[Git][security-tracker-team/security-tracker][master] libsolv no-dsa

Wed, 22 Sep 2021 01:40:26 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6b112cb6 by Moritz Muehlenhoff at 2021-09-22T10:40:01+02:00
libsolv no-dsa
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17457,9 +17457,9 @@ CVE-2021-33939
        RESERVED
 CVE-2021-33938 (Buffer overflow vulnerability in function prune_to_recommended 
in src/ ...)
        - libsolv 0.7.17-1
+       [buster] - libsolv <no-dsa> (Minor issue)
        NOTE: https://github.com/openSUSE/libsolv/issues/420
        NOTE: 
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
 (0.7.17)
-       TODO: check, completeness
 CVE-2021-33937
        RESERVED
 CVE-2021-33936
@@ -17476,19 +17476,19 @@ CVE-2021-33931
        RESERVED
 CVE-2021-33930 (Buffer overflow vulnerability in function 
pool_installable_whatprovide ...)
        - libsolv 0.7.17-1
+       [buster] - libsolv <no-dsa> (Minor issue)
        NOTE: https://github.com/openSUSE/libsolv/issues/417
        NOTE: 
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
 (0.7.17)
-       TODO: check, completeness
 CVE-2021-33929 (Buffer overflow vulnerability in function 
pool_disabled_solvable in sr ...)
        - libsolv 0.7.17-1
+       [buster] - libsolv <no-dsa> (Minor issue)
        NOTE: https://github.com/openSUSE/libsolv/issues/417
        NOTE: 
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
 (0.7.17)
-       TODO: check, completeness
 CVE-2021-33928 (Buffer overflow vulnerability in function pool_installable in 
src/repo ...)
        - libsolv 0.7.17-1
+       [buster] - libsolv <no-dsa> (Minor issue)
        NOTE: https://github.com/openSUSE/libsolv/issues/417
        NOTE: 
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
 (0.7.17)
-       TODO: check, completeness
 CVE-2021-33927
        RESERVED
 CVE-2021-33926
@@ -22924,7 +22924,7 @@ CVE-2021-31821
 CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server 
Web Req ...)
        NOT-FOR-US: Octopus Server
 CVE-2021-31819 (In Halibut versions prior to 4.4.7 there is a deserialisation 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Octopus
 CVE-2021-31818 (Affected versions of Octopus Server are prone to an 
authenticated SQL  ...)
        NOT-FOR-US: Octopus Server
 CVE-2021-31817 (When configuring Octopus Server if it is configured with an 
external S ...)
@@ -36634,7 +36634,7 @@ CVE-2021-26335
 CVE-2021-26334
        RESERVED
 CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform 
Securit ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2021-26332
        RESERVED
 CVE-2021-26331
@@ -43562,9 +43562,9 @@ CVE-2021-23446
 CVE-2021-23445
        RESERVED
 CVE-2021-23444 (This affects the package jointjs before 3.4.2. A type 
confusion vulner ...)
-       TODO: check
+       NOT-FOR-US: Node jointjs
 CVE-2021-23443 (This affects the package edge.js before 5.3.2. A type 
confusion vulner ...)
-       TODO: check
+       NOT-FOR-US: Node edge.js
 CVE-2021-23442 (This affects all versions of package @cookiex/deep. The global 
proto o ...)
        NOT-FOR-US: Node @cookiex/deep
 CVE-2021-23441 (All versions of package com.jsoniter:jsoniter are vulnerable 
to Deseri ...)
@@ -61187,7 +61187,7 @@ CVE-2021-0871
 CVE-2021-0870
        RESERVED
 CVE-2021-0869 (In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a 
possible out  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-0868
        RESERVED
 CVE-2021-0867
@@ -67893,7 +67893,7 @@ CVE-2020-26303
 CVE-2020-26302
        RESERVED
 CVE-2020-26301 (ssh2 is client and server modules written in pure JavaScript 
for node. ...)
-       TODO: check
+       NOT-FOR-US: Node ssh2
 CVE-2020-26300 (systeminformation is an npm package that provides system and 
OS inform ...)
        NOT-FOR-US: Node systeminformation
 CVE-2020-26299 (ftp-srv is an open-source FTP server designed to be simple yet 
configu ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b112cb62d9144fb3452c50506a96edc971b903e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b112cb62d9144fb3452c50506a96edc971b903e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to