[Git][security-tracker-team/security-tracker][master] Mark some bluez issues as no-dsa

Fri, 17 Dec 2021 00:11:55 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
608ef978 by Salvatore Bonaccorso at 2021-12-17T09:11:29+01:00
Mark some bluez issues as no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5874,6 +5874,8 @@ CVE-2021-3929 [nvme: DMA reentrancy issue leads to 
use-after-free]
        NOTE: Proposed patchset: 
https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html
 CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A 
use-after- ...)
        - bluez <unfixed> (bug #998626)
+       [bullseye] - bluez <no-dsa> (Minor issue; can be fixed in point release)
+       [buster] - bluez <no-dsa> (Minor issue; can be fixed in point release)
        [stretch] - bluez <ignored> (invasive patch, requires post-stretch 
revamps)
        NOTE: Introduced by: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=93b64d9ca8a2bb663e37904d4b2c702c58a36e4f
 (5.40)
        NOTE: Fixed by: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8
 (5.62)
@@ -180469,11 +180471,13 @@ CVE-2019-8923 (XAMPP through 5.6.8 and previous 
allows SQL injection via the cds
 CVE-2019-8922 (A heap-based buffer overflow was discovered in bluetoothd in 
BlueZ thr ...)
        {DLA-2827-1}
        - bluez 5.54-1
+       [buster] - bluez <no-dsa> (Minor issue)
        NOTE: 
https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/
        NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6c7243fb6ab90b7b855cead98c66394fedea135f
 (5.51)
 CVE-2019-8921 (An issue was discovered in bluetoothd in BlueZ through 5.48. 
The vulne ...)
        {DLA-2827-1}
        - bluez 5.54-1
+       [buster] - bluez <no-dsa> (Minor issue)
        NOTE: 
https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/
        NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7bf67b32709d828fafa26256b4c78331760c6e93
 (5.51)
 CVE-2019-8920 (iart.php in XAMPP 1.7.0 has XSS, a related issue to 
CVE-2008-3569. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/608ef97858258cc4a1eaa7425aaf00fdf3420866

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/608ef97858258cc4a1eaa7425aaf00fdf3420866
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to