Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: b9c68257 by Thorsten Alteholz at 2021-08-30T00:08:03+02:00 mark CVE-2020-18976 as unfixed and unimportant for Stretch - - - - - 0d127be8 by Thorsten Alteholz at 2021-08-30T00:11:44+02:00 add sssd - - - - - cf34b1a0 by Thorsten Alteholz at 2021-08-30T00:12:48+02:00 add btrbk - - - - - 4af4a5c3 by Thorsten Alteholz at 2021-08-30T00:15:03+02:00 mark some CVEs of liblivemedia as no-dsa - - - - - b40db759 by Thorsten Alteholz at 2021-08-30T00:17:14+02:00 mark two CVEs of libpodofo as postponed for Stretch - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -3893,14 +3893,17 @@ CVE-2021-38383 (OwnTone (aka owntone-server) through 28.1 has a use-after-free i NOT-FOR-US: OwnTone CVE-2021-38382 (Live555 through 1.08 does not handle Matroska and Ogg files properly. ...) - liblivemedia <removed> + [stretch] - liblivemedia <no-dsa> (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021959.html NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.06] CVE-2021-38381 (Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sendi ...) - liblivemedia <removed> + [stretch] - liblivemedia <no-dsa> (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021961.html NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09] CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3 stream, ...) - liblivemedia <removed> + [stretch] - liblivemedia <no-dsa> (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021954.html NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04] CVE-2021-38379 @@ -80163,7 +80166,9 @@ CVE-2020-18977 RESERVED CVE-2020-18976 (Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial ...) - tcpreplay 4.3.3-1 + [stretch] - tcpreplay <unfixed> (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/556 + NOTE: Crash in CLI tool, no security impact CVE-2020-18975 RESERVED CVE-2020-18974 (Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers ...) @@ -80174,9 +80179,11 @@ CVE-2020-18973 RESERVED CVE-2020-18972 (Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v ...) - libpodofo <unfixed> + [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/podofo/tickets/49/ CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause ...) - libpodofo <unfixed> + [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/podofo/tickets/48/ CVE-2020-18970 RESERVED ===================================== data/dla-needed.txt ===================================== @@ -18,6 +18,8 @@ ansible NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- +btrbk (Thorsten Alteholz) +-- cacti (Roberto C. Sánchez) NOTE: 20210829: not really sure whether affected, please recheck -- @@ -99,5 +101,7 @@ smarty3 (Abhijith PA) -- squashfs-tools (Thorsten Alteholz) -- +sssd +-- wireshark (Adrian Bunk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8f581df5eb6b841801b57aa2d50c0d092117ca51...b40db75908ece32c8416ada8e6d09f3d0e4fba96 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8f581df5eb6b841801b57aa2d50c0d092117ca51...b40db75908ece32c8416ada8e6d09f3d0e4fba96 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits