diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2021-11-20 20:45:49 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-11-22 12:02:05 +0100 |
| commit | c72c97f8af266b80bb36db2848903881fd1f894d (patch) | |
| tree | aa14a24746ebef8db84d7c469b9c015444ecf22d | |
| parent | 2f76dde376450c7aa1d58c6abb1c1e7695a5db7f (diff) | |
buster/bullseye triage
| -rw-r--r-- | data/CVE/list | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 4dd78c9c04..8390f63caa 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -2065,6 +2065,8 @@ CVE-2021-3957 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: kimai2 CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ...) - npm <unfixed> + [bullseye] - npm <no-dsa> (Minor issue) + [buster] - npm <no-dsa> (Minor issue) NOTE: https://github.com/npm/cli/issues/2701 CVE-2021-43615 RESERVED @@ -4158,6 +4160,8 @@ CVE-2021-43175 RESERVED CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification of Obj ...) - node-json-schema 0.4.0+~7.0.9-1 (bug #999765) + [bullseye] - node-json-schema <no-dsa> (Minor issue) + [buster] - node-json-schema <no-dsa> (Minor issue) NOTE: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 (v0.4.0) CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, suppo ...) - routinator <itp> (bug #929024) @@ -5190,6 +5194,8 @@ CVE-2020-36490 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site s NOT-FOR-US: DedeCMS CVE-2021-XXXX [RUSTSEC-2020-0159: Potential segfault in localtime_r invocations] - rust-chrono <unfixed> (bug #996913) + [bullseye] - rust-chrono <no-dsa> (Minor issue) + [buster] - rust-chrono <no-dsa> (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0159.html NOTE: https://github.com/chronotope/chrono/issues/499 CVE-2021-42742 @@ -28404,6 +28410,7 @@ CVE-2021-33516 (An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2. NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac (master) CVE-2021-33515 (The submission service in Dovecot before 2.3.15 allows STARTTLS comman ...) - dovecot 1:2.3.13+dfsg1-2 (bug #990566) + [bullseye] - dovecot <postponed> (Minor issue, fix along with next update) [buster] - dovecot <postponed> (Minor issue, fix along with next update) [stretch] - dovecot <not-affected> (Vulnerable code (smtp_server_command queue) introduced later) NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html @@ -83872,9 +83879,13 @@ CVE-2020-23905 RESERVED CVE-2020-23904 (A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers t ...) - speex <unfixed> + [bullseye] - speex <no-dsa> (Minor issue) + [buster] - speex <no-dsa> (Minor issue) NOTE: https://github.com/xiph/speex/issues/14 CVE-2020-23903 (A Divide by Zero vulnerability in the function static int read_samples ...) - speex <unfixed> + [bullseye] - speex <no-dsa> (Minor issue) + [buster] - speex <no-dsa> (Minor issue) NOTE: https://github.com/xiph/speex/issues/13 CVE-2020-23902 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...) NOT-FOR-US: WildBit Viewer |