[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2021-29623 as no-dsa for Stretch

Sun, 23 May 2021 06:34:03 -0700 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e10116b3 by Thorsten Alteholz at 2021-05-23T14:22:12+02:00
mark CVE-2021-29623 as no-dsa for Stretch

- - - - -
d6ef9944 by Thorsten Alteholz at 2021-05-23T14:22:14+02:00
mark CVE-2021-32617 as no-dsa for Stretch

- - - - -
3cda859d by Thorsten Alteholz at 2021-05-23T15:26:42+02:00
add libxml2

- - - - -
6b83f9cc by Thorsten Alteholz at 2021-05-23T15:31:29+02:00
add djvulibre

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1908,6 +1908,7 @@ CVE-2021-32617 (Exiv2 is a command-line utility and C++ 
library for reading, wri
        - exiv2 <unfixed> (bug #988731)
        [bullseye] - exiv2 <no-dsa> (Minor issue)
        [buster] - exiv2 <no-dsa> (Minor issue)
+       [stretch] - exiv2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj
        NOTE: https://github.com/Exiv2/exiv2/pull/1657
 CVE-2021-32616
@@ -9047,6 +9048,7 @@ CVE-2021-29623 (Exiv2 is a C++ library and a command-line 
utility to read, write
        - exiv2 <unfixed> (bug #988481)
        [bullseye] - exiv2 <no-dsa> (Minor issue)
        [buster] - exiv2 <no-dsa> (Minor issue)
+       [stretch] - exiv2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
        NOTE: https://github.com/Exiv2/exiv2/pull/1627
 CVE-2021-29622 (Prometheus is an open-source monitoring system and time series 
databas ...)


=====================================
data/dla-needed.txt
=====================================
@@ -39,6 +39,8 @@ condor
   NOTE: 20200727: Waiting on maintainer feedback: 
https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto)
   NOTE: 20210205: Some patches seems to be available but not clear if it 
solves the whole issue or not. (ola)
 --
+djvulibre
+--
 eterm (Utkarsh)
   NOTE: 20210521: src/term.c:process_escape_seq(), probably just disable 
vulnerable escape sequence
 --
@@ -56,6 +58,8 @@ imagemagick (Anton Gladky)
 libwebp (Anton Gladky)
   NOTE: 20210516: WIP
 --
+libxml2 (Thorsten Alteholz)
+--
 libx11 (Emilio)
 --
 linux (Ben Hutchings)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03bb2c4af291c6ef7f8756f630e706cea5e74dc6...6b83f9cc4d554720dbdc50f7d6bb39d8e290a940

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03bb2c4af291c6ef7f8756f630e706cea5e74dc6...6b83f9cc4d554720dbdc50f7d6bb39d8e290a940
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to