - rust-failure <no-dsa> (Minor issue, unmaintained/deprecated
upstream)
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0036.html
CVE-2019-25009 (An issue was discovered in the http crate before 0.1.20 for
Rust. The ...)
- rust-http <unfixed>
@@ -36334,6 +36337,7 @@ CVE-2020-25574 (An issue was discovered in the http
crate before 0.1.20 for Rust
NOTE: https://github.com/hyperium/http/issues/352
CVE-2020-25575 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the
failure ...)
- rust-failure <unfixed> (bug #969839; low)
+ [bullseye] - rust-failure <ignored> (Minor issue; unmaintained upstream)
[buster] - rust-failure <ignored> (Minor issue; unmaintained upstream)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0036.html
NOTE: https://github.com/rust-lang-nursery/failure/issues/336
@@ -74204,6 +74208,7 @@ CVE-2020-9490 (Apache HTTP Server versions 2.4.20 to
2.4.43. A specially crafted
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2030
CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit
in Tika' ...)
- tika <unfixed>
+ [bullseye] - tika <no-dsa> (Minor issue)
[buster] - tika <no-dsa> (Minor issue)
[jessie] - tika <ignored> (the fix is too invasive to backport)
NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/1
@@ -92712,11 +92717,9 @@ CVE-2019-19650 (Zoho ManageEngine Applications Manager
before 13640 allows a rem
CVE-2019-19649 (Zoho ManageEngine Applications Manager before 13620 allows a
remote un ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2019-19648 (In the macho_parse_file functionality in macho/macho.c of YARA
3.11.0, ...)
- - yara <unfixed>
- [buster] - yara <no-dsa> (Minor issue)
- [stretch] - yara <no-dsa> (Minor issue)
- [jessie] - yara <no-dsa> (Minor issue)
+ - yara <unfixed> (unimportant)
NOTE: https://github.com/VirusTotal/yara/issues/1178
+ NOTE: Negligible security impact
CVE-2019-19647 (radare2 through 4.0.0 lacks validation of the content variable
in the ...)
- radare2 4.2.1+dfsg-1 (bug #947402)
[jessie] - radare2 <no-dsa> (Minor issue)
@@ -170375,6 +170378,7 @@ CVE-2018-14029 (CSRF vulnerability in admin/user/edit
in Creatiwity wityCMS 0.6.
NOT-FOR-US: Creatiwity wityCMS
CVE-2018-14028 (In WordPress 4.9.7, plugins uploaded via the admin area are
not verifi ...)
- wordpress <unfixed> (bug #906565)
+ [bullseye] - wordpress <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - wordpress <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - wordpress <postponed> (Minor issue, no sanctioned patch)
[jessie] - wordpress <postponed> (Minor issue, no sanctioned patch)
@@ -214816,6 +214820,7 @@ CVE-2017-15638 (The SuSEfirewall2 package before
3.6.312-2.13.1 in SUSE Linux En
NOT-FOR-US: SuSEfirewall2 in SUSE
CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing
algorit ...)
- wordpress <unfixed> (bug #880868)
+ [bullseye] - wordpress <postponed> (Minor issue, can be revisited with
upstream has picked a new hashing solution)
[buster] - wordpress <postponed> (Minor issue, can be revisited with
upstream has picked a new hashing solution)
[stretch] - wordpress <postponed> (Minor issue, can be revisited with
upstream has picked a new hashing solution)
[jessie] - wordpress <postponed> (Minor issue, can be revisited with
upstream has picked a new hashing solution)
@@ -228503,6 +228508,7 @@ CVE-2017-1000048 (the web framework using ljharb's qs
module older than v6.3.2,
NOT-FOR-US: ljharb
CVE-2017-1000047 (rbenv (all current versions) is vulnerable to Directory
Traversal in t ...)
- rbenv <unfixed> (bug #869702)
+ [bullseye] - rbenv <no-dsa> (Minor issue)
[buster] - rbenv <no-dsa> (Minor issue)
[stretch] - rbenv <no-dsa> (Minor issue)
[jessie] - rbenv <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fb33b950924855489cd84a17b0da335cf6178f3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fb33b950924855489cd84a17b0da335cf6178f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
