Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e823a25c by Moritz Mühlenhoff at 2021-05-23T11:41:31+02:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1906,6 +1906,8 @@ CVE-2021-32618 (The Python "Flask-Security-Too" package
is used for adding secur
TODO: check
CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- exiv2 <unfixed> (bug #988731)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <no-dsa> (Minor issue)
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj
NOTE: https://github.com/Exiv2/exiv2/pull/1657
CVE-2021-32616
@@ -1916,9 +1918,9 @@ CVE-2021-32615 (Piwigo 11.4.0 allows
admin/user_list_backend.php order[0][dir] S
- piwigo <removed>
CVE-2021-32614 [read in memcpy() for up to 204 bytes in fill_mishblk()]
RESERVED
- - dmg2img <unfixed>
- [stretch] - dmg2img <no-dsa> (Minor issue)
+ - dmg2img <unfixed> (unimportant; bug #989008)
NOTE: https://github.com/Lekensteyn/dmg2img/issues/11
+ NOTE: Crash in CLI tool, no security impact
CVE-2021-32613 (In radare2 through 5.3.0 there is a double free vulnerability
in the p ...)
- radare2 <unfixed>
NOTE: https://github.com/radareorg/radare2/issues/18679
@@ -9043,6 +9045,8 @@ CVE-2021-29624 (fastify-csrf is an open-source plugin
helps developers protect t
TODO: check
CVE-2021-29623 (Exiv2 is a C++ library and a command-line utility to read,
write, dele ...)
- exiv2 <unfixed> (bug #988481)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <no-dsa> (Minor issue)
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
NOTE: https://github.com/Exiv2/exiv2/pull/1627
CVE-2021-29622 (Prometheus is an open-source monitoring system and time series
databas ...)
@@ -9386,6 +9390,7 @@ CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an
open-source collaborat
NOT-FOR-US: HedgeDoc
CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read,
write, dele ...)
- exiv2 <unfixed> (bug #987736)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
[buster] - exiv2 <not-affected> (Vulnerable code introduced later)
[stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
@@ -68995,6 +69000,8 @@ CVE-2020-16120 (Overlayfs did not properly perform
permission checking when copy
NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/6
CVE-2020-16119 (Use-after-free vulnerability in the Linux kernel exploitable
by a loca ...)
- linux <unfixed>
+ [bullseye] - linux <no-dsa> (Minor issue, blacklisted by default,
revisit if fixed upstream)
+ [buster] - linux <no-dsa> (Minor issue, blacklisted by default, revisit
if fixed upstream)
NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/7
CVE-2020-16118 (In GNOME Balsa before 2.6.0, a malicious server operator or
man in the ...)
- balsa 2.6.0-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e823a25ca170fab2f0f1d86cba014232df63395f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e823a25ca170fab2f0f1d86cba014232df63395f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
