Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
625a4233 by Thorsten Alteholz at 2021-04-21T11:26:45+02:00
mark CVE-2021-29457 as no-dsa for Stretch
- - - - -
aec8fd96 by Thorsten Alteholz at 2021-04-21T11:27:18+02:00
mark CVE-2021-29458 as no-dsa for Stretch
- - - - -
ad3a4529 by Thorsten Alteholz at 2021-04-21T11:28:48+02:00
mark CVE-2021-29338 as no-dsa for Stretch
- - - - -
b342952b by Thorsten Alteholz at 2021-04-21T11:45:40+02:00
mark CVE-2021-1077 as no-dsa in Stretch
- - - - -
51931832 by Thorsten Alteholz at 2021-04-21T11:46:26+02:00
add nvidia-graphics-drivers
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4563,12 +4563,14 @@ CVE-2021-29459 (XWiki Platform is a generic wiki
platform offering runtime servi
CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- exiv2 <unfixed> (bug #987277)
[buster] - exiv2 <no-dsa> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5
NOTE: https://github.com/Exiv2/exiv2/issues/1530
NOTE: https://github.com/Exiv2/exiv2/pull/1536
CVE-2021-29457 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- exiv2 <unfixed> (bug #987277)
[buster] - exiv2 <no-dsa> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
NOTE: https://github.com/Exiv2/exiv2/issues/1529
NOTE: https://github.com/Exiv2/exiv2/pull/1534
@@ -4873,6 +4875,7 @@ CVE-2021-29339
CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to
crash t ...)
- openjpeg2 <unfixed> (bug #987276)
[buster] - openjpeg2 <no-dsa> (Minor issue)
+ [stretch] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1338
CVE-2021-29337
RESERVED
@@ -34624,6 +34627,7 @@ CVE-2021-1077
RESERVED
- nvidia-graphics-drivers <unfixed> (bug #987216)
[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers <no-dsa> (no upstream patch
available)
- nvidia-graphics-drivers-tesla-450 <unfixed> (bug #987221)
- nvidia-graphics-drivers-tesla-460 <unfixed> (bug #987222)
CVE-2021-1076
=====================================
data/dla-needed.txt
=====================================
@@ -86,6 +86,10 @@ linux-4.19 (Ben Hutchings)
mediawiki (Abhijith PA)
NOTE: 20210412: Check ./extensions/SyntaxHighlight_GeSHi/pygments/pygmentize
(lamby)
--
+nvidia-graphics-drivers
+ NOTE: package is in non-free but also in packages-to-support
+ NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in
Stretch, no fix available for CVE-2021-1077
+--
opendmarc
NOTE: 20200719: no patches for remaining CVEs available, everything else is
already done in Stretch (thorsten)
NOTE: 20201217: patch for CVE-2020-12460 has become available (roberto)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b6566bec5f3f0d69be7e4e1e48677cd1877f6de8...51931832329136d56eaf0bd801517f4736ba4537
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b6566bec5f3f0d69be7e4e1e48677cd1877f6de8...51931832329136d56eaf0bd801517f4736ba4537
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
