Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
963074a1 by Moritz Muehlenhoff at 2022-02-16T12:36:55+01:00
buster/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -21445,6 +21445,8 @@ CVE-2021-3904 (grav is vulnerable to Improper
Neutralization of Input During Web
NOT-FOR-US: Grav CMS
CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.3565-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
NOTE:
https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
@@ -33471,6 +33473,8 @@ CVE-2021-3701
CVE-2021-3700
RESERVED
- usbredir 0.11.0-1
+ [bullseye] - usbredir <no-dsa> (Minor issue)
+ [buster] - usbredir <no-dsa> (Minor issue)
NOTE:
https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba75120e00ebebbf1d5a1f7220ab
(usbredir-0.11.0)
CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4
before 4.4. ...)
- request-tracker5 <unfixed> (bug #995167)
@@ -43286,10 +43290,9 @@ CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway
<= 3.0.8 a vulnerabilit
NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
CVE-2021-3596 [NULL pointer dereference in ReadSVGImage() in coders/svg.c]
RESERVED
- - imagemagick <undetermined>
+ - imagemagick <not-affected> (Specific to IM7)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/2624
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/43dfb1894761c4929d5d5c98dc80ba4e59a0d114
- TODO: check if affects Imagemagick6
CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP
network ...)
{DLA-2753-1}
- libslirp 4.6.1-1 (bug #989996)
@@ -43866,11 +43869,15 @@ CVE-2021-34336
RESERVED
CVE-2021-34335 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- exiv2 0.27.5-1 (bug #992707)
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984
NOTE: https://github.com/Exiv2/exiv2/pull/1750
CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- exiv2 0.27.5-1 (bug #992706)
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p
NOTE: https://github.com/Exiv2/exiv2/pull/1766
@@ -47534,6 +47541,8 @@ CVE-2021-32816 (ProtonMail Web Client is the official
AngularJS web client for t
NOT-FOR-US: ProtonMail Web Client
CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- exiv2 0.27.5-1 (bug #992705)
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m
NOTE: https://github.com/Exiv2/exiv2/pull/1739
=====================================
data/dsa-needed.txt
=====================================
@@ -18,8 +18,12 @@ chromium
--
condor
--
+expat
+--
faad2/oldstable (jmm)
--
+freecad (aron)
+--
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v4.19.y versions.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/963074a13a6f07f735753e249b795c83c79b8e18
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/963074a13a6f07f735753e249b795c83c79b8e18
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
