[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) Thu, 01 Jul 2021 07:27:45 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7efeedc7 by Moritz Muehlenhoff at 2021-07-01T16:20:49+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -401,14 +401,20 @@ CVE-2021-35940
 CVE-2021-35939 [checks for unsafe symlinks are not performed for intermediary 
directories]
        RESERVED
        - rpm <unfixed>
+       [bullseye] - rpm <no-dsa> (Minor issue)
+       [buster] - rpm <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964129
 CVE-2021-35938 [races with chown/chmod/capabilities calls during installation]
        RESERVED
        - rpm <unfixed>
+       [bullseye] - rpm <no-dsa> (Minor issue)
+       [buster] - rpm <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964114
 CVE-2021-35937 [TOCTOU race in checks for unsafe symlinks]
        RESERVED
        - rpm <unfixed>
+       [bullseye] - rpm <no-dsa> (Minor issue)
+       [buster] - rpm <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964125
 CVE-2021-35936
        RESERVED
@@ -8985,6 +8991,7 @@ CVE-2021-32063
 CVE-2021-32062 (MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x 
and 7.4.x  ...)
        [experimental] - mapserver 7.6.3-1~exp1
        - mapserver 7.6.2-2 (bug #988208)
+       [bullseye] - mapserver <ignored> (Minor issue; #988224)
        [buster] - mapserver <no-dsa> (Minor issue; will be fixed via point 
release)
        [stretch] - mapserver <postponed> (Minor issue; can be fixed in next 
update)
        NOTE: https://github.com/mapserver/mapserver/issues/6313
@@ -9601,6 +9608,7 @@ CVE-2020-36327 (Bundler 1.16.0 through 2.2.9 and 2.2.11 
through 2.2.16 sometimes
        - bundler <removed>
        [stretch] - bundler <no-dsa> (Invasive change, hard to backport; 
chances of regression)
        - rubygems <unfixed>
+       [bullseye] - rubygems <no-dsa> (Minor issue)
        NOTE: https://github.com/rubygems/rubygems/issues/3982
 CVE-2021-3521
        RESERVED
@@ -18523,6 +18531,7 @@ CVE-2021-28214
        RESERVED
 CVE-2021-28213 (Example EDK2 encrypted private key in the IpSecDxe.efi present 
potenti ...)
        - edk2 <unfixed> (bug #989988)
+       [bullseye] - edk2 <no-dsa> (Minor issue)
        [buster] - edk2 <no-dsa> (Minor issue)
        [stretch] - edk2 <no-dsa> (Minor issue)
        NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1866
@@ -24798,6 +24807,7 @@ CVE-2021-25738
 CVE-2021-25737
        RESERVED
        - kubernetes <unfixed>
+       [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only 
ships the client)
        NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/4
        NOTE: Server components no longer built since 1.20.5+really1.20.2-1
 CVE-2021-25736
@@ -24806,6 +24816,7 @@ CVE-2021-25736
 CVE-2021-25735 [Validating Admission Webhook does not observe some previous 
fields]
        RESERVED
        - kubernetes <unfixed>
+       [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only 
ships the client)
        NOTE: https://www.openwall.com/lists/oss-security/2021/04/14/1
        NOTE: https://github.com/kubernetes/kubernetes/issues/100096
        NOTE: Server components no longer built since 1.20.5+really1.20.2-1
@@ -31111,6 +31122,7 @@ CVE-2021-22896 (Nextcloud Mail before 1.9.5 suffers 
from improper access control
        NOT-FOR-US: Nextcloud Mail
 CVE-2021-22895 (Nextcloud Desktop Client before 3.3.1 is vulnerable to 
improper certif ...)
        - nextcloud-desktop <unfixed> (bug #989846)
+       [bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
        [buster] - nextcloud-desktop <no-dsa> (Minor issue)
        NOTE: https://github.com/nextcloud/desktop/pull/2926
        NOTE: 
https://github.com/nextcloud/desktop/commit/b1ddd0e491b2af0ed040e658d8bcde2a7a61c9fc
 (stable-3.1)
@@ -97109,6 +97121,7 @@ CVE-2020-8563 (In Kubernetes clusters using VSphere as 
a cloud provider, with a
 CVE-2020-8562
        RESERVED
        - kubernetes <unfixed>
+       [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only 
ships the client)
        NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/8
        NOTE: Server components no longer built since 1.20.5+really1.20.2-1
 CVE-2020-8561
@@ -97133,6 +97146,7 @@ CVE-2020-8555 (The Kubernetes kube-controller-manager 
in versions v1.0-1.14, ver
        NOTE: https://github.com/kubernetes/kubernetes/issues/91542
 CVE-2020-8554 (Kubernetes API server in all versions allow an attacker who is 
able to ...)
        - kubernetes <unfixed>
+       [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only 
ships the client)
        NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/5
        NOTE: https://github.com/kubernetes/kubernetes/issues/97076
        NOTE: Server components no longer built since 1.20.5+really1.20.2-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7efeedc74f2799809b430c8660204800999fd457

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7efeedc74f2799809b430c8660204800999fd457
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to