Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d48ec47c by Moritz Muehlenhoff at 2021-03-31T21:09:56+02:00
buster triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -32,6 +32,7 @@ CVE-2021-3480
CVE-2021-3479 [Out-of-memory caused by allocation of a very large buffer]
RESERVED
- openexr <unfixed>
+ [buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/830
@@ -483,14 +484,17 @@ CVE-2021-29425
RESERVED
CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality
in versi ...)
- openexr <unfixed>
+ [buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9
CVE-2021-3475 (There is a flaw in OpenEXR in versions before 3.0.0-beta. An
attacker ...)
- openexr <unfixed>
+ [buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753
CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A
crafted inp ...)
- openexr <unfixed>
+ [buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f
CVE-2021-29424 (The Net::Netmask module before 2.0000 for Perl does not
properly consi ...)
@@ -13072,6 +13076,7 @@ CVE-2021-23980 [mutation XSS via allowed math or svg; p
or br; and style, title,
- python-bleach <unfixed>
NOTE:
https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1689399
+ NOTE:
https://github.com/mozilla/bleach/commit/79b7a3c5e56a09d1d323a5006afa59b56162eb13
CVE-2021-23979 (Mozilla developers reported memory safety bugs present in
Firefox 85. ...)
- firefox 86.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979
@@ -22540,6 +22545,7 @@ CVE-2021-20297 [Setting match.path and activating a
profiles crashes NetworkMana
CVE-2021-20296
RESERVED
- openexr <unfixed>
+ [buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a
CVE-2021-20295 [Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red
Hat Enterprise Linux 8.3]
=====================================
data/dsa-needed.txt
=====================================
@@ -33,6 +33,8 @@ netty
--
openjpeg2 (jmm)
--
+python-bleach
+--
python-pysaml2 (jmm)
--
salt
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d48ec47cfb0b6467d56c4b5e0e78a1aad595c029
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d48ec47cfb0b6467d56c4b5e0e78a1aad595c029
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
