Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: d20ab257 by Thorsten Alteholz at 2021-09-23T11:05:48+02:00 mark CVE-2021-3711 as not-affected for Stretch - - - - - ed422429 by Thorsten Alteholz at 2021-09-23T11:39:38+02:00 mark CVE-2021-38575 as no-dsa for Stretch - - - - - ef8b13bb by Thorsten Alteholz at 2021-09-23T11:40:55+02:00 mark CVE-2021-32280 as no-dsa for Stretch - - - - - e4dba6cd by Thorsten Alteholz at 2021-09-23T11:42:16+02:00 mark CVE-2021-40812 as no-dsa for Stretch - - - - - 47cc2611 by Thorsten Alteholz at 2021-09-23T11:44:44+02:00 mark CVE-2021-3805 as no-dsa for Stretch - - - - - 6aa32b6a by Thorsten Alteholz at 2021-09-23T11:45:29+02:00 mark CVE-2021-23440 as no-dsa for Stretch - - - - - 7f31d374 by Thorsten Alteholz at 2021-09-23T11:50:12+02:00 mark CVE-2021-3807 as not-affected for Stretch - - - - - 6e88e4b7 by Thorsten Alteholz at 2021-09-23T11:51:42+02:00 mark CVE-2021-40839 as no-dsa for Stretch - - - - - 84036693 by Thorsten Alteholz at 2021-09-23T11:53:35+02:00 mark CVE-2021-39214 as no-dsa for Stretch - - - - - f6bebaed by Thorsten Alteholz at 2021-09-23T11:55:10+02:00 mark CVE-2021-32294 as postponed for Stretch - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -575,6 +575,7 @@ CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Comple - node-ansi-regex 5.0.1-1 (bug #994568) [bullseye] - node-ansi-regex <no-dsa> (Minor issue) [buster] - node-ansi-regex <no-dsa> (Minor issue) + [stretch] - node-ansi-regex <not-affected> (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 NOTE: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 (v6.0.1) CVE-2021-3806 (A path traversal vulnerability on Pardus Software Center's "extractArc ...) @@ -583,6 +584,7 @@ CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification o - node-object-path 0.11.8-1 [bullseye] - node-object-path <no-dsa> (Minor issue) [buster] - node-object-path <no-dsa> (Minor issue) + [stretch] - node-object-path <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053 NOTE: https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6 CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...) @@ -1572,6 +1574,7 @@ CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite - python-rencode 1.0.6-2 [bullseye] - python-rencode <no-dsa> (Minor issue) [buster] - python-rencode <no-dsa> (Minor issue) + [stretch] - python-rencode <no-dsa> (Minor issue) NOTE: https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75 NOTE: https://github.com/aresch/rencode/pull/29 CVE-2021-40838 @@ -1665,6 +1668,7 @@ CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of- - libgd2 <unfixed> [bullseye] - libgd2 <no-dsa> (Minor issue) [buster] - libgd2 <no-dsa> (Minor issue) + [stretch] - libgd2 <no-dsa> (Minor issue) NOTE: https://github.com/libgd/libgd/issues/750#issuecomment-914872385 NOTE: https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9 CVE-2021-40811 @@ -5410,6 +5414,7 @@ CVE-2021-39214 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. - mitmproxy <unfixed> (bug #994570) [bullseye] - mitmproxy <no-dsa> (Minor issue) [buster] - mitmproxy <no-dsa> (Minor issue) + [stretch] - mitmproxy <no-dsa> (Minor issue) NOTE: https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38 CVE-2021-39213 (GLPI is a free Asset and IT management software package. Starting in v ...) - glpi <removed> (unimportant) @@ -6199,6 +6204,7 @@ CVE-2021-3712 (ASN.1 strings are represented internally within OpenSSL as an ASN CVE-2021-3711 (In order to decrypt SM2 encrypted data an application is expected to c ...) {DSA-4963-1} - openssl 1.1.1l-1 + [stretch] - openssl <not-affected> (supprt for SM2 decryption added in 1.1.1-pre3) - openssl1.0 <not-affected> (Vulnerability does not affect 1.0.2 series) NOTE: https://www.openssl.org/news/secadv/20210824.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46 (OpenSSL_1_1_1l) @@ -6820,6 +6826,7 @@ CVE-2021-38575 [edk2: remote buffer overflow in IScsiHexToBin function in Networ - edk2 2021.08-1 [bullseye] - edk2 <no-dsa> (Minor issue) [buster] - edk2 <no-dsa> (Minor issue) + [stretch] - edk2 <no-dsa> (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 NOTE: https://edk2.groups.io/g/devel/message/76198 NOTE: https://github.com/tianocore/edk2/pull/1698 @@ -21645,6 +21652,7 @@ CVE-2021-32294 (An issue was discovered in libgig through 20200507. A heap-buffe - libgig <unfixed> [bullseye] - libgig <ignored> (Minor issue) [buster] - libgig <ignored> (Minor issue) + [stretch] - libgig <postponed> (Minor issue, revisit when/if fixed upstream) NOTE: https://github.com/drbye78/libgig/issues/1 CVE-2021-32293 RESERVED @@ -21678,6 +21686,7 @@ CVE-2021-32281 (An issue was discovered in gravity through 0.8.1. A heap-buffer- CVE-2021-32280 (An issue was discovered in fig2dev through 20200520. A NULL pointer de ...) - fig2dev 1:3.2.7b-5 (bug #960736) [buster] - fig2dev <no-dsa> (Minor issue) + [stretch] - fig2dev <no-dsa> (Minor issue) - transfig <removed> NOTE: https://sourceforge.net/p/mcj/tickets/107/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec991/ @@ -43634,6 +43643,7 @@ CVE-2021-23440 (This affects the package set-value before 4.0.1. A type confusio - node-set-value 3.0.1-3 (bug #994448) [bullseye] - node-set-value <no-dsa> (Minor issue) [buster] - node-set-value <no-dsa> (Minor issue) + [stretch] - node-set-value <no-dsa> (Minor issue) NOTE: https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452 (v4.0.1) NOTE: https://github.com/jonschlinkert/set-value/pull/33/commits/383b72d47c74a55ae8b6e231da548f9280a4296a NOTE: https://github.com/jonschlinkert/set-value/pull/33 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1561d719b09cd8ddc265547a1b892bcf241852c8...f6bebaed5a2110aad777d88e5f110c6f7bce1b44 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1561d719b09cd8ddc265547a1b892bcf241852c8...f6bebaed5a2110aad777d88e5f110c6f7bce1b44 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits