[Git][security-tracker-team/security-tracker][master] Stretch triage

Mon, 14 Jun 2021 00:22:23 -0700 


Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ad7195ce by Abhijith PA at 2021-06-14T12:50:55+05:30
Stretch triage

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1828,6 +1828,7 @@ CVE-2021-33830
        RESERVED
 CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data 
Processor  ...)
        - ckeditor 4.16.0+dfsg-2
+       [stretch] - ckeditor <postponed> (Fix along next DLA)
        NOTE: 
https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
        NOTE: 
https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed
 CVE-2021-33828
@@ -6960,6 +6961,7 @@ CVE-2021-31685
        RESERVED
 CVE-2021-31684 (A vulnerability was discovered in the indexOf function of 
JSONParserBy ...)
        - json-smart <unfixed>
+       [stretch] - json-smart <no-dsa> (Minor issue)
        NOTE: https://github.com/netplex/json-smart-v2/issues/67
        NOTE: 
https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5
        NOTE: Security impact disputed by upstream
@@ -74628,6 +74630,7 @@ CVE-2020-15226 (In GLPI before version 9.5.2, there is 
a SQL Injection in the AP
        - glpi <removed>
 CVE-2020-15225 (django-filter is a generic system for filtering Django 
QuerySets based ...)
        - django-filter 2.4.0-1
+       [stretch] - django-filter <no-dsa> (Minor issue)
        NOTE: 
https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973
        NOTE: 
https://github.com/carltongibson/django-filter/commit/340cf7a23a2b3dcd7183f6a0d6c383e85b130d2b
 CVE-2020-15224 (In Open Enclave before version 0.12.0, an information 
disclosure vulne ...)


=====================================
data/dla-needed.txt
=====================================
@@ -53,6 +53,8 @@ gpac (Thorsten Alteholz)
 --
 htmldoc (Utkarsh Gupta)
 --
+intel-microcode
+--
 jetty9 (Sylvain Beucler)
 --
 libxstream-java
@@ -71,6 +73,8 @@ nvidia-graphics-drivers
   NOTE: package is in non-free but also in packages-to-support
   NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in 
Stretch, no fix available for CVE-2021-1077
 --
+openexr
+--
 prosody (Anton Gladky)
   NOTE: 20210519: at least the 10MB limit mentioned in CVE-2021-32918 is 
present 
   NOTE: 20210530: WIP



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad7195ce804fbde7305b53aaca1c4ce6cabc5c39

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad7195ce804fbde7305b53aaca1c4ce6cabc5c39
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to