Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7265a0a0 by Emilio Pozuelo Monfort at 2021-06-02T11:45:10+02:00 lts: take firefox-esr - - - - - 29bdb172 by Emilio Pozuelo Monfort at 2021-06-02T11:46:22+02:00 lts: CVE-2021-33587/node-css-what EOL in stretch - - - - - 7f3809bc by Emilio Pozuelo Monfort at 2021-06-02T12:41:26+02:00 lts: CVE-2021-22898/curl postponed on stretch - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -477,6 +477,7 @@ CVE-2021-33587 (The css-what package before 5.0.1 for Node.js does not ensure th - node-css-what <unfixed> (bug #989264) [bullseye] - node-css-what <ignored> (Minor issue, intrusive to backport fixes to older series) [buster] - node-css-what <ignored> (Minor issue, intrusive to backport fixes to older series) + [stretch] - node-css-what <end-of-life> (Nodejs in stretch not covered by security support) NOTE: https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655 NOTE: https://github.com/fb55/css-what/releases/tag/v5.0.1 CVE-2021-33585 @@ -25671,6 +25672,7 @@ CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect Secure CVE-2021-22898 [TELNET stack contents disclosure] RESERVED - curl <unfixed> (bug #989228) + [stretch] - curl <postponed> (Minor issue) NOTE: https://curl.se/docs/CVE-2021-22898.html NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (7.7) NOTE: Fixed by: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde (7.77.0) ===================================== data/dla-needed.txt ===================================== @@ -39,6 +39,8 @@ condor eterm (Utkarsh) NOTE: 20210521: src/term.c:process_escape_seq(), probably just disable vulnerable escape sequence -- +firefox-esr (Emilio) +-- gpac (Thorsten Alteholz) NOTE: 20210524: WIP -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3dfbf70d721f73ed27149f7da18a67f38bb90af2...7f3809bc3c2c7988cd19b4d3451f515492c1aec0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3dfbf70d721f73ed27149f7da18a67f38bb90af2...7f3809bc3c2c7988cd19b4d3451f515492c1aec0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits