[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) Sun, 08 Aug 2021 11:00:00 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
85dd0c17 by Moritz Muehlenhoff at 2021-08-08T19:59:10+02:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -162,6 +162,8 @@ CVE-2021-38156
        RESERVED
 CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x 
before 17.0.1 ...)
        - keystone <unfixed>
+       [bullseye] - keystone <no-dsa> (Minor issue)
+       [buster] - keystone <no-dsa> (Minor issue)
        [stretch] - keystone <end-of-life> (Keystone not supported in stretch)
        NOTE: https://launchpad.net/bugs/1688137
 CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a 
URI, whic ...)
@@ -336,6 +338,8 @@ CVE-2021-38085
        RESERVED
 CVE-2021-38084 (An issue was discovered in the POP3 component of Courier Mail 
Server b ...)
        - courier <unfixed> (bug #989375)
+       [bullseye] - courier <no-dsa> (Minor issue)
+       [buster] - courier <no-dsa> (Minor issue)
        NOTE: 
https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583
        NOTE: https://sourceforge.net/p/courier/mailman/message/37329216/
        NOTE: 
https://sourceforge.net/p/courier/courier-libs.git/ci/97ed62b17a2616c758d09105b5a14dd1038cff6f/
 (1.1.5)
@@ -2667,6 +2671,8 @@ CVE-2021-3655 (A vulnerability was found in the Linux 
kernel in versions before
 CVE-2021-3654 [novnc allows open redirection]
        RESERVED
        - nova <unfixed> (bug #991441)
+       [bullseye] - nova <no-dsa> (Minor issue)
+       [buster] - nova <no-dsa> (Minor issue)
        NOTE: https://bugs.launchpad.net/nova/+bug/1927677
 CVE-2021-26263
        RESERVED
@@ -3182,6 +3188,7 @@ CVE-2021-36774
        RESERVED
 CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support 
an arbitr ...)
        - ublock-origin <unfixed> (bug #991386)
+       [bullseye] - ublock-origin <no-dsa> (Minor issue)
        [buster] - ublock-origin <no-dsa> (Minor issue)
        [stretch] - ublock-origin <no-dsa> (Minor issue)
        - umatrix <unfixed> (bug #991344)
@@ -3196,6 +3203,7 @@ CVE-2021-36770
 CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for 
Android, Telegr ...)
        [experimental] - telegram-desktop 2.9.0+ds-1
        - telegram-desktop <unfixed> (bug #991493)
+       [bullseye] - telegram-desktop <no-dsa> (Minor issue)
        [buster] - telegram-desktop <no-dsa> (Minor issue)
        NOTE: https://mtpsym.github.io/
 CVE-2021-36768
@@ -4390,7 +4398,9 @@ CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the 
Key Distribution Center
 CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race 
condition that c ...)
        - golang-1.16 1.16.7-1
        - golang-1.15 <unfixed> (bug #991961)
+       [bullseye] - golang-1.15 <no-dsa> (Minor issue)
        - golang-1.11 <removed>
+       [buster] - golang-1.11 <no-dsa> (Minor issue)
        - golang-1.8 <removed>
        - golang-1.7 <removed>
        NOTE: https://github.com/golang/go/issues/46866
@@ -6416,6 +6426,8 @@ CVE-2021-35369
 CVE-2021-35368 [CRS Request Body Bypass]
        RESERVED
        - modsecurity-crs <unfixed> (bug #992000)
+       [bullseye] - modsecurity-crs <no-dsa> (Minor issue)
+       [buster] - modsecurity-crs <no-dsa> (Minor issue)
        NOTE: 
https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/
 CVE-2021-35367
        RESERVED
@@ -8857,6 +8869,8 @@ CVE-2021-3584
 CVE-2021-3583 [Template Injection through yaml multi-line strings with ansible 
facts used in template]
        RESERVED
        - ansible <unfixed>
+       [bullseye] - ansible <no-dsa> (Minor issue)
+       [buster] - ansible <no-dsa> (Minor issue)
        - ansible-base <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968412
        NOTE: 
https://github.com/ansible/ansible/commit/4c8c40fd3d4a58defdc80e7d22aa8d26b731353e.patch
@@ -12799,6 +12813,8 @@ CVE-2021-32610 (In Archive_Tar before 1.4.14, symlinks 
can refer to targets outs
        {DLA-2721-1}
        - drupal7 <removed>
        - php-pear <unfixed> (bug #991541)
+       [bullseye] - php-pear <no-dsa> (Minor issue)
+       [buster] - php-pear <no-dsa> (Minor issue)
        NOTE: https://www.drupal.org/sa-core-2021-004
        NOTE: https://pear.php.net/package/Archive_Tar/download/1.4.14/
        NOTE: 
https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f61ca26bf7d4
 (1.4.14)
@@ -12913,6 +12929,7 @@ CVE-2021-32575 (HashiCorp Nomad and Nomad Enterprise up 
to version 1.0.4 bridge
        NOTE: 
https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296
 CVE-2021-32574 (HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 
Envoy prox ...)
        - consul <unfixed> (bug #991719)
+       [bullseye] - consul <no-dsa> (Minor issue)
        [buster] - consul <not-affected> (Only affects 1.3.0 and later)
        NOTE: 
https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856
        NOTE: https://github.com/hashicorp/consul/pull/10619
@@ -19759,6 +19776,8 @@ CVE-2021-29923 (Go before 1.17 does not properly 
consider extraneous zero charac
        TODO: check
 CVE-2021-29922 (library/std/src/net/parser.rs in Rust before 1.53.0 does not 
properly  ...)
        - rustc <unfixed>
+       [bullseye] - rustc <no-dsa> (Minor issue)
+       [buster] - rustc <no-dsa> (Minor issue)
        NOTE: https://github.com/rust-lang/rust/issues/83648
        NOTE: https://github.com/rust-lang/rust/pull/83652
        NOTE: 
https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-015.md
@@ -63064,30 +63083,44 @@ CVE-2020-24828
        RESERVED
 CVE-2020-24827 (A vulnerability in the dwarf::cursor::skip_form function of 
Libelfin v ...)
        - libelfin <unfixed>
+       [bullseye] - libelfin <no-dsa> (Minor issue)
+       [buster] - libelfin <no-dsa> (Minor issue)
        NOTE: https://github.com/aclements/libelfin/issues/47
        NOTE: 
https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc181
 CVE-2020-24826 (A vulnerability in the elf::section::as_strtab function of 
Libelfin v0 ...)
        - libelfin <unfixed>
+       [bullseye] - libelfin <no-dsa> (Minor issue)
+       [buster] - libelfin <no-dsa> (Minor issue)
        NOTE: https://github.com/aclements/libelfin/issues/49
        NOTE: 
https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-elfsectionas_strtab-at-elfelfcc284
 CVE-2020-24825 (A vulnerability in the line_table::line_table function of 
Libelfin v0. ...)
        - libelfin <unfixed>
+       [bullseye] - libelfin <no-dsa> (Minor issue)
+       [buster] - libelfin <no-dsa> (Minor issue)
        NOTE: https://github.com/aclements/libelfin/issues/46
        NOTE: 
https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-line_tableline_table-at-dwarflinecc104
 CVE-2020-24824 (A global buffer overflow issue in the 
dwarf::line_table::line_table fu ...)
        - libelfin <unfixed>
+       [bullseye] - libelfin <no-dsa> (Minor issue)
+       [buster] - libelfin <no-dsa> (Minor issue)
        NOTE: https://github.com/aclements/libelfin/issues/48
        NOTE: 
https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#global-buffer-overflow-in-function-dwarfline_tableline_table-at-dwarflinecc107
 CVE-2020-24823 (A vulnerability in the dwarf::to_string function of Libelfin 
v0.3 allo ...)
        - libelfin <unfixed>
+       [bullseye] - libelfin <no-dsa> (Minor issue)
+       [buster] - libelfin <no-dsa> (Minor issue)
        NOTE: https://github.com/aclements/libelfin/issues/51
        NOTE: 
https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfto_string-at-dwarfvaluecc300
 CVE-2020-24822 (A vulnerability in the dwarf::cursor::uleb function of 
Libelfin v0.3 a ...)
        - libelfin <unfixed>
+       [bullseye] - libelfin <no-dsa> (Minor issue)
+       [buster] - libelfin <no-dsa> (Minor issue)
        NOTE: https://github.com/aclements/libelfin/issues/50
        NOTE: 
https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursoruleb128-at-dwarfinternalhh154
 CVE-2020-24821 (A vulnerability in the dwarf::cursor::skip_form function of 
Libelfin v ...)
        - libelfin <unfixed>
+       [bullseye] - libelfin <no-dsa> (Minor issue)
+       [buster] - libelfin <no-dsa> (Minor issue)
        NOTE: https://github.com/aclements/libelfin/issues/52
        NOTE: 
https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc191
 CVE-2020-24820



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85dd0c17f71aeeb150c7a887edf88f748ccef057

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85dd0c17f71aeeb150c7a887edf88f748ccef057
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to