Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
de235543 by Moritz Muehlenhoff at 2021-03-22T17:56:51+01:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2408,6 +2408,7 @@ CVE-2021-27918 (encoding/xml in Go before 1.15.9 and
1.16.x before 1.16.1 has an
NOTE: https://github.com/golang/go/issues/44913
CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper
overfl ...)
- newlib <unfixed> (bug #984446)
+ [bullseye] - newlib <no-dsa> (Minor issue)
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
- picolibc 1.5-1
@@ -21377,6 +21378,7 @@ CVE-2021-20197
CVE-2021-20196 [block: fdc: null pointer dereference may lead to guest crash]
RESERVED
- qemu <unfixed> (bug #984453)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Fix along in future DSA)
[stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919210
@@ -21405,6 +21407,7 @@ CVE-2021-20191
[buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1916813
NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227
+ NOTE:
https://github.com/ansible-collections/cisco.nxos/commit/120956963f47502151a358e4a7bc2a87f71813aa
CVE-2021-20190 (A flaw was found in jackson-databind before 2.9.10.7.
FasterXML mishan ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
@@ -21445,6 +21448,7 @@ CVE-2021-20180
[buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1915808
NOTE: https://github.com/ansible-collections/community.general/pull/1635
+ NOTE:
https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc
CVE-2021-20179 (A flaw was found in pki-core. An attacker who has successfully
comprom ...)
- dogtag-pki 10.10.2-2
NOTE: https://github.com/dogtagpki/pki/pull/3475
@@ -21454,6 +21458,7 @@ CVE-2021-20178 [user data leak in snmp_facts module]
[buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1914774
NOTE: https://github.com/ansible-collections/community.general/pull/1621
+ NOTE:
https://github.com/ansible-collections/community.general/commit/3560aeb12f7061bf21d63ca0e1e19feb99c57de3
CVE-2021-20177
RESERVED
{DSA-4843-1 DLA-2557-1}
@@ -28565,6 +28570,7 @@ CVE-2020-28492
REJECTED
CVE-2020-28491 (This affects the package
com.fasterxml.jackson.dataformat:jackson-data ...)
- jackson-dataformat-cbor <unfixed> (bug #983664)
+ [bullseye] - jackson-dataformat-cbor <no-dsa> (Minor issue)
[buster] - jackson-dataformat-cbor <no-dsa> (Minor issue)
[stretch] - jackson-dataformat-cbor <no-dsa> (Minor issue)
NOTE: https://people.debian.org/~abhijith/CVE-2020-28491.txt (stretch
fix)
@@ -87301,6 +87307,7 @@ CVE-2020-5239 (In Mailu before version 1.7, an
authenticated user can exploit a
NOT-FOR-US: Mailu
CVE-2020-5238 (The table extension in GitHub Flavored Markdown before version
0.29.0. ...)
- cmark-gfm <unfixed> (bug #965984)
+ [bullseye] - cmark-gfm <no-dsa> (Minor issue)
[buster] - cmark-gfm <no-dsa> (Minor issue)
- python-cmarkgfm <unfixed> (bug #965983)
[bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
@@ -92146,6 +92153,8 @@ CVE-2019-19815 (In the Linux kernel 5.0.21, mounting a
crafted f2fs filesystem i
[stretch] - linux 4.9.184-1
CVE-2019-19814 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem
image c ...)
- linux <unfixed>
+ [bullseye] - linux <no-dsa> (Minor issue)
+ [buster] - linux <no-dsa> (Minor issue)
CVE-2019-19813 (In the Linux kernel 5.0.21, mounting a crafted btrfs
filesystem image, ...)
{DLA-2586-1 DLA-2385-1}
- linux 5.2.6-1
@@ -97424,6 +97433,8 @@ CVE-2019-19379 (In app/Controller/TagsController.php in
MISP 2.4.118, users can
NOT-FOR-US: MISP
CVE-2019-19378 (In the Linux kernel 5.0.21, mounting a crafted btrfs
filesystem image ...)
- linux <unfixed>
+ [bullseye] - linux <no-dsa> (Minor issue)
+ [buster] - linux <no-dsa> (Minor issue)
CVE-2019-19377 (In the Linux kernel 5.0.21, mounting a crafted btrfs
filesystem image, ...)
{DLA-2483-1}
- linux 5.6.7-1
@@ -138640,6 +138651,7 @@ CVE-2019-6989 (TP-Link TL-WR940N is vulnerable to a
stack-based buffer overflow,
NOT-FOR-US: TP-Link
CVE-2019-6988 (An issue was discovered in OpenJPEG 2.3.0. It allows remote
attackers ...)
- openjpeg2 <unfixed> (low; bug #922648)
+ [bullseye] - openjpeg2 <ignored> (Minor issue)
[buster] - openjpeg2 <ignored> (Minor issue)
[stretch] - openjpeg2 <ignored> (Minor issue)
[jessie] - openjpeg2 <ignored> (Minor issue)
@@ -142743,6 +142755,7 @@ CVE-2019-5428
REJECTED
CVE-2019-5427 (c3p0 version < 0.9.5.4 may be exploited by a billion laughs
attack ...)
- c3p0 <unfixed> (low; bug #927936)
+ [bullseye] - c3p0 <no-dsa> (Minor issue)
[buster] - c3p0 <no-dsa> (Minor issue)
[stretch] - c3p0 <no-dsa> (Minor issue)
[jessie] - c3p0 <no-dsa> (Minor issue)
@@ -175199,6 +175212,7 @@ CVE-2018-12929 (ntfs_read_locked_inode in the ntfs.ko
filesystem driver in the L
[jessie] - linux <ignored> (ntfs is not supportable)
CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was
discovered ...)
- linux <unfixed> (low)
+ [bullseye] - linux <ignored> (Minor issue)
[buster] - linux <ignored> (Minor issue)
[stretch] - linux <ignored> (Minor issue)
- linux-4.9 <removed>
@@ -208649,6 +208663,7 @@ CVE-2018-1298 (A Denial of Service vulnerability was
found in Apache Qpid Broker
NOTE:
https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=4b9fb37
CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x
and 3. ...)
- jakarta-jmeter <unfixed> (low; bug #897259)
+ [bullseye] - jakarta-jmeter <ignored> (Minor issue, too intrusive to
backport)
[buster] - jakarta-jmeter <ignored> (Minor issue, too intrusive to
backport)
[stretch] - jakarta-jmeter <ignored> (Minor issue, too intrusive to
backport)
[jessie] - jakarta-jmeter <ignored> (Minor issue, too intrusive to
backport)
@@ -208677,6 +208692,7 @@ CVE-2018-1288 (In Apache Kafka 0.9.0.0 to 0.9.0.1,
0.10.0.0 to 0.10.2.1, 0.11.0.
- kafka <itp> (bug #786460)
CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only
(RMI ba ...)
- jakarta-jmeter <unfixed> (low)
+ [bullseye] - jakarta-jmeter <no-dsa> (Minor issue)
[buster] - jakarta-jmeter <no-dsa> (Minor issue)
[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
[jessie] - jakarta-jmeter <no-dsa> (Minor issue)
@@ -287399,6 +287415,7 @@ CVE-2016-2142 (Red Hat OpenShift Enterprise 3.1 uses
world-readable permissions
NOT-FOR-US: OpenShift
CVE-2016-2141 (JGroups before 4.0 does not require the proper headers for the
ENCRYPT ...)
- libjgroups-java <unfixed> (low; bug #867493)
+ [bullseye] - libjgroups-java <ignored> (Minor issue, only used as build
dep)
[buster] - libjgroups-java <ignored> (Minor issue, only used as build
dep)
[stretch] - libjgroups-java <ignored> (Minor issue, only used as build
dep)
[jessie] - libjgroups-java <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de235543e9ff16a7429c8228ac5a2812db54a011
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de235543e9ff16a7429c8228ac5a2812db54a011
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
