[Git][security-tracker-team/security-tracker][master] 6 commits: mark CVE-2020-16154 as no-dsa for Stretch

Thorsten Alteholz (@alteholz) Thu, 25 Nov 2021 14:35:50 -0800


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3efbfb89 by Thorsten Alteholz at 2021-11-25T23:23:50+01:00
mark CVE-2020-16154 as no-dsa for Stretch

- - - - -
2722ec12 by Thorsten Alteholz at 2021-11-25T23:25:10+01:00
mark CVE-2020-16154 as no-dsa for Stretch

- - - - -
fd44970d by Thorsten Alteholz at 2021-11-25T23:25:43+01:00
mark CVE-2020-16156 as no-dsa for Stretch

- - - - -
4dde7d42 by Thorsten Alteholz at 2021-11-25T23:31:12+01:00
mark CVE-2021-43398 as no-dsa for Stretch

- - - - -
e8404b05 by Thorsten Alteholz at 2021-11-25T23:32:26+01:00
mark CVE-2021-37592 as no-dsa for Stretch

- - - - -
f0583f19 by Thorsten Alteholz at 2021-11-25T23:34:21+01:00
mark CVE-2021-44223 as no-dsa for Stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,6 +4,7 @@ CVE-2021-44223 (WordPress before 5.8 lacks support for the 
Update URI plugin hea
        - wordpress 5.8.1+dfsg1-1
        [bullseye] - wordpress <no-dsa> (Minor issue; workarounds/mitigation 
for older versions can be implemented)
        [buster] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for 
older versions can be implemented)
+       [stretch] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for 
older versions can be implemented)
        NOTE: WordPress 5.8 introduces a new "Update URI" plugin header. 
Further mitigation
        NOTE: options documented in:
        NOTE: 
https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/
@@ -3012,6 +3013,7 @@ CVE-2021-43398 (Crypto++ (aka Cryptopp) 8.6.0 and earlier 
contains a timing leak
        - libcrypto++ <unfixed> (bug #1000227)
        [bullseye] - libcrypto++ <no-dsa> (Minor issue)
        [buster] - libcrypto++ <no-dsa> (Minor issue)
+       [stretch] - libcrypto++ <no-dsa> (Minor issue)
        NOTE: https://github.com/weidai11/cryptopp/issues/1080
 CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate 
their priv ...)
        NOT-FOR-US: LiquidFiles
@@ -19222,6 +19224,7 @@ CVE-2021-37592 (Suricata before 5.0.8 and 6.x before 
6.0.4 allows TCP evasion vi
        - suricata 1:6.0.4-1
        [bullseye] - suricata <no-dsa> (Minor issue)
        [buster] - suricata <no-dsa> (Minor issue)
+       [stretch] - suricata <no-dsa> (Minor issue)
        NOTE: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942
        NOTE: https://redmine.openinfosecfoundation.org/issues/4569 (not public)
 CVE-2021-37591
@@ -100677,6 +100680,7 @@ CVE-2020-16156 [Signature Verification Bypass]
        - perl <unfixed>
        [bullseye] - perl <no-dsa> (Minor issue)
        [buster] - perl <no-dsa> (Minor issue)
+       [stretch] - perl <no-dsa> (Minor issue)
        NOTE: 
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
        NOTE: 
http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
 CVE-2020-16155 [does not uniquely define signed data]
@@ -100684,6 +100688,7 @@ CVE-2020-16155 [does not uniquely define signed data]
        - libcpan-checksums-perl <unfixed>
        [bullseye] - libcpan-checksums-perl <no-dsa> (Minor issue)
        [buster] - libcpan-checksums-perl <no-dsa> (Minor issue)
+       [stretch] - libcpan-checksums-perl <no-dsa> (Minor issue)
        NOTE: 
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
        NOTE: 
http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
 CVE-2020-16154 [Signature Verification Bypass]
@@ -100691,6 +100696,7 @@ CVE-2020-16154 [Signature Verification Bypass]
        - cpanminus <unfixed>
        [bullseye] - cpanminus <no-dsa> (Minor issue)
        [buster] - cpanminus <no-dsa> (Minor issue)
+       [stretch] - cpanminus <no-dsa> (Minor issue)
        NOTE: 
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
        NOTE: 
http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
 CVE-2020-16153



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1fe330570bc100033f56bceadbde43e54b0c50d0...f0583f1979575e6e253c07fed80f920611d8574a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1fe330570bc100033f56bceadbde43e54b0c50d0...f0583f1979575e6e253c07fed80f920611d8574a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 6 commits: mark CVE-2020-16154 as no-dsa for Stretch

Reply via email to