[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2021-22939 as eol for Stretch

Mon, 23 Aug 2021 07:07:09 -0700 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b00edb24 by Thorsten Alteholz at 2021-08-23T16:06:40+02:00
mark CVE-2021-22939 as eol for Stretch

- - - - -
4a3e5304 by Thorsten Alteholz at 2021-08-23T16:06:41+02:00
mark CVE-2020-18897 as no-dsa for Stretch

- - - - -
2d3599e8 by Thorsten Alteholz at 2021-08-23T16:06:42+02:00
mark CVE-2020-21675 as no-dsa for Stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39696,6 +39696,7 @@ CVE-2021-22940 (Node.js before 16.6.1, 14.17.5, and 
12.22.5 is vulnerable to a u
 CVE-2021-22939 (If the Node.js https API was used incorrectly and "undefined" 
was in p ...)
        - nodejs 12.22.5~dfsg-1
        [bullseye] - nodejs 12.22.5~dfsg-2~11u1
+       [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by 
security support)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#incomplete-validation-of-rejectunauthorized-parameter-low-cve-2021-22939
 CVE-2021-22938 (A vulnerability in Pulse Connect Secure before 9.1R12 could 
allow an a ...)
        NOT-FOR-US: Pulse Connect Secure
@@ -73342,6 +73343,7 @@ CVE-2020-21676 (A stack-based buffer overflow in the 
genpstrx_text() component i
 CVE-2020-21675 (A stack-based buffer overflow in the genptk_text component in 
genptk.c ...)
        - fig2dev 1:3.2.7b-3
        [buster] - fig2dev 1:3.2.7a-5+deb10u3
+       [stretch] - fig2dev <no-dsa> (Minor issue)
        - transfig <removed>
        NOTE: https://sourceforge.net/p/mcj/tickets/78/
        NOTE: 
https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/
 (3.2.8)
@@ -78997,6 +78999,7 @@ CVE-2020-18898 (A stack exhaustion issue in the 
printIFDStructure function of Ex
        NOTE: Negligible security impact, issue in debugging only function
 CVE-2020-18897 (An use-after-free vulnerability in the 
libpff_item_tree_create_node fu ...)
        - libpff 20180714-1
+       [stretch] - libpff <no-dsa> (Minor issue)
        NOTE: https://github.com/libyal/libpff/issues/61
        NOTE: https://github.com/libyal/libpff/issues/62
        NOTE: 
https://github.com/libyal/libpff/commit/effae88adfc9def45be0bb7ff27d20ce133d8c7c



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fab4f11d4fd80a6b3209725d385a9f3c8297f953...2d3599e833774a5d86c0802b05716e8489e29379

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fab4f11d4fd80a6b3209725d385a9f3c8297f953...2d3599e833774a5d86c0802b05716e8489e29379
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to