Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
504892bc by Moritz Muehlenhoff at 2021-03-16T22:50:10+01:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2259,6 +2259,7 @@ CVE-2021-27646 (Use After Free vulnerability in
iscsi_snapshot_comm_core in Syno
NOT-FOR-US: Synology
CVE-2021-27645 (The nameserver caching daemon (nscd) in the GNU C Library (aka
glibc o ...)
- glibc <unfixed> (bug #983479)
+ [bullseye] - glibc <no-dsa> (Minor issue)
[buster] - glibc <no-dsa> (Minor issue)
[stretch] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27462
@@ -2911,9 +2912,12 @@ CVE-2021-27353
CVE-2021-27352
RESERVED
CVE-2021-27351 (The Terminate Session feature in the Telegram application
through 7.2. ...)
- - telegram-desktop <unfixed>
- [buster] - telegram-desktop <ignored> (Minor issue)
+ - telegram-desktop 2.6.1-1
+ [buster] - telegram-desktop <not-affected> (Vulnerable code not present)
NOTE: https://0ffsecninja.github.io/Telegram:CVE-2021-2735.html
+ NOTE: Probably fixed earlier than 2.6.1, but marking that fixed in
absence of further details
+ NOTE: (maintainer reached out to upstream for confirmation that 2.6.1
is fixed and buster
+ NOTE: not affected)
CVE-2021-27350
RESERVED
CVE-2021-27349
@@ -5497,6 +5501,7 @@ CVE-2021-26273
RESERVED
CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6)
2.32 and ...)
- glibc <unfixed> (bug #981198)
+ [bullseye] - glibc <no-dsa> (Minor issue)
[buster] - glibc <no-dsa> (Minor issue)
[stretch] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27256
@@ -20582,7 +20587,6 @@ CVE-2021-20201 [Client initiated renegotiation denial
of service]
NOTE:
https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749
NOTE:
https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9
NOTE:
https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
- TODO: check details
CVE-2021-20200
RESERVED
NOTE: Red Hat duplicate assignment for CVE-2020-29369, should be
rejected, contacted CNA
@@ -31080,7 +31084,8 @@ CVE-2020-27821 (A flaw was found in the memory
management API of QEMU during the
NOTE: Introduced by:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=48564041a73adbbff52834f9edbe3806fceefab7
(v3.0)
CVE-2020-27820 [use-after-free in nouveau kernel module]
RESERVED
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
+ NOTE: No security impact, requires physical access to the computer
CVE-2020-27819 (An issue was discovered in libxls before and including 1.6.1
when read ...)
- r-cran-readxl <not-affected> (Embeds libxls, but not affected)
NOTE: https://github.com/libxls/libxls/issues/84
@@ -36643,18 +36648,26 @@ CVE-2020-25674 (WriteOnePNGImage() from coders/png.c
(the PNG coder) has a for l
CVE-2020-25673
RESERVED
- linux <unfixed>
+ [bullseye] - linux <postponed> (Minor issue, revisit once fixed
upstream)
+ [buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
CVE-2020-25672
RESERVED
- linux <unfixed>
+ [bullseye] - linux <postponed> (Minor issue, revisit once fixed
upstream)
+ [buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
CVE-2020-25671
RESERVED
- linux <unfixed>
+ [bullseye] - linux <postponed> (Minor issue, revisit once fixed
upstream)
+ [buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
CVE-2020-25670
RESERVED
- linux <unfixed>
+ [bullseye] - linux <postponed> (Minor issue, revisit once fixed
upstream)
+ [buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
CVE-2020-25669
RESERVED
@@ -67856,6 +67869,8 @@ CVE-2020-11988 (Apache XmlGraphics Commons 2.4 is
vulnerable to server-side requ
NOTE: https://issues.apache.org/jira/browse/XGC-122
CVE-2020-11987 (Apache Batik 1.13 is vulnerable to server-side request
forgery, caused ...)
- batik <unfixed> (bug #984829)
+ [bullseye] - batik <no-dsa> (Minor issue)
+ [buster] - batik <no-dsa> (Minor issue)
[stretch] - batik <no-dsa> (Minor issue)
NOTE:
https://github.com/apache/xmlgraphics-batik/commit/0ef5b661a1f77772d1110877ea9e0287987098f6
CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need
to be ex ...)
@@ -96365,6 +96380,8 @@ CVE-2019-19450
RESERVED
CVE-2019-19449 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem
image c ...)
- linux <unfixed>
+ [bullseye] - linux <postponed> (Minor issue, revisit once fixed
upstream)
+ [buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449
CVE-2019-19448 (In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted
btrfs filesy ...)
{DLA-2420-1 DLA-2385-1}
@@ -187924,6 +187941,7 @@ CVE-2018-8003 (Apache Ambari, versions 1.4.0 to
2.6.1, is susceptible to a direc
NOT-FOR-US: Apache Ambari
CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in
PdfPar ...)
- libpodofo <unfixed> (low; bug #892557)
+ [bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/504892bcd782e14d75fcf409f32fbb8d51382ec8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/504892bcd782e14d75fcf409f32fbb8d51382ec8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
