[Git][security-tracker-team/security-tracker][master] 3 commits: lts: take firefox-esr

[Emilio Pozuelo Monfort (@pochu)]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7265a0a0 by Emilio Pozuelo Monfort at 2021-06-02T11:45:10+02:00
lts: take firefox-esr

- - - - -
29bdb172 by Emilio Pozuelo Monfort at 2021-06-02T11:46:22+02:00
lts: CVE-2021-33587/node-css-what EOL in stretch

- - - - -
7f3809bc by Emilio Pozuelo Monfort at 2021-06-02T12:41:26+02:00
lts: CVE-2021-22898/curl postponed on stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -477,6 +477,7 @@ CVE-2021-33587 (The css-what package before 5.0.1 for 
Node.js does not ensure th
        - node-css-what <unfixed> (bug #989264)
        [bullseye] - node-css-what <ignored> (Minor issue, intrusive to 
backport fixes to older series)
        [buster] - node-css-what <ignored> (Minor issue, intrusive to backport 
fixes to older series)
+       [stretch] - node-css-what <end-of-life> (Nodejs in stretch not covered 
by security support)
        NOTE: 
https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655
        NOTE: https://github.com/fb55/css-what/releases/tag/v5.0.1
 CVE-2021-33585
@@ -25671,6 +25672,7 @@ CVE-2021-22899 (A command injection vulnerability 
exists in Pulse Connect Secure
 CVE-2021-22898 [TELNET stack contents disclosure]
        RESERVED
        - curl <unfixed> (bug #989228)
+       [stretch] - curl <postponed> (Minor issue)
        NOTE: https://curl.se/docs/CVE-2021-22898.html
        NOTE: Introduced by: 
https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 
(7.7)
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde 
(7.77.0)


=====================================
data/dla-needed.txt
=====================================
@@ -39,6 +39,8 @@ condor
 eterm (Utkarsh)
   NOTE: 20210521: src/term.c:process_escape_seq(), probably just disable 
vulnerable escape sequence
 --
+firefox-esr (Emilio)
+--
 gpac (Thorsten Alteholz)
   NOTE: 20210524: WIP
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3dfbf70d721f73ed27149f7da18a67f38bb90af2...7f3809bc3c2c7988cd19b4d3451f515492c1aec0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3dfbf70d721f73ed27149f7da18a67f38bb90af2...7f3809bc3c2c7988cd19b4d3451f515492c1aec0
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits