Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
981723ad by Thorsten Alteholz at 2021-12-18T00:38:19+01:00
mark CVE-2021-42550 as no-dsa for Stretch
- - - - -
d47e3069 by Thorsten Alteholz at 2021-12-18T00:46:37+01:00
mark CVE-2021-44856 as postponed for Stretch
- - - - -
2c3fdfe9 by Thorsten Alteholz at 2021-12-18T00:47:52+01:00
mark CVE-2021-42574 as no-dsa for Stretch
- - - - -
1e9253c3 by Thorsten Alteholz at 2021-12-18T00:51:57+01:00
mark CVE-2021-45098 as no-dsa for Stretch
- - - - -
0d0c7c6d by Thorsten Alteholz at 2021-12-18T00:59:58+01:00
mark CVE-2021-4110 as postponed for Stretch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -67,6 +67,7 @@ CVE-2021-45098 (An issue was discovered in Suricata before
6.0.4. It is possible
- suricata 1:6.0.4-1
[bullseye] - suricata <no-dsa> (Minor issue)
[buster] - suricata <no-dsa> (Minor issue)
+ [stretch] - suricata <no-dsa> (Minor issue)
NOTE: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942
NOTE:
https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df
NOTE: https://redmine.openinfosecfoundation.org/issues/4710
@@ -119,6 +120,7 @@ CVE-2021-42550 [JNDI vunerability]
- logback 1:1.2.8-1
[bullseye] - logback <no-dsa> (Minor issue)
[buster] - logback <no-dsa> (Minor issue)
+ [stretch] - logback <no-dsa> (Minor issue)
NOTE: https://jira.qos.ch/browse/LOGBACK-1591
NOTE:
https://github.com/qos-ch/logback/commit/21d772f2bc2ed780b01b4fe108df7e29707763f1
(v_1.2.8)
CVE-2021-44771
@@ -449,6 +451,7 @@ CVE-2021-45041
RESERVED
CVE-2021-4110 (mruby is vulnerable to NULL Pointer Dereference ...)
- mruby <unfixed> (bug #1001768)
+ [stretch] - mruby <postponed> (revisit when/if fix is complete)
NOTE: https://huntr.dev/bounties/4ce5dc47-2512-4c87-8609-453adc8cad20
NOTE:
https://github.com/mruby/mruby/commit/f5e10c5a79a17939af763b1dcf5232ce47e24a34
CVE-2021-4109
@@ -847,6 +850,7 @@ CVE-2021-44856 [Title blocked in AbuseFilter can be created
via Special:ChangeCo
- mediawiki 1:1.35.5-1
[bullseye] - mediawiki <postponed> (Minor issue)
[buster] - mediawiki <postponed> (Minor issue)
+ [stretch] - mediawiki <postponed> (Minor issue)
NOTE: https://phabricator.wikimedia.org/T271037
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44855 [Blind Stored XSS in VisualEditor media dialog]
@@ -8801,6 +8805,7 @@ CVE-2021-42574 (An issue was discovered in the
Bidirectional Algorithm in the Un
- rustc <unfixed>
[bullseye] - rustc <no-dsa> (Minor issue)
[buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/11/01/1
NOTE:
https://github.com/rust-lang/rust/commit/dd61274930ec0cd17711fab52d2bc9ad3e9053de
(1.56.1)
CVE-2021-42573
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6fe0ae1ad63b6660f6ce65cc888e58a1a29bb35c...0d0c7c6df117f9f2e56ee8e0da146ad36460f68f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6fe0ae1ad63b6660f6ce65cc888e58a1a29bb35c...0d0c7c6df117f9f2e56ee8e0da146ad36460f68f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
