bullseye triage

Moritz Muehlenhoff (@jmm) Tue, 12 Oct 2021 10:21:58 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
81bd3a7b by Moritz Muehlenhoff at 2021-10-12T19:21:35+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1832,16 +1832,22 @@ CVE-2021-41460
        RESERVED
 CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at 
src/filters/dmx_n ...)
        - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       [stretch] - gpac <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/gpac/gpac/issues/1912
        NOTE: Fixed by: 
https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339
 CVE-2021-41458
        RESERVED
 CVE-2021-41457 (There is a stack buffer overflow in MP4Box 1.1.0 at 
src/filters/dmx_nh ...)
        - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       [stretch] - gpac <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/gpac/gpac/issues/1909
        NOTE: Fixed by: 
https://github.com/gpac/gpac/commit/ae2828284f2fc0381548aaa991958f1eb9b90619
 CVE-2021-41456 (There is a stack buffer overflow in MP4Box v1.0.1 at 
src/filters/dmx_n ...)
        - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       [stretch] - gpac <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/gpac/gpac/issues/1911
        NOTE: Fixed by: 
https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e
 CVE-2021-41455
@@ -10912,6 +10918,8 @@ CVE-2021-37619 (Exiv2 is a command-line utility and C++ 
library for reading, wri
        NOTE: https://github.com/Exiv2/exiv2/pull/1752
 CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, 
writing,  ...)
        - exiv2 <unfixed>
+       [bullseye] - exiv2 <ignored> (Minor issue)
+       [buster] - exiv2 <ignored> (Minor issue)
        NOTE: 
https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2
        NOTE: https://github.com/Exiv2/exiv2/pull/1759
 CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files 
from Nextc ...)
@@ -10919,10 +10927,14 @@ CVE-2021-37617 (The Nextcloud Desktop Client is a 
tool to synchronize files from
        NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v
 CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, 
writing,  ...)
        - exiv2 <unfixed>
+       [bullseye] - exiv2 <ignored> (Minor issue)
+       [buster] - exiv2 <ignored> (Minor issue)
        NOTE: 
https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w
        NOTE: https://github.com/Exiv2/exiv2/pull/1758
 CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading, 
writing,  ...)
        - exiv2 <unfixed>
+       [bullseye] - exiv2 <ignored> (Minor issue)
+       [buster] - exiv2 <ignored> (Minor issue)
        NOTE: 
https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w
        NOTE: https://github.com/Exiv2/exiv2/pull/1758
 CVE-2021-37614 (In certain Progress MOVEit Transfer versions before 2021.0.3 
(aka 13.0 ...)
@@ -64489,6 +64501,8 @@ CVE-2020-28283 (Prototype pollution vulnerability in 
'libnested' versions 0.0.0
        NOT-FOR-US: libnested
 CVE-2020-28282 (Prototype pollution vulnerability in 'getobject' version 0.1.0 
allows  ...)
        - node-getobject 1.0.2-1
+       [bullseye] - node-getobject <no-dsa> (Minor issue)
+       [buster] - node-getobject <no-dsa> (Minor issue)
        NOTE: 
https://github.com/cowboy/node-getobject/commit/84071748fa407caa8f824e0d0b9c1cde9ec56633
 (v1.0.0)
 CVE-2020-28281 (Prototype pollution vulnerability in 'set-object-value' 
versions 0.0.0 ...)
        NOT-FOR-US: react-atomic-organism
@@ -79956,6 +79970,7 @@ CVE-2020-21913 (International Components for Unicode 
(ICU-20850) v66.1 was disco
        - icu 67.1-2
        NOTE: https://github.com/unicode-org/icu/pull/886
        NOTE: https://unicode-org.atlassian.net/browse/ICU-20850
+       NOTE: 
https://github.com/unicode-org/icu/commit/727505bddab0bfd527f1db6697cb4d4f7febe4a9
 CVE-2020-21912
        RESERVED
 CVE-2020-21911



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81bd3a7b208689200f963c1d74491c6bc585584d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81bd3a7b208689200f963c1d74491c6bc585584d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Reply via email to