Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f219cb1e by Moritz Muehlenhoff at 2021-09-13T16:43:35+02:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -62,6 +62,8 @@ CVE-2021-40840
RESERVED
CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an
infinite loop i ...)
- python-rencode 1.0.6-2
+ [bullseye] - python-rencode <no-dsa> (Minor issue)
+ [buster] - python-rencode <no-dsa> (Minor issue)
NOTE:
https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75
NOTE: https://github.com/aresch/rencode/pull/29
CVE-2021-40838
@@ -5644,6 +5646,8 @@ CVE-2021-38371 (The STARTTLS feature in Exim through
4.94.2 allows response inje
NOTE: https://www.exim.org/static/doc/security/CVE-2021-38371.txt
CVE-2021-38370 (In Alpine through 2.24, untagged responses from an IMAP server
are acc ...)
- alpine <unfixed> (bug #992171)
+ [bullseye] - alpine <no-dsa> (Minor issue)
+ [buster] - alpine <no-dsa> (Minor issue)
[stretch] - alpine <postponed> (Minor issue, revisit when/if fixed
upstream)
NOTE: https://nostarttls.secvuln.info
CVE-2021-38369
@@ -8255,11 +8259,15 @@ CVE-2021-37233
CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley
20210124.204813 ...)
- atomicparsley <unfixed> (bug #993366)
- gtkpod <unfixed> (bug #993376)
+ [bullseye] - gtkpod <ignored> (Minor issue)
+ [buster] - gtkpod <ignored> (Minor issue)
NOTE:
https://github.com/wez/atomicparsley/commit/d72ccf06c98259d7261e0f3ac4fd8717778782c1
NOTE: https://github.com/wez/atomicparsley/issues/32
CVE-2021-37231 (A stack-buffer-overflow occurs in Atomicparsley
20210124.204813.840499 ...)
- atomicparsley <unfixed> (bug #993372)
- gtkpod <unfixed> (bug #993375)
+ [bullseye] - gtkpod <ignored> (Minor issue)
+ [buster] - gtkpod <ignored> (Minor issue)
NOTE: https://github.com/wez/atomicparsley/issues/30
NOTE: https://github.com/wez/atomicparsley/pull/31#issue-687280335
CVE-2021-37230
@@ -76476,6 +76484,8 @@ CVE-2020-21698
RESERVED
CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in
libavfo ...)
- ffmpeg 7:4.4-5
+ [bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8188
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6
CVE-2020-21696
@@ -76496,6 +76506,8 @@ CVE-2020-21689
RESERVED
CVE-2020-21688 (A heap-use-after-free in the av_freep function in
libavutil/mem.c of F ...)
- ffmpeg 7:4.4-5
+ [bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8186
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1
CVE-2020-21687
@@ -80447,9 +80459,10 @@ CVE-2020-19754
CVE-2020-19753
RESERVED
CVE-2020-19752 (The find_color_or_error function in gifsicle 1.92 contains a
NULL poin ...)
- - gifsicle 1.93-2
+ - gifsicle 1.93-2 (unimportant)
NOTE: https://github.com/kohler/gifsicle/issues/140
NOTE:
https://github.com/kohler/gifsicle/commit/eb9e083dcc0050996d79de2076ddc76011ad2f10
(v1.93)
+ NOTE: Crash in CLI tool, no security impact
CVE-2020-19751 (An issue was discovered in gpac 0.8.0. The
gf_odf_del_ipmp_tool functi ...)
- gpac 1.0.1+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f219cb1e0f56586bc0544b5bd6856a6c81976410
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f219cb1e0f56586bc0544b5bd6856a6c81976410
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
