Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
60357035 by Thorsten Alteholz at 2021-09-21T23:55:22+02:00
mark CVE-2021-41054 as postponed for Stretch
- - - - -
2a282ba5 by Thorsten Alteholz at 2021-09-22T00:02:00+02:00
mark CVE-2021-21897 as no-dsa for Stretch
- - - - -
34355851 by Thorsten Alteholz at 2021-09-22T00:03:28+02:00
Reserve DLA-2762-1 for grilo
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1439,6 +1439,7 @@ CVE-2021-41054 (tftpd_file.c in atftp through 0.7.4 has a
buffer overflow becaus
- atftp 0.7.git20210915-1
[bullseye] - atftp <no-dsa> (Minor issue; can be fixed via point
release)
[buster] - atftp <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - atftp <postponed> (Minor issue)
NOTE:
https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/
CVE-2021-3798 [Soft token does not check if an EC key is valid]
RESERVED
@@ -47079,6 +47080,7 @@ CVE-2021-21897 (A code execution vulnerability exists
in the DL_Dxf::handleLWPol
- dxflib 3.26.4-1
[bullseye] - dxflib <no-dsa> (Minor issue)
[buster] - dxflib <no-dsa> (Minor issue)
+ [stretch] - dxflib <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1346
NOTE:
https://github.com/qcad/qcad/commit/1eeffc5daf5a06cf6213ffc19e95923cdebb2eb8
TODO: check, horizon-eda, cloudcompare, kicad embedds it, but needs to
check if actually used and issue affects those
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Sep 2021] DLA-2762-1 grilo - security update
+ {CVE-2021-39365}
+ [stretch] - grilo 0.3.2-2+deb9u1
[18 Sep 2021] DLA-2761-1 openssl1.0 - security update
[stretch] - openssl1.0 1.0.2u-1~deb9u5
[18 Sep 2021] DLA-2760-1 nettle - security update
=====================================
data/dla-needed.txt
=====================================
@@ -35,10 +35,6 @@ firmware-nonfree
NOTE: 20210731: WIP:
https://salsa.debian.org/lts-team/packages/firmware-nonfree
NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding
possible "ignore" tag
--
-grilo (Thorsten Alteholz)
- NOTE: 20210825: ssl-use-system-ca-file is used in libsoup2.4 since version
2.38
- NOTE: 20210912: maintainer ok, testing package
---
jsoup (Markus Koschany)
--
krb5 (Adrian Bunk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e5674efb404a858ede15524c4b47d1d42eb8c86c...34355851496275fe6611f3d0134f99e758ed6735
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e5674efb404a858ede15524c4b47d1d42eb8c86c...34355851496275fe6611f3d0134f99e758ed6735
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
