diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2022-01-21 15:30:03 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-01-21 15:30:03 +0100 |
| commit | 1328c577f67bd9fb21ec1f4f20d77c41bc282cdf (patch) | |
| tree | cb54fac0b30fe0eb4619c919de5d6f5f534c5ddc | |
| parent | 37e3117f510027f2ec215a486e97dc93dc3f934f (diff) | |
buster/bullseye triage
| -rw-r--r-- | data/CVE/list | 6 | ||||
| -rw-r--r-- | data/dsa-needed.txt | 2 |
2 files changed, 8 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index e0651f4c61..c8a7807985 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -22127,6 +22127,8 @@ CVE-2021-41044 RESERVED CVE-2021-41043 (Use after free in tcpslice triggers AddressSanitizer, no other confirm ...) - tcpslice <unfixed> (bug #1003190) + [bullseye] - tcpslice <no-dsa> (Minor issue) + [buster] - tcpslice <no-dsa> (Minor issue) NOTE: https://github.com/the-tcpdump-group/tcpslice/issues/11 NOTE: https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a (tcpslice-1.5) CVE-2021-41042 @@ -31627,6 +31629,7 @@ CVE-2021-37219 (HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer all NOTE: https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 CVE-2021-37218 (HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server ...) - nomad <unfixed> + [bullseye] - nomad <no-dsa> (Minor issue) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023 NOTE: https://github.com/hashicorp/nomad/pull/11089 (main) NOTE: https://github.com/hashicorp/nomad/commit/768d7c72a77e9c0415d92900753fc83e8822145a (release-1.1.4) @@ -64983,6 +64986,7 @@ CVE-2021-3122 (CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH server NOT-FOR-US: CMCAgent in NCR Command Center Agent CVE-2021-3121 (An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarsha ...) - golang-gogoprotobuf 1.3.2-1 + [buster] - golang-gogoprotobuf <no-dsa> (Minor issue) [stretch] - golang-gogoprotobuf <no-dsa> (Minor issue) NOTE: https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc CVE-2021-3120 (An arbitrary file upload vulnerability in the YITH WooCommerce Gift Ca ...) @@ -80835,12 +80839,14 @@ CVE-2020-28853 CVE-2020-28852 (In x/text in Go before v0.3.5, a "slice bounds out of range" panic occ ...) - golang-golang-x-text 0.3.5-1 (bug #980002) - golang-x-text <removed> + [buster] - golang-x-text <no-dsa> (Minor issue) [stretch] - golang-x-text <no-dsa> (Minor issue. Golang has limited support in stretch.) NOTE: https://github.com/golang/go/issues/42536 NOTE: https://github.com/golang/text/commit/4482a914f52311356f6f4b7a695d4075ca22c0c6 (v0.3.5) CVE-2020-28851 (In x/text in Go 1.15.4, an "index out of range" panic occurs in langua ...) - golang-golang-x-text 0.3.6-1 (bug #980001) - golang-x-text <removed> + [buster] - golang-x-text <no-dsa> (Minor issue) [stretch] - golang-x-text <no-dsa> (Minor issue. Golang has limited support in stretch.) NOTE: https://github.com/golang/go/issues/42535 CVE-2020-28850 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 9292dc665d..1d45251952 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa -- asterisk/oldstable -- +chromium (jmm) +-- condor -- faad2/oldstable (jmm) |