Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8ec7b023 by Thorsten Alteholz at 2021-04-22T09:33:55+02:00
mark CVE-2020-28590 as not-affected for Stretch
- - - - -
cbb3a561 by Thorsten Alteholz at 2021-04-22T09:40:51+02:00
mark CVE-2021-30151 as no-dsa for Stretch
- - - - -
b36123d1 by Thorsten Alteholz at 2021-04-22T09:42:43+02:00
mark CVE-2021-21416 as no-dsa for Stretch
- - - - -
86280c1e by Thorsten Alteholz at 2021-04-22T09:45:29+02:00
mark CVE-2020-23922 as no-dsa for Stretch
- - - - -
93c1629f by Thorsten Alteholz at 2021-04-22T09:48:21+02:00
mark CVE-2021-3507 as no-dsa for Stretch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,6 +27,7 @@ CVE-2021-3507 [fdc: heap buffer overflow in DMA read data
transfers]
- qemu <unfixed>
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951118
CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in
fs/f2fs/node.c ...)
- linux <unfixed>
@@ -3027,6 +3028,7 @@ CVE-2021-30152 (An issue was discovered in MediaWiki
before 1.31.13 and 1.32.x t
NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the
queue n ...)
- ruby-sidekiq <unfixed>
+ [stretch] - ruby-sidekiq <no-dsa> (Minor issue)
NOTE: https://github.com/mperham/sidekiq/issues/4852
CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script. ...)
NOT-FOR-US: Composr
@@ -24241,6 +24243,7 @@ CVE-2021-21417
RESERVED
CVE-2021-21416 (django-registration is a user registration package for Django.
The dja ...)
- python-django-registration <unfixed>
+ [stretch] - python-django-registration <no-dsa> (Minor issue)
NOTE:
https://github.com/ubernostrum/django-registration/security/advisories/GHSA-58c7-px5v-82hh
NOTE:
https://github.com/ubernostrum/django-registration/commit/8206af081e239598cfd15d165d4d8ab9849ee23c
CVE-2021-21415
@@ -34513,6 +34516,7 @@ CVE-2020-28591 (An out-of-bounds read vulnerability
exists in the AMF File AMFPa
NOTE: https://github.com/slic3r/Slic3r/pull/5063
CVE-2020-28590 (An out-of-bounds read vulnerability exists in the Obj File
TriangleMes ...)
- slic3r <unfixed>
+ [stretch] - slic3r <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1213
NOTE: https://github.com/slic3r/Slic3r/issues/5074
CVE-2020-28589
@@ -47927,6 +47931,7 @@ CVE-2020-23923
RESERVED
CVE-2020-23922 (An issue was discovered in giflib through 5.1.4.
DumpScreen2RGB in gif ...)
- giflib <unfixed>
+ [stretch] - giflib <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/giflib/bugs/151/
CVE-2020-23921 (An issue was discovered in fast_ber through v0.4. yy::yylex()
in asn_c ...)
TODO: check
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/759d3f23c313658cdc2164ea73f667d9ed097c35...93c1629f4a92d94df32d0203414fcac03b1f9764
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/759d3f23c313658cdc2164ea73f667d9ed097c35...93c1629f4a92d94df32d0203414fcac03b1f9764
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
