bullseye triage

Moritz Muehlenhoff (@jmm) Tue, 14 Sep 2021 12:24:34 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c37af92c by Moritz Muehlenhoff at 2021-09-14T21:24:11+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5299,6 +5299,8 @@ CVE-2021-38715
        RESERVED
 CVE-2021-38714 (In Plib through 1.85, there is an integer overflow 
vulnerability that  ...)
        - plib <unfixed> (bug #992973)
+       [bullseye] - plib <no-dsa> (Minor issue)
+       [buster] - plib <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/plib/bugs/55/
 CVE-2021-38713 (imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. ...)
        NOT-FOR-US: imgURL
@@ -5621,6 +5623,8 @@ CVE-2021-38576
 CVE-2021-38575 [edk2: remote buffer overflow in IScsiHexToBin function in 
NetworkPkg/IScsiDxe]
        RESERVED
        - edk2 2021.08-1
+       [bullseye] - edk2 <no-dsa> (Minor issue)
+       [buster] - edk2 <no-dsa> (Minor issue)
        NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
        NOTE: https://edk2.groups.io/g/devel/message/76198
        NOTE: https://github.com/tianocore/edk2/pull/1698
@@ -30742,6 +30746,8 @@ CVE-2021-3436
        RESERVED
 CVE-2021-28216 (BootPerformanceTable pointer is read from an NVRAM variable in 
PEI. Re ...)
        - edk2 <unfixed>
+       [bullseye] - edk2 <no-dsa> (Minor issue)
+       [buster] - edk2 <no-dsa> (Minor issue)
        [stretch] - edk2 <no-dsa> (Minor issue)
        NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2957
 CVE-2021-28215
@@ -45752,8 +45758,11 @@ CVE-2021-21898
        RESERVED
 CVE-2021-21897 (A code execution vulnerability exists in the 
DL_Dxf::handleLWPolylineD ...)
        - dxflib <unfixed>
+       [bullseye] - dxflib <no-dsa> (Minor issue)
+       [buster] - dxflib <no-dsa> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1346
        TODO: check, horizon-eda, cloudcompare, kicad embedds it, but needs to 
check if actually used and issue affects those
+       NOTE: 
https://github.com/qcad/qcad/commit/1eeffc5daf5a06cf6213ffc19e95923cdebb2eb8
 CVE-2021-21896
        RESERVED
 CVE-2021-21895
@@ -82595,10 +82604,14 @@ CVE-2020-18973
        RESERVED
 CVE-2020-18972 (Exposure of Sensitive Information to an Unauthorized Actor in 
PoDoFo v ...)
        - libpodofo <unfixed>
+       [bullseye] - libpodofo <no-dsa> (Minor issue)
+       [buster] - libpodofo <no-dsa> (Minor issue)
        [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next 
update)
        NOTE: https://sourceforge.net/p/podofo/tickets/49/
 CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers 
to cause ...)
        - libpodofo <unfixed>
+       [bullseye] - libpodofo <no-dsa> (Minor issue)
+       [buster] - libpodofo <no-dsa> (Minor issue)
        [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next 
update)
        NOTE: https://sourceforge.net/p/podofo/tickets/48/
 CVE-2020-18970



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c37af92c7597f53bc7491150511ffbb42fbae2cf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c37af92c7597f53bc7491150511ffbb42fbae2cf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Reply via email to