Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
25783288 by Moritz Muehlenhoff at 2022-03-28T16:16:35+02:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3159,6 +3159,8 @@ CVE-2021-46708 (The swagger-ui-dist package before 4.1.3
for Node.js could allow
- swagger-ui <itp> (bug #895422)
CVE-2020-36518 (jackson-databind before 2.13.0 allows a Java StackOverflow
exception a ...)
- jackson-databind <unfixed> (bug #1007109)
+ [bullseye] - jackson-databind <no-dsa> (Minor issue)
+ [buster] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2816
CVE-2018-25031 (Swagger UI before 4.1.3 could allow a remote attacker to
conduct spoof ...)
- node-swagger-ui <itp> (bug #871461)
@@ -67725,20 +67727,23 @@ CVE-2021-28280 (CSRF + Cross-site scripting (XSS)
vulnerability in search.php in
CVE-2021-28279
RESERVED
CVE-2021-28278 (A Heap-based Buffer Overflow vulnerability exists in jhead
3.04 and 3. ...)
- - jhead 1:3.06.0.1-2
+ - jhead 1:3.06.0.1-2 (unimportant)
NOTE:
https://github.com/Matthias-Wandel/jhead/commit/a50953a266583981b51a181c2fce73dad2ac5d7d
(3.06.0.1)
NOTE: https://github.com/Matthias-Wandel/jhead/issues/15
+ NOTE: Crash in CLI tool, no security impact
CVE-2021-28277 (A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04
and 3.0 ...)
- - jhead 1:3.06.0.1-2
+ - jhead 1:3.06.0.1-2 (unimportant)
NOTE:
https://github.com/Matthias-Wandel/jhead/commit/b8d78e5ec982e86cdd70ebfc1ebbb2273c982eea
(3.06.0.1)
NOTE: https://github.com/Matthias-Wandel/jhead/issues/16
+ NOTE: Crash in CLI tool, no security impact
CVE-2021-28276 (A Denial of Service vulnerability exists in jhead 3.04 and
3.05 via a ...)
TODO: check CVE reference, probably invalid report or old version.
NOTE: https://github.com/Matthias-Wandel/jhead/issues/26
CVE-2021-28275 (A Denial of Service vulnerability exists in jhead 3.04 and
3.05 due to ...)
- - jhead 1:3.06.0.1-2
+ - jhead 1:3.06.0.1-2 (unimportant)
NOTE:
https://github.com/Matthias-Wandel/jhead/commit/a50953a266583981b51a181c2fce73dad2ac5d7d
(3.06.0.1)
NOTE: https://github.com/Matthias-Wandel/jhead/issues/17
+ NOTE: Crash in CLI tool, no security impact
CVE-2021-28274
RESERVED
CVE-2021-28273
@@ -79818,13 +79823,14 @@ CVE-2021-23336 (The package python/cpython from 0 and
before 3.6.13, from 3.7.0
- python-django 2:2.2.19-1 (bug #983090)
[buster] - python-django <no-dsa> (Minor issue; can be fixed via point
release)
- python3.9 3.9.2-1
+ [buster] - python3.9 <ignored> (Will break existing applications, don't
backport to released suites)
- python3.8 <removed>
- python3.7 <removed>
- [buster] - python3.7 <no-dsa> (Minor issue)
+ [buster] - python3.7 <ignored> (Will break existing applications, don't
backport to released suites)
- python3.5 <removed>
- python2.7 <unfixed>
[bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by
security support)
- [buster] - python2.7 <no-dsa> (Minor issue)
+ [buster] - python2.7 <ignored> (Will break existing applications, don't
backport to released suites)
- pypy3 7.3.3+dfsg-3
[buster] - pypy3 <no-dsa> (Minor issue)
NOTE: https://github.com/python/cpython/pull/24297
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/257832880b1dae25b2c24adea9ae1c728cb8a9c2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/257832880b1dae25b2c24adea9ae1c728cb8a9c2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
