Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3f0cae72 by Thorsten Alteholz at 2021-10-21T15:00:26+02:00 add gpac - - - - - 267a2047 by Thorsten Alteholz at 2021-10-21T15:02:33+02:00 mark two CVEs of vim as no-dsa for Stretch - - - - - 99dd3f50 by Thorsten Alteholz at 2021-10-21T15:05:04+02:00 mark two CVEs of atomicparsley as no-dsa for Stretch - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -2618,6 +2618,7 @@ CVE-2021-3875 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim <unfixed> (bug #996593) [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) + [stretch] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53/ NOTE: https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f (v8.2.3489) CVE-2021-42133 @@ -2692,6 +2693,7 @@ CVE-2021-42101 RESERVED CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim <unfixed> + [stretch] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8 NOTE: https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b CVE-2021-3871 @@ -14202,6 +14204,7 @@ CVE-2021-37233 RESERVED CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley 20210124.204813 ...) - atomicparsley 20210715.151551.e7ad03a-1 (bug #993366) + [stretch] - atomicparsley <no-dsa> (Minor issue) - gtkpod <unfixed> (bug #993376) [bullseye] - gtkpod <ignored> (Minor issue) [buster] - gtkpod <ignored> (Minor issue) @@ -14210,6 +14213,7 @@ CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley 20210124. NOTE: https://github.com/wez/atomicparsley/issues/32 CVE-2021-37231 (A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499 ...) - atomicparsley 20210715.151551.e7ad03a-1 (bug #993372) + [stretch] - atomicparsley <no-dsa> (Minor issue) - gtkpod <unfixed> (bug #993375) [bullseye] - gtkpod <ignored> (Minor issue) [buster] - gtkpod <ignored> (Minor issue) ===================================== data/dla-needed.txt ===================================== @@ -44,6 +44,8 @@ firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag -- +gpac +-- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/839cb5b9da7d79aa389d8ccd47f751b93d4a47f7...99dd3f50eebe4cbc2ce32fe41c293b56c13fbc26 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/839cb5b9da7d79aa389d8ccd47f751b93d4a47f7...99dd3f50eebe4cbc2ce32fe41c293b56c13fbc26 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits