diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-11-03 16:10:57 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-11-03 16:11:26 +0100 |
commit | 4211c616563795a774305ffa87f9435ab6adbe76 (patch) | |
tree | 431200e6cc23b42daf0aa51c99bda084a01a27ac | |
parent | 030d13f3d739f395224aa4fb738a1e8f437380f4 (diff) |
buster/bullseye triage
-rw-r--r-- | data/CVE/list | 17 | ||||
-rw-r--r-- | data/dsa-needed.txt | 3 |
2 files changed, 19 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index 6f23a7bff6..90601fe466 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -7234,18 +7234,23 @@ CVE-2021-41093 (Wire is an open source secure messenger. In affected versions if NOT-FOR-US: Wire iOS CVE-2021-41092 (Docker CLI is the command line interface for the docker container runt ...) - docker.io <unfixed> (bug #998292) + [bullseye] - docker.io <no-dsa> (Minor issue) + [buster] - docker.io <no-dsa> (Minor issue) NOTE: https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v NOTE: https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b CVE-2021-41091 (Moby is an open-source project created by Docker to enable software co ...) - docker.io <unfixed> + [bullseye] - docker.io <no-dsa> (Minor issue) + [buster] - docker.io <no-dsa> (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558 NOTE: https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64 CVE-2021-41090 RESERVED CVE-2021-41089 (Moby is an open-source project created by Docker to enable software co ...) - docker.io <unfixed> + [bullseye] - docker.io <no-dsa> (Minor issue) + [buster] - docker.io <no-dsa> (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4 - TODO: check details CVE-2021-41088 (Elvish is a programming language and interactive shell, combined into ...) - elvish 0.14.0-1 [buster] - elvish <no-dsa> (Minor issue) @@ -15619,25 +15624,35 @@ CVE-2021-37624 (FreeSWITCH is a Software Defined Telecom Stack enabling the digi NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3 CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 <unfixed> + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) [stretch] - exiv2 <no-dsa> (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq NOTE: https://github.com/Exiv2/exiv2/pull/1790 CVE-2021-37622 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 <unfixed> + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) [stretch] - exiv2 <no-dsa> (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv NOTE: https://github.com/Exiv2/exiv2/pull/1788 CVE-2021-37621 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 <unfixed> + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) [stretch] - exiv2 <no-dsa> (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg NOTE: https://github.com/Exiv2/exiv2/pull/1778 CVE-2021-37620 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 <unfixed> + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v5g7-46xf-h728 NOTE: https://github.com/Exiv2/exiv2/pull/1769 CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 <unfixed> + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) [stretch] - exiv2 <no-dsa> (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v NOTE: https://github.com/Exiv2/exiv2/pull/1752 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 06101419b7..6a610b9140 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -56,5 +56,8 @@ tomcat9 from previous CVE-2021-30640 and another non-security fix for #987179, might need a SRM ack. -- +trafficserver (jmm) + wait until status for CVE-2021-38161 is clarified (upstream patch got reverted) +-- varnish -- |