[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff Fri, 12 Mar 2021 09:57:47 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
270ca809 by Moritz Muehlenhoff at 2021-03-12T18:57:18+01:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1154,6 +1154,7 @@ CVE-2020-35358
 CVE-2021-27803 (A vulnerability was discovered in how p2p/p2p_pd.c in 
wpa_supplicant b ...)
        {DLA-2581-1}
        - wpa 2:2.9.0-21
+       [buster] - wpa <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2021/02/25/3
        NOTE: 
https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
        NOTE: 
https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
@@ -19149,6 +19150,7 @@ CVE-2021-20329
        RESERVED
 CVE-2021-20328 (Specific versions of the Java driver that support client-side 
field le ...)
        - mongo-java-driver <unfixed>
+       [buster] - mongo-java-driver <no-dsa> (Minor issue)
        [stretch] - mongo-java-driver <no-dsa> (Minor issue)
        NOTE: https://jira.mongodb.org/browse/JAVA-4017
        NOTE: 
https://github.com/mongodb/mongo-java-driver/commit/60d87d5a76645a331a77ccc45ef7c67aac88b234
@@ -26858,6 +26860,7 @@ CVE-2020-28484
        RESERVED
 CVE-2020-28483 (This affects all versions of package github.com/gin-gonic/gin. 
When gi ...)
        - golang-github-gin-gonic-gin <unfixed>
+       [buster] - golang-github-gin-gonic-gin <no-dsa> (Minor issue)
        NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736
        NOTE: https://github.com/gin-gonic/gin/pull/2474#issuecomment-729696437
        NOTE: 
https://github.com/gin-gonic/gin/commit/c9ea8ece4a3881028f7f715f008414346a7f4b88
@@ -35310,14 +35313,17 @@ CVE-2020-25790 (** DISPUTED ** Typesetter CMS 5.x 
through 5.1 allows admins to u
        NOT-FOR-US: Typesetter CMS
 CVE-2020-25789 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 
2020-09-1 ...)
        - tt-rss 21~git20210204.b4cbc79+dfsg-1 (bug #970633)
+       [buster] - tt-rss <no-dsa> (Minor issue)
        NOTE: 
https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
        NOTE: 
https://git.tt-rss.org/fox/tt-rss/commit/da5af2fae091041cca27b24b6f0e69e4a6d0dc60
 CVE-2020-25788 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 
2020-09-1 ...)
        - tt-rss 21~git20210204.b4cbc79+dfsg-1 (bug #970633)
+       [buster] - tt-rss <no-dsa> (Minor issue)
        NOTE: 
https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
        NOTE: 
https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
 CVE-2020-25787 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 
2020-09-1 ...)
        - tt-rss 21~git20210204.b4cbc79+dfsg-1 (bug #970633)
+       [buster] - tt-rss <no-dsa> (Minor issue)
        NOTE: 
https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
        NOTE: 
https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
 CVE-2020-25786 (** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link 
DIR-816L  ...)
@@ -52543,6 +52549,7 @@ CVE-2020-17522 (When ORT (now via atstccfg) generates 
ip_allow.config files in A
        NOT-FOR-US: Apache Traffic Control
 CVE-2020-17521 (Apache Groovy provides extension methods to aid with creating 
temporar ...)
        - groovy 2.4.21-1 (bug #977399)
+       [buster] - groovy <no-dsa> (Minor issue)
        [stretch] - groovy <no-dsa> (Minor issue)
        - groovy2 <removed>
        NOTE: https://issues.apache.org/jira/browse/GROOVY-9824
@@ -77754,17 +77761,20 @@ CVE-2020-8287 (Node.js versions before 10.23.1, 
12.20.1, 14.15.4, 15.5.1 allow t
 CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check 
for cert ...)
        {DLA-2500-1}
        - curl 7.74.0-1 (bug #977161)
+       [buster] - curl <no-dsa> (Minor issue)
        NOTE: https://curl.se/docs/CVE-2020-8286.html
        NOTE: 
https://github.com/curl/curl/commit/d9d01672785b8ac04aab1abb6de95fe3072ae199 
(curl-7_74_0)
 CVE-2020-8285 (curl 7.21.0 to and including 7.73.0 is vulnerable to 
uncontrolled recu ...)
        {DLA-2500-1}
        - curl 7.74.0-1 (bug #977162)
+       [buster] - curl <no-dsa> (Minor issue)
        NOTE: https://curl.se/docs/CVE-2020-8285.html
        NOTE: https://github.com/curl/curl/issues/6255
        NOTE: 
https://github.com/curl/curl/commit/69a358f2186e04cf44698b5100332cbf1ee7f01d 
(curl-7_74_0)
 CVE-2020-8284 (A malicious server can use the FTP PASV response to trick curl 
7.73.0  ...)
        {DLA-2500-1}
        - curl 7.74.0-1 (bug #977163)
+       [buster] - curl <no-dsa> (Minor issue)
        NOTE: https://curl.se/docs/CVE-2020-8284.html
        NOTE: 
https://github.com/curl/curl/commit/ec9cc725d598ac77de7b6df8afeec292b3c8ad46 
(curl-7_74_0)
 CVE-2020-8283 (An authorised user on a Windows host running Citrix Universal 
Print Se ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -35,6 +35,8 @@ python-pysaml2 (jmm)
 --
 salt
 --
+tiff (jmm)
+--
 tomcat9
 --
 xen (jmm)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/270ca809733d06313eb5f7c4018b99ba4e2ddbd0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/270ca809733d06313eb5f7c4018b99ba4e2ddbd0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster triage

Reply via email to