Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b9c68257 by Thorsten Alteholz at 2021-08-30T00:08:03+02:00
mark CVE-2020-18976 as unfixed and unimportant for Stretch
- - - - -
0d127be8 by Thorsten Alteholz at 2021-08-30T00:11:44+02:00
add sssd
- - - - -
cf34b1a0 by Thorsten Alteholz at 2021-08-30T00:12:48+02:00
add btrbk
- - - - -
4af4a5c3 by Thorsten Alteholz at 2021-08-30T00:15:03+02:00
mark some CVEs of liblivemedia as no-dsa
- - - - -
b40db759 by Thorsten Alteholz at 2021-08-30T00:17:14+02:00
mark two CVEs of libpodofo as postponed for Stretch
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3893,14 +3893,17 @@ CVE-2021-38383 (OwnTone (aka owntone-server) through
28.1 has a use-after-free i
NOT-FOR-US: OwnTone
CVE-2021-38382 (Live555 through 1.08 does not handle Matroska and Ogg files
properly. ...)
- liblivemedia <removed>
+ [stretch] - liblivemedia <no-dsa> (Minor issue)
NOTE:
http://lists.live555.com/pipermail/live-devel/2021-August/021959.html
NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.06]
CVE-2021-38381 (Live555 through 1.08 does not handle MPEG-1 or 2 files
properly. Sendi ...)
- liblivemedia <removed>
+ [stretch] - liblivemedia <no-dsa> (Minor issue)
NOTE:
http://lists.live555.com/pipermail/live-devel/2021-August/021961.html
NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09]
CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3
stream, ...)
- liblivemedia <removed>
+ [stretch] - liblivemedia <no-dsa> (Minor issue)
NOTE:
http://lists.live555.com/pipermail/live-devel/2021-August/021954.html
NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04]
CVE-2021-38379
@@ -80163,7 +80166,9 @@ CVE-2020-18977
RESERVED
CVE-2020-18976 (Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause
a Denial ...)
- tcpreplay 4.3.3-1
+ [stretch] - tcpreplay <unfixed> (unimportant)
NOTE: https://github.com/appneta/tcpreplay/issues/556
+ NOTE: Crash in CLI tool, no security impact
CVE-2020-18975
RESERVED
CVE-2020-18974 (Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows
attackers ...)
@@ -80174,9 +80179,11 @@ CVE-2020-18973
RESERVED
CVE-2020-18972 (Exposure of Sensitive Information to an Unauthorized Actor in
PoDoFo v ...)
- libpodofo <unfixed>
+ [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://sourceforge.net/p/podofo/tickets/49/
CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers
to cause ...)
- libpodofo <unfixed>
+ [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://sourceforge.net/p/podofo/tickets/48/
CVE-2020-18970
RESERVED
=====================================
data/dla-needed.txt
=====================================
@@ -18,6 +18,8 @@ ansible
NOTE: 20210411: after that LTS. (apo)
NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
--
+btrbk (Thorsten Alteholz)
+--
cacti (Roberto C. Sánchez)
NOTE: 20210829: not really sure whether affected, please recheck
--
@@ -99,5 +101,7 @@ smarty3 (Abhijith PA)
--
squashfs-tools (Thorsten Alteholz)
--
+sssd
+--
wireshark (Adrian Bunk)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8f581df5eb6b841801b57aa2d50c0d092117ca51...b40db75908ece32c8416ada8e6d09f3d0e4fba96
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8f581df5eb6b841801b57aa2d50c0d092117ca51...b40db75908ece32c8416ada8e6d09f3d0e4fba96
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
