[Git][security-tracker-team/security-tracker][master] buster triage

Tue, 25 May 2021 10:56:51 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5a10a508 by Moritz Muehlenhoff at 2021-05-25T19:55:35+02:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2035,6 +2035,7 @@ CVE-2021-32612
        RESERVED
 CVE-2021-32611 (A NULL pointer dereference vulnerability exists in 
eXcall_api.c in Ant ...)
        - libexosip2 <removed>
+       [buster] - libexosip2 <no-dsa> (Minor issue)
        NOTE: 
http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=f2ed389fe84613512cc560127883e51e6cf8c054
 CVE-2021-32610
        RESERVED
@@ -2326,6 +2327,7 @@ CVE-2021-32480
        RESERVED
 CVE-2021-32563 (An issue was discovered in Thunar before 4.16.7 and 4.17.x 
before 4.17 ...)
        - thunar 4.16.8-1 (bug #988394)
+       [buster] - thunar <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2021/05/09/2
        NOTE: Fixed by: 
https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b
        NOTE: Regression fix: 
https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664
@@ -2367,6 +2369,7 @@ CVE-2021-32490
 CVE-2021-3541
        RESERVED
        - libxml2 2.9.10+dfsg-6.7 (bug #988603)
+       [buster] - libxml2 <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950515
        NOTE: 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e
        NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/228 (currently 
private)
@@ -3458,6 +3461,7 @@ CVE-2021-3532
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956464
 CVE-2021-3531 (A flaw was found in the Red Hat Ceph Storage RGW in versions 
before 14 ...)
        - ceph <unfixed> (bug #988890)
+       [buster] - ceph <no-dsa> (Minor issue)
        [stretch] - ceph <not-affected> (Vulnerable code introduced later)
        NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/5
        NOTE: Nautilus: 
https://github.com/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e
@@ -3668,6 +3672,7 @@ CVE-2021-3525
        RESERVED
 CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph 
Object Gate ...)
        - ceph <unfixed> (bug #988889)
+       [buster] - ceph <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951674
        NOTE: Fixed by: 
https://github.com/ceph/ceph/commit/763aebb94678018f89427137ffbc0c5205b1edc1
 CVE-2021-3523
@@ -4111,6 +4116,7 @@ CVE-2021-31801
        RESERVED
 CVE-2021-31800 (Multiple path traversal vulnerabilities exist in smbserver.py 
in Impac ...)
        - impacket 0.9.22-2 (bug #988141)
+       [buster] - impacket <no-dsa> (Minor issue)
        NOTE: 
https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f
 CVE-2021-31799
        RESERVED
@@ -32382,6 +32388,7 @@ CVE-2021-20289 (A flaw was found in RESTEasy in all 
versions of RESTEasy up to 4
        NOT-FOR-US: Keycloak
 CVE-2021-20288 (An authentication flaw was found in ceph in versions before 
14.2.20. W ...)
        - ceph 14.2.20-1 (bug #986974)
+       [buster] - ceph <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2021/04/14/2
        NOTE: 
https://github.com/ceph/ceph/commit/059eabcc0ada81078a898cdc25cf72bf3d506ad0
        NOTE: 
https://github.com/ceph/ceph/commit/05b3b6a305ddbb56cc53bbeadf5866db4d785f49
@@ -48984,6 +48991,7 @@ CVE-2020-25724
        RESERVED
        - resteasy <unfixed>
        - resteasy3.0 <unfixed>
+       [buster] - resteasy3.0 <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1899354 (lacks 
details ATM)
 CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI 
emulation code o ...)
        {DLA-2469-1}


=====================================
data/dsa-needed.txt
=====================================
@@ -14,17 +14,23 @@ If needed, specify the release by adding a slash after the 
name of the source pa
 --
 condor
 --
+djvulibre
+--
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v4.19.y versions.
 --
 ndpi
 --
+nginx
+--
 jetty9
 --
 python-pysaml2 (jmm)
 --
 salt
 --
+squid
+--
 webkit2gtk
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a10a508f1ce0cb2651f242fe75ed261ca6f08f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a10a508f1ce0cb2651f242fe75ed261ca6f08f9
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to