Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
34691df1 by Moritz Muehlenhoff at 2021-09-29T17:31:30+02:00
buster/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -7779,6 +7779,8 @@ CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle
attackers can create new f
- trojita <itp> (bug #795701)
CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response
injection ...)
- exim4 <unfixed> (bug #992172)
+ [bullseye] - exim4 <no-dsa> (Minor issue)
+ [buster] - exim4 <no-dsa> (Minor issue)
[stretch] - exim4 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://nostarttls.secvuln.info
NOTE: https://www.exim.org/static/doc/security/CVE-2021-38371.txt
@@ -10675,6 +10677,8 @@ CVE-2021-37147
RESERVED
CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in
ROS Melodi ...)
- ros-ros-comm <unfixed>
+ [bullseye] - ros-ros-comm <no-dsa> (Minor issue)
+ [buster] - ros-ros-comm <no-dsa> (Minor issue)
NOTE:
https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446
NOTE:
https://discourse.ros.org/t/new-packages-for-noetic-2021-09-27/22447
NOTE: https://github.com/ros/ros_comm/pull/2185
@@ -79412,12 +79416,14 @@ CVE-2020-21533 (fig2dev 3.2.7b contains a stack
buffer overflow in the read_text
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/
(3.2.8)
CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the
setfigfont fun ...)
- fig2dev 1:3.2.8-1
+ [buster] - fig2dev <no-dsa> (Minor issue)
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/64/
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/421afa17d8cb8dafcaf3e6044a70790fa4fe307b/
(3.2.8)
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/00cdedac7a0b029846dee891769a1e77df83a01b/
(3.2.8)
CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the
conv_pattern_i ...)
- fig2dev 1:3.2.8-1
+ [buster] - fig2dev <no-dsa> (Minor issue)
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/63/
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/2f8d1ae9763dcdc99b88a2b14849fe37174bcd69/
(3.2.8)
@@ -79429,6 +79435,7 @@ CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation
fault in the read_objects
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/
(3.2.8)
CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the
bezier_spline f ...)
- fig2dev 1:3.2.8-1
+ [buster] - fig2dev <no-dsa> (Minor issue)
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/65/
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/
(3.2.8)
=====================================
data/dsa-needed.txt
=====================================
@@ -12,8 +12,7 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
--
-apache2
- Yadd prepared update for bullseye-security, ping about buster?
+apache2 (jmm)
--
asterisk
Maintainer prepared update for bullseye, needs ping for buster
@@ -24,6 +23,8 @@ chromium
--
djvulibre
--
+faad2/oldstable (jmm)
+--
ffmpeg/oldstable (jmm)
4.1.7 fixes a number of bugs, but several further one in the 4.1 branch,
reaching out for a 4.1.8 release date
--
@@ -41,6 +42,8 @@ puppetdb (jmm)
--
python-pysaml2 (jmm)
--
+qemu (jmm)
+--
rabbitmq-server
--
runc
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34691df1b8de64e330652517d3e3cf552d2f1368
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34691df1b8de64e330652517d3e3cf552d2f1368
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
