buster triage

also track python-os-brick

2 files changed, 10 insertions, 1 deletions

diff --git a/data/CVE/list b/data/CVE/list
index bfa23ce8c5..bf324573a9 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2112,6 +2112,7 @@ CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because tex
 	- golang-1.15 <unfixed> (bug #969661)
 	- golang-1.14 <unfixed> (bug #969662)
 	- golang-1.11 <removed>
+	[buster] - golang-1.11 <no-dsa> (Minor issue)
 	- golang-1.8 <removed>
 	- golang-1.7 <removed>
 	NOTE: https://groups.google.com/forum/#!topic/golang-announce/8wqlSbkLdPs
@@ -16344,6 +16345,7 @@ CVE-2020-17481
 	RESERVED
 CVE-2020-17480 (TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parse ...)
 	- tinymce <unfixed>
+	[buster] - tinymce <no-dsa> (Minor issue)
 	NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95
 CVE-2020-17479 (jpv (aka Json Pattern Validator) before 2.2.2 does not properly valida ...)
 	NOT-FOR-US: jpv
@@ -28260,6 +28262,7 @@ CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c direct
 	NOT-FOR-US: Gurbalib
 CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlie ...)
 	- tinymce <unfixed>
+	[buster] - tinymce <no-dsa> (Minor issue)
 	NOTE: https://labs.bishopfox.com/advisories/tinymce-version-5.2.1
 CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...)
 	NOT-FOR-US: Unisys ALGOL Compiler
@@ -28821,6 +28824,7 @@ CVE-2020-12414 (IndexedDB should be cleared when leaving private browsing mode a
 CVE-2020-12413 [racoon attack for NSS]
 	RESERVED
 	- nss <unfixed>
+	[buster] - nss <no-dsa> (Minor issue)
 	NOTE: https://raccoon-attack.com/
 CVE-2020-12412 (By navigating a tab using the history API, an attacker could cause the ...)
 	- firefox 70.0-1
@@ -34622,9 +34626,10 @@ CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder v
 	[buster] - cinder <no-dsa> (Minor issue)
 	[stretch] - cinder <no-dsa> (Minor issue)
 	[jessie] - cinder <end-of-life> (OpenStack component, not supported in jessie LTS)
+	- python-os-brick 3.1.0-1 (low)
+	[buster] - python-os-brick <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/cinder/+bug/1823200
 	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086
-	TODO: check, affects as well  python-os-brick or needs a respective update?
 CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkManager di ...)
 	- network-manager <unfixed> (unimportant)
 	NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/448
@@ -46302,6 +46307,7 @@ CVE-2020-6098 (An exploitable denial of service vulnerability exists in the free
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030
 CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atftpd da ...)
 	- atftp <unfixed> (bug #970066)
+	[buster] - atftp <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
 CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...)
 	- glibc 2.31-2 (low; bug #961452)
@@ -91202,6 +91208,7 @@ CVE-2019-1010092
 	RESERVED
 CVE-2019-1010091 (tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization ...)
 	- tinymce <unfixed> (bug #970256)
+	[buster] - tinymce <no-dsa> (Minor issue)
 	[jessie] - tinymce <ignored> (Minor issue, requires manually copy/pasting javascript to execute it, can't reproduce on Jessie)
 	NOTE: https://github.com/tinymce/tinymce/issues/4394
 CVE-2019-1010090
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index 59d68db80b..b7eb64ae97 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -25,6 +25,8 @@ knot-resolver
 linux (carnil)
   Wait until more issues have piled up
 --
+python-flask-cors
+--
 rails (jmm)
   Sylvain Beucler proposed to help for the update, remaining CVEs to be done
 --