Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3435575a by Moritz Muehlenhoff at 2022-07-05T14:24:01+02:00
remove navit, ezxml not used
update information on code copies for ezxml
buster/bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/embedded-code-copies
Changes:
=====================================
data/CVE/list
=====================================
@@ -13818,8 +13818,15 @@ CVE-2022-30046
RESERVED
CVE-2022-30045 (An issue was discovered in libezxml.a in ezXML 0.8.6. The
function ezx ...)
- mapcache <unfixed> (unimportant; bug #1014389)
- - navit <unfixed> (bug #1014390)
- scilab <unfixed> (bug #1014391)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ - netcdf 1:4.9.0-1
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/29/
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2022-30044
@@ -80472,12 +80479,12 @@ CVE-2021-31598 (An issue was discovered in libezxml.a
in ezXML 0.8.6. The functi
[bullseye] - scilab <no-dsa> (Minor issue)
[buster] - scilab <no-dsa> (Minor issue)
- netcdf 1:4.9.0-1 (bug #989360)
- [bullseye] - netcdf <no-dsa> (Minor issue)
- [buster] - netcdf <no-dsa> (Minor issue)
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
[stretch] - netcdf <not-affected> (vulnerable code not present)
- - netcdf-parallel <unfixed> (bug #989361)
- [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
- [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/28/
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2021-31597 (The xmlhttprequest-ssl package before 1.6.1 for Node.js
disables SSL c ...)
@@ -81120,12 +81127,12 @@ CVE-2021-31348 (An issue was discovered in libezxml.a
in ezXML 0.8.6. The functi
[bullseye] - scilab <no-dsa> (Minor issue)
[buster] - scilab <no-dsa> (Minor issue)
- netcdf 1:4.9.0-1 (bug #989360)
- [bullseye] - netcdf <no-dsa> (Minor issue)
- [buster] - netcdf <no-dsa> (Minor issue)
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
[stretch] - netcdf <not-affected> (vulnerable code not present)
- - netcdf-parallel <unfixed> (bug #989361)
- [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
- [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/27/
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The
function ezx ...)
@@ -81135,12 +81142,12 @@ CVE-2021-31347 (An issue was discovered in libezxml.a
in ezXML 0.8.6. The functi
[bullseye] - scilab <no-dsa> (Minor issue)
[buster] - scilab <no-dsa> (Minor issue)
- netcdf 1:4.9.0-1 (bug #989360)
- [bullseye] - netcdf <no-dsa> (Minor issue)
- [buster] - netcdf <no-dsa> (Minor issue)
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
[stretch] - netcdf <not-affected> (vulnerable code not present)
- - netcdf-parallel <unfixed> (bug #989361)
- [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
- [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/27/
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2021-31346 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
@@ -81435,12 +81442,12 @@ CVE-2021-31229 (An issue was discovered in libezxml.a
in ezXML 0.8.6. The functi
[bullseye] - scilab <no-dsa> (Minor issue)
[buster] - scilab <no-dsa> (Minor issue)
- netcdf 1:4.9.0-1 (bug #989360)
- [bullseye] - netcdf <no-dsa> (Minor issue)
- [buster] - netcdf <no-dsa> (Minor issue)
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
[stretch] - netcdf <not-affected> (vulnerable code not present)
- - netcdf-parallel <unfixed> (bug #989361)
- [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
- [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/26/
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2021-31228 (An issue was discovered in HCC embedded InterNiche 4.0.1. This
vulnera ...)
@@ -83551,12 +83558,12 @@ CVE-2021-30485 (An issue was discovered in libezxml.a
in ezXML 0.8.6. The functi
[bullseye] - scilab <no-dsa> (Minor issue)
[buster] - scilab <no-dsa> (Minor issue)
- netcdf 1:4.9.0-1 (bug #989360)
- [bullseye] - netcdf <no-dsa> (Minor issue)
- [buster] - netcdf <no-dsa> (Minor issue)
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
[stretch] - netcdf <not-affected> (vulnerable code not present)
- - netcdf-parallel <unfixed> (bug #989361)
- [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
- [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/25
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2021-30484
@@ -94274,12 +94281,12 @@ CVE-2021-26222 (The ezxml_new function in ezXML 0.8.6
and earlier is vulnerable
[buster] - scilab <no-dsa> (Minor issue)
[stretch] - scilab <no-dsa> (Minor issue)
- netcdf 1:4.9.0-1 (bug #989360)
- [bullseye] - netcdf <no-dsa> (Minor issue)
- [buster] - netcdf <no-dsa> (Minor issue)
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
[stretch] - netcdf <not-affected> (vulnerable code not present)
- - netcdf-parallel <unfixed> (bug #989361)
- [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
- [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/22/
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2021-26221 (The ezxml_new function in ezXML 0.8.6 and earlier is
vulnerable to OOB ...)
@@ -94289,12 +94296,12 @@ CVE-2021-26221 (The ezxml_new function in ezXML 0.8.6
and earlier is vulnerable
[buster] - scilab <no-dsa> (Minor issue)
[stretch] - scilab <no-dsa> (Minor issue)
- netcdf 1:4.9.0-1 (bug #989360)
- [bullseye] - netcdf <no-dsa> (Minor issue)
- [buster] - netcdf <no-dsa> (Minor issue)
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
[stretch] - netcdf <not-affected> (vulnerable code not present)
- - netcdf-parallel <unfixed> (bug #989361)
- [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
- [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/21/
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2021-26220 (The ezxml_toxml function in ezxml 0.8.6 and earlier is
vulnerable to O ...)
@@ -94304,12 +94311,12 @@ CVE-2021-26220 (The ezxml_toxml function in ezxml
0.8.6 and earlier is vulnerabl
[buster] - scilab <no-dsa> (Minor issue)
[stretch] - scilab <no-dsa> (Minor issue)
- netcdf 1:4.9.0-1 (bug #989360)
- [bullseye] - netcdf <no-dsa> (Minor issue)
- [buster] - netcdf <no-dsa> (Minor issue)
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
[stretch] - netcdf <not-affected> (vulnerable code not present)
- - netcdf-parallel <unfixed> (bug #989361)
- [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
- [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/223/
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2021-26219
@@ -178737,12 +178744,12 @@ CVE-2019-20202 (An issue was discovered in ezXML
0.8.3 through 0.8.6. The functi
[buster] - scilab <no-dsa> (Minor issue)
[stretch] - scilab <no-dsa> (Minor issue)
- netcdf 1:4.9.0-1 (bug #989360)
- [bullseye] - netcdf <no-dsa> (Minor issue)
- [buster] - netcdf <no-dsa> (Minor issue)
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
[stretch] - netcdf <not-affected> (vulnerable code not present)
- - netcdf-parallel <unfixed> (bug #989361)
- [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
- [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/17/
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The
ezxml_parse_ ...)
@@ -178752,12 +178759,12 @@ CVE-2019-20201 (An issue was discovered in ezXML
0.8.3 through 0.8.6. The ezxml_
[buster] - scilab <no-dsa> (Minor issue)
[stretch] - scilab <no-dsa> (Minor issue)
- netcdf 1:4.9.0-1 (bug #989360)
- [bullseye] - netcdf <no-dsa> (Minor issue)
- [buster] - netcdf <no-dsa> (Minor issue)
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
[stretch] - netcdf <not-affected> (vulnerable code not present)
- - netcdf-parallel <unfixed> (bug #989361)
- [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
- [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/16/
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2019-20200 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The
function ezx ...)
@@ -178767,12 +178774,12 @@ CVE-2019-20200 (An issue was discovered in ezXML
0.8.3 through 0.8.6. The functi
[buster] - scilab <no-dsa> (Minor issue)
[stretch] - scilab <no-dsa> (Minor issue)
- netcdf 1:4.9.0-1 (bug #989360)
- [bullseye] - netcdf <no-dsa> (Minor issue)
- [buster] - netcdf <no-dsa> (Minor issue)
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
[stretch] - netcdf <not-affected> (vulnerable code not present)
- - netcdf-parallel <unfixed> (bug #989361)
- [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
- [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/19/
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2019-20199 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The
function ezx ...)
@@ -178782,12 +178789,12 @@ CVE-2019-20199 (An issue was discovered in ezXML
0.8.3 through 0.8.6. The functi
[buster] - scilab <no-dsa> (Minor issue)
[stretch] - scilab <no-dsa> (Minor issue)
- netcdf 1:4.9.0-1 (bug #989360)
- [bullseye] - netcdf <no-dsa> (Minor issue)
- [buster] - netcdf <no-dsa> (Minor issue)
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
[stretch] - netcdf <not-affected> (vulnerable code not present)
- - netcdf-parallel <unfixed> (bug #989361)
- [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
- [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/18/
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2019-20198 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The
function ezx ...)
@@ -178797,12 +178804,12 @@ CVE-2019-20198 (An issue was discovered in ezXML
0.8.3 through 0.8.6. The functi
[buster] - scilab <no-dsa> (Minor issue)
[stretch] - scilab <no-dsa> (Minor issue)
- netcdf 1:4.9.0-1 (bug #989360)
- [bullseye] - netcdf <no-dsa> (Minor issue)
- [buster] - netcdf <no-dsa> (Minor issue)
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
[stretch] - netcdf <not-affected> (vulnerable code not present)
- - netcdf-parallel <unfixed> (bug #989361)
- [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
- [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/20/
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2020-5178
@@ -181891,12 +181898,12 @@ CVE-2019-20007 (An issue was discovered in ezXML
0.8.2 through 0.8.6. The functi
[buster] - scilab <no-dsa> (Minor issue)
[stretch] - scilab <no-dsa> (Minor issue)
- netcdf 1:4.9.0-1 (bug #989360)
- [bullseye] - netcdf <no-dsa> (Minor issue)
- [buster] - netcdf <no-dsa> (Minor issue)
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
[stretch] - netcdf <not-affected> (vulnerable code not present)
- - netcdf-parallel <unfixed> (bug #989361)
- [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
- [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/13/
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2019-20006 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The
function ezx ...)
@@ -181906,12 +181913,12 @@ CVE-2019-20006 (An issue was discovered in ezXML
0.8.3 through 0.8.6. The functi
[buster] - scilab <no-dsa> (Minor issue)
[stretch] - scilab <no-dsa> (Minor issue)
- netcdf 1:4.9.0-1 (bug #989360)
- [bullseye] - netcdf <no-dsa> (Minor issue)
- [buster] - netcdf <no-dsa> (Minor issue)
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
[stretch] - netcdf <not-affected> (vulnerable code not present)
- - netcdf-parallel <unfixed> (bug #989361)
- [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
- [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/15/
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The
function ezx ...)
@@ -181921,12 +181928,12 @@ CVE-2019-20005 (An issue was discovered in ezXML
0.8.3 through 0.8.6. The functi
[buster] - scilab <no-dsa> (Minor issue)
[stretch] - scilab <no-dsa> (Minor issue)
- netcdf 1:4.9.0-1 (bug #989360)
- [bullseye] - netcdf <no-dsa> (Minor issue)
- [buster] - netcdf <no-dsa> (Minor issue)
+ [bullseye] - netcdf <ignored> (Minor issue)
+ [buster] - netcdf <ignored> (Minor issue)
[stretch] - netcdf <not-affected> (vulnerable code not present)
- - netcdf-parallel <unfixed> (bug #989361)
- [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
- [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ - netcdf-parallel 1:4.9.0-1 (bug #989361)
+ [bullseye] - netcdf-parallel <ignored> (Minor issue)
+ [buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/14/
NOTE: mapcache only uses ezxml to parse config files which are trusted
CVE-2019-20004 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices.
When the ...)
=====================================
data/embedded-code-copies
=====================================
@@ -3491,8 +3491,10 @@ ttmath (not packaged, https://www.ttmath.org/)
- geos <unfixed> (modified-embed)
ezxml (not packaged in Debian; no ITP)
- - netcdf <unfixed> (embed; bug #989360)
- - netcdf-parallel <unfixed> (embed; bug #989361)
+ - netcdf 1:4.9.0-1 (embed; bug #989360)
+ NOTE: netcdf switched to libxml2 in 4.9.0
+ - netcdf-parallel 1:4.9.0-1 (embed; bug #989361)
+ NOTE: netcdf-parallel switched to libxml2 in 4.9.0
- navit <not-affected> (embed; bug #989362)
- mapcache <unfixed> (embed; bug #989363)
NOTE: mapcache only uses ezxml to parse config file, doesn't trust any
trust boundary, no need to file bugs
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3435575a92ec4f96060a99d7ce70871f22d4a867
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3435575a92ec4f96060a99d7ce70871f22d4a867
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
