[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) Wed, 26 May 2021 10:08:48 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
be014d3f by Moritz Mühlenhoff at 2021-05-26T19:08:21+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1204,8 +1204,9 @@ CVE-2021-33033 (The Linux kernel before 5.11.14 has a 
use-after-free in cipso_v4
        [buster] - linux 4.19.181-1
        NOTE: 
https://git.kernel.org/linus/ad5d07f4a9cd671233ae20983848874731102c08
 CVE-2021-33026 (The Flask-Caching extension through 1.10.1 for Flask relies on 
Pickle  ...)
-       - flask-caching <unfixed> (bug #988916)
+       - flask-caching <unfixed> (unimportant; bug #988916)
        NOTE: https://github.com/sh4nks/flask-caching/pull/209
+       NOTE: Negligible security impact
 CVE-2021-33025
        RESERVED
 CVE-2021-33024
@@ -13435,11 +13436,10 @@ CVE-2021-27907 (Apache Superset up to and including 
0.38.0 allowed the creation
 CVE-2021-27906 (A carefully crafted PDF file can trigger an 
OutOfMemory-Exception whil ...)
        - libpdfbox2-java 2.0.23-1 (bug #986008)
        [buster] - libpdfbox2-java <no-dsa> (Minor issue)
-       - libpdfbox-java <unfixed>
-       [buster] - libpdfbox-java <no-dsa> (Minor issue)
-       [stretch] - libpdfbox-java <no-dsa> (Minor issue)
+       - libpdfbox-java <not-affected> (Only affects 2.x)
        NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/10
        NOTE: https://issues.apache.org/jira/browse/PDFBOX-5112
+       NOTE: 
https://github.com/apache/pdfbox/commit/8c47be1011c11dc47300faecffd8ab32fba3646f
 CVE-2021-27905 (The ReplicationHandler (normally registered at "/replication" 
under a  ...)
        - lucene-solr 3.6.2+dfsg-23
        [buster] - lucene-solr <ignored> (Minor issue)
@@ -13648,9 +13648,7 @@ CVE-2021-27808
 CVE-2021-27807 (A carefully crafted PDF file can trigger an infinite loop 
while loadin ...)
        - libpdfbox2-java 2.0.23-1 (bug #986006)
        [buster] - libpdfbox2-java <no-dsa> (Minor issue)
-       - libpdfbox-java <unfixed>
-       [buster] - libpdfbox-java <no-dsa> (Minor issue)
-       [stretch] - libpdfbox-java <no-dsa> (Minor issue)
+       - libpdfbox-java <not-affected> (Only affects 2.x)
        NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/9
 CVE-2021-27806
        RESERVED
@@ -18410,9 +18408,9 @@ CVE-2021-3202
 CVE-2021-3201
        RESERVED
 CVE-2021-3200 (Buffer overflow vulnerability in libsolv 2020-12-13 via the 
Solver * t ...)
-       - libsolv <undetermined>
+       - libsolv <unfixed> (unimportant)
        NOTE: https://github.com/openSUSE/libsolv/issues/416
-       TODO: check
+       NOTE: Crash in CLI tool, no security impact
 CVE-2021-3199 (Directory traversal with remote code execution can occur in 
/upload in ...)
        NOT-FOR-US: ONLYOFFICE Document Server
 CVE-2021-3198
@@ -49081,6 +49079,7 @@ CVE-2020-25724
        RESERVED
        - resteasy <unfixed>
        - resteasy3.0 <unfixed>
+       [bullseye] - resteasy3.0 <no-dsa> (Minor issue)
        [buster] - resteasy3.0 <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1899354 (lacks 
details ATM)
 CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI 
emulation code o ...)
@@ -51289,6 +51288,7 @@ CVE-2020-24862
        RESERVED
 CVE-2020-25016 (A safety violation was discovered in the rgb crate before 
0.8.20 for R ...)
        - rust-rgb <unfixed> (bug #969213)
+       [bullseye] - rust-rgb <no-dsa> (Minor issue)
        [buster] - rust-rgb <no-dsa> (Minor issue)
        NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0029.html
        NOTE: https://github.com/kornelski/rust-rgb/issues/35
@@ -53504,7 +53504,6 @@ CVE-2020-23857
        RESERVED
 CVE-2020-23856 (Use-after-Free vulnerability in cflow 1.6 in the void 
call(char *name, ...)
        - cflow <unfixed> (unimportant; bug #988985)
-       [stretch] - cflow <no-dsa> (Minor issue)
        NOTE: https://lists.gnu.org/archive/html/bug-cflow/2020-07/msg00000.html
        NOTE: Crash in CLI tool, no security impact
 CVE-2020-23855
@@ -134707,6 +134706,7 @@ CVE-2019-12401 (Solr versions 1.3.0 to 1.4.1, 3.1.0 
to 3.6.2 and 4.0.0 to 4.10.4
        NOTE: when parsing specially crafted XML data.
 CVE-2019-12400 (In version 2.0.3 Apache Santuario XML Security for Java, a 
caching mec ...)
        - libxml-security-java <unfixed> (bug #935548)
+       [bullseye] - libxml-security-java <no-dsa> (Minor issue)
        [buster] - libxml-security-java <no-dsa> (Minor issue)
        [stretch] - libxml-security-java <not-affected> (Vulnerable code 
introduced in 2.0.3)
        [jessie] - libxml-security-java <not-affected> (Vulnerable code 
introduced in 2.0.3)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be014d3ff2471d055e0a5df42c5e9c9aa6c42e9d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be014d3ff2471d055e0a5df42c5e9c9aa6c42e9d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to