Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a9276499 by Moritz Muehlenhoff at 2021-08-03T17:06:32+02:00
buster triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -383,7 +383,9 @@ CVE-2021-37747
RESERVED
CVE-2021-37746 (textview_uri_security_check in textview.c in Claws Mail before
3.18.0, ...)
- claws-mail <unfixed> (bug #991722)
+ [buster] - claws-mail <no-dsa> (Minor issue)
- sylpheed <unfixed> (bug #991723)
+ [buster] - sylpheed <no-dsa> (Minor issue)
NOTE:
https://git.claws-mail.org/?p=claws.git;a=commit;h=ac286a71ed78429e16c612161251b9ea90ccd431
CVE-2021-3672
RESERVED
@@ -1098,6 +1100,7 @@ CVE-2021-23183
RESERVED
CVE-2021-37601 (muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote
attackers t ...)
- prosody 0.11.9-2
+ [buster] - prosody <no-dsa> (Minor issue)
NOTE: https://prosody.im/security/advisory_20210722/
CVE-2021-37404
RESERVED
@@ -2473,19 +2476,25 @@ CVE-2020-36427 (GNOME gThumb before 3.10.1 allows an
application crash via a mal
NOTE: Crash in CLI tool, no security impact
CVE-2020-36426 (An issue was discovered in Arm Mbed TLS before 2.24.0.
mbedtls_x509_cr ...)
- mbedtls 2.16.9-0.1
+ [buster] - mbedtls <no-dsa> (Minor issue)
CVE-2020-36425 (An issue was discovered in Arm Mbed TLS before 2.24.0. It
incorrectly ...)
- mbedtls 2.16.9-0.1
+ [buster] - mbedtls <no-dsa> (Minor issue)
NOTE: https://github.com/ARMmbed/mbedtls/issues/3340
NOTE: https://github.com/ARMmbed/mbedtls/pull/3433
CVE-2020-36424 (An issue was discovered in Arm Mbed TLS before 2.24.0. An
attacker can ...)
- mbedtls 2.16.9-0.1
+ [buster] - mbedtls <no-dsa> (Minor issue)
NOTE:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2
CVE-2020-36423 (An issue was discovered in Arm Mbed TLS before 2.23.0. A
remote attack ...)
- mbedtls 2.16.9-0.1
+ [buster] - mbedtls <no-dsa> (Minor issue)
CVE-2020-36422 (An issue was discovered in Arm Mbed TLS before 2.23.0. A side
channel ...)
- mbedtls 2.16.9-0.1
+ [buster] - mbedtls <no-dsa> (Minor issue)
CVE-2020-36421 (An issue was discovered in Arm Mbed TLS before 2.23.0. Because
of a si ...)
- mbedtls 2.16.9-0.1
+ [buster] - mbedtls <no-dsa> (Minor issue)
NOTE: https://github.com/ARMmbed/mbedtls/issues/3394
CVE-2021-36774
RESERVED
@@ -2505,6 +2514,7 @@ CVE-2021-36770
CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for
Android, Telegr ...)
[experimental] - telegram-desktop 2.9.0+ds-1
- telegram-desktop <unfixed> (bug #991493)
+ [buster] - telegram-desktop <no-dsa> (Minor issue)
NOTE: https://mtpsym.github.io/
CVE-2021-36768
RESERVED
@@ -11608,11 +11618,13 @@ CVE-2021-32793
RESERVED
CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
- libapache2-mod-auth-openidc 2.4.9-1 (bug #991580)
+ [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE:
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j
NOTE:
https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751
(v2.4.9)
NOTE:
https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56
(v2.4.9)
CVE-2021-32791 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
- libapache2-mod-auth-openidc 2.4.9-1 (bug #991581)
+ [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE:
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r
NOTE:
https://github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c
(v2.4.9)
CVE-2021-32790 (Woocommerce is an open source eCommerce plugin for WordPress.
An SQL i ...)
@@ -11625,10 +11637,12 @@ CVE-2021-32787 (Sourcegraph is a code search and
navigation engine. Sourcegraph
TODO: check
CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
- libapache2-mod-auth-openidc 2.4.9-1 (bug #991582)
+ [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE:
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7
NOTE:
https://github.com/zmartzone/mod_auth_openidc/commit/3a115484eb927bc6daa5737dd84f88ff4bbc5544
(v2.4.9)
CVE-2021-32785 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
- libapache2-mod-auth-openidc 2.4.9-1 (bug #991583)
+ [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE:
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4
NOTE:
https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449
(v2.4.9)
CVE-2021-32784
=====================================
data/dsa-needed.txt
=====================================
@@ -15,6 +15,8 @@ If needed, specify the release by adding a slash after the
name of the source pa
ansible (jmm)
Maintainer prepared an update for review
--
+asterisk
+--
bluez (carnil)
--
condor
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a92764994c5d257d6bc11315835e960b30c8aac9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a92764994c5d257d6bc11315835e960b30c8aac9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
