diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2021-04-19 23:23:16 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-04-20 09:11:57 +0200 |
| commit | b3b7d03ff9aeeb04b4e4b77299bc67a0b6b1f032 (patch) | |
| tree | a3ed50ce5b8cf4fc65393e0e75e47e86f1fa1601 | |
| parent | b3d8311a98788626454edb87a5e5af67ad735ae9 (diff) | |
buster triage
| -rw-r--r-- | data/CVE/list | 12 | ||||
| -rw-r--r-- | data/dsa-needed.txt | 2 |
2 files changed, 14 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index a32979f23e..bcbbca5899 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -4828,6 +4828,7 @@ CVE-2021-29339 RESERVED CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash t ...) - openjpeg2 <unfixed> + [buster] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1338 CVE-2021-29337 RESERVED @@ -9021,6 +9022,7 @@ CVE-2021-27516 (URI.js (aka urijs) before 1.19.6 mishandles certain uses of back NOT-FOR-US: urijs CVE-2021-27515 (url-parse before 1.5.0 mishandles certain uses of backslash such as ht ...) - node-url-parse 1.5.1-1 (bug #985110) + [buster] - node-url-parse <no-dsa> (Minor issue) [stretch] - node-url-parse <no-dsa> (Minor issue) NOTE: https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0 (1.5.0) NOTE: https://github.com/unshiftio/url-parse/pull/197 @@ -27289,6 +27291,7 @@ CVE-2021-20237 [Memory leaks via metadata messages processed by PUB sockets] CVE-2021-20236 [Stack overflow on server running PUB/XPUB socket] RESERVED - zeromq3 4.3.3-1 + [buster] - zeromq3 <no-dsa> (Minor issue) [stretch] - zeromq3 <ignored> (Minor issue, too intrusive to backport) NOTE: https://github.com/zeromq/libzmq/pull/3959 NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8 @@ -27296,12 +27299,14 @@ CVE-2021-20236 [Stack overflow on server running PUB/XPUB socket] CVE-2021-20235 (There's a flaw in the zeromq server in versions before 4.3.3 in src/de ...) {DLA-2588-1} - zeromq3 4.3.3-1 + [buster] - zeromq3 <no-dsa> (Minor issue) NOTE: https://github.com/zeromq/libzmq/pull/3902 NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21984 CVE-2021-20234 (An uncontrolled resource consumption (memory leak) flaw was found in t ...) {DLA-2588-1} - zeromq3 4.3.3-1 + [buster] - zeromq3 <no-dsa> (Minor issue) NOTE: https://github.com/zeromq/libzmq/pull/3918 NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22037 @@ -46819,6 +46824,7 @@ CVE-2020-24362 CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, P ...) {DLA-2393-1} - snmptt 1.4.2-1 + [buster] - snmptt <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/snmptt/git/ci/f6aef5223bc9ed8126268a273ac9f5c341af835a CVE-2020-24360 (An issue with ARP packets in Arista’s EOS affecting the 7800R3, ...) NOT-FOR-US: Arista @@ -70853,18 +70859,23 @@ CVE-2020-13579 (An exploitable integer overflow vulnerability exists in the Plan NOT-FOR-US: SoftMaker CVE-2020-13578 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...) - gsoap 2.8.104-3 (bug #983596) + [buster] - gsoap <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1189 CVE-2020-13577 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...) - gsoap 2.8.104-3 (bug #983596) + [buster] - gsoap <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1188 CVE-2020-13576 (A code execution vulnerability exists in the WS-Addressing plugin func ...) - gsoap 2.8.104-3 (bug #983596) + [buster] - gsoap <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1187 CVE-2020-13575 (A denial-of-service vulnerability exists in the WS-Addressing plugin f ...) - gsoap 2.8.104-3 (bug #983596) + [buster] - gsoap <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1186 CVE-2020-13574 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...) - gsoap 2.8.104-3 (bug #983596) + [buster] - gsoap <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1185 CVE-2020-13573 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...) NOT-FOR-US: Rockwell Automation RSLinx Classic @@ -86822,6 +86833,7 @@ CVE-2020-7925 (Incorrect validation of user input in the role name parser may le NOTE: Introduced by: https://github.com/mongodb/mongo/commit/3ca76fd569c94de72c4daf6eef27fbf9bf51233b (v3.6.18) CVE-2020-7924 (Usage of specific command line parameter in MongoDB Tools which was or ...) - mongo-tools <unfixed> + [buster] - mongo-tools <no-dsa> (Minor issue) NOTE: https://jira.mongodb.org/browse/TOOLS-2587 CVE-2020-7923 (A user authorized to perform database queries may cause denial of serv ...) {DLA-2344-1} diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index da46998346..70622da362 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -18,6 +18,8 @@ condor -- firefox-esr (jmm) -- +gst-plugins-good1.0 (jmm) +-- libhibernate3-java -- linux (carnil) |