[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff (@jmm) Thu, 17 Jun 2021 09:52:39 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
136422a1 by Moritz Muehlenhoff at 2021-06-17T18:52:20+02:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -549,33 +549,33 @@ CVE-2021-3596
 CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP 
network ...)
        - libslirp <unfixed> (bug #989996)
        - qemu 1:4.1-2
+       [buster] - qemu <no-dsa> (Minor issue)
        NOTE: 
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17
 (v4.6.0)
        NOTE: 
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/3f17948137155f025f7809fdc38576d5d2451c3d
 (v4.6.0)
        NOTE: 
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf3ac86b7875559f49602c4d76f46f6f30
 (v4.6.0)
        NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as 
fixed.
-       TODO: check completeness
 CVE-2021-3594 (An invalid pointer initialization issue was found in the SLiRP 
network ...)
        - libslirp <unfixed> (bug #989995)
        - qemu 1:4.1-2
+       [buster] - qemu <no-dsa> (Minor issue)
        NOTE: 
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17
 (v4.6.0)
        NOTE: 
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74572be49247c8c5feae7c6e0b50c4f569ca9824
 (v4.6.0)
        NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as 
fixed.
-       TODO: check completeness
 CVE-2021-3593 (An invalid pointer initialization issue was found in the SLiRP 
network ...)
        - libslirp <unfixed> (bug #989994)
        - qemu 1:4.1-2
+       [buster] - qemu <no-dsa> (Minor issue)
        NOTE: 
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17
 (v4.6.0)
        NOTE: 
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15de66ba9350bf62c45b05f8fbff166517b
 (v4.6.0)
        NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as 
fixed.
-       TODO: check completeness
 CVE-2021-3592 (An invalid pointer initialization issue was found in the SLiRP 
network ...)
        - libslirp <unfixed> (bug #989993)
        - qemu 1:4.1-2
+       [buster] - qemu <no-dsa> (Minor issue)
        NOTE: 
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17
 (v4.6.0)
        NOTE: 
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45b25d92760bb0ad67bec0300a4d7d5275
 (v4.6.0)
        NOTE: 
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c
 (v4.6.0)
        NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as 
fixed.
-       TODO: check completeness
 CVE-2021-34558
        RESERVED
 CVE-2021-34556
@@ -8420,6 +8420,7 @@ CVE-2021-31216
 CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x 
before 20.11. ...)
        - slurm-wlm 20.11.7-1 (bug #988439)
        - slurm-llnl <removed>
+       [buster] - slurm-llnl <no-dsa> (Minor issue)
        [stretch] - slurm-llnl <not-affected> (env is already SPANKed)
        NOTE: 
https://github.com/SchedMD/slurm/commit/a9e9e2fedbd200ca545ab67dd753bd52c919f236
 (2.11.7)
 CVE-2021-3499 (A vulnerability was found in OVN Kubernetes in versions up to 
and incl ...)
@@ -12276,6 +12277,7 @@ CVE-2021-29626 (In FreeBSD 13.0-STABLE before n245117, 
12.2-STABLE before r36955
        - kfreebsd-10 <unfixed> (unimportant)
 CVE-2021-29625 (Adminer is open-source database management software. A 
cross-site scri ...)
        - adminer 4.7.9-2 (bug #988886)
+       [buster] - adminer <no-dsa> (Minor issue)
        [stretch] - adminer <no-dsa> (Minor issue)
        NOTE: 
https://github.com/vrana/adminer/security/advisories/GHSA-2v82-5746-vwqc
        NOTE: 
https://github.com/vrana/adminer/commit/4043092ec2c0de2258d60a99d0c5958637d051a7
@@ -29734,6 +29736,8 @@ CVE-2021-22223
 CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 
3.4.5 allow ...)
        [experimental] - wireshark 3.4.6-1~exp1
        - wireshark <unfixed>
+       [bullseye] - wireshark <postponed> (Minor issue, can be fixed along in 
future update)
+       [buster] - wireshark <postponed> (Minor issue, can be fixed along in 
future update)
        [stretch] - wireshark <postponed> (Minor issue)
        NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/3130
        NOTE: https://www.wireshark.org/security/wnpa-sec-2021-05.html


=====================================
data/dsa-needed.txt
=====================================
@@ -39,3 +39,5 @@ runc
 --
 salt
 --
+tor
+--



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/136422a15519a509102a0da38653aab80e6ecdbe

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/136422a15519a509102a0da38653aab80e6ecdbe
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster triage

Reply via email to