diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-10-11 16:46:35 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-10-11 16:47:05 +0200 |
commit | 253d29dadf194cffb9422ef59150c1730f668667 (patch) | |
tree | 70b3b5f72211e9015c53f713c81425d7fe43a419 /data | |
parent | 995d287ddfa0a1e85800246e8017ee6e69409d73 (diff) |
pillow fixed in sid
buster/bullseye triage
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 16 | ||||
-rw-r--r-- | data/dsa-needed.txt | 4 |
2 files changed, 16 insertions, 4 deletions
diff --git a/data/CVE/list b/data/CVE/list index 9b143ee102..1c73f42afb 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -3011,6 +3011,7 @@ CVE-2021-40823 (A logic error in the room key sharing functionality of matrix-js - element-web <itp> (bug #866502) - node-matrix-js-sdk <unfixed> (bug #994213) [bullseye] - node-matrix-js-sdk <no-dsa> (Minor issue) + [buster] - node-matrix-js-sdk <no-dsa> (Minor issue) NOTE: https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing/ NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9 (v12.4.1) CVE-2021-40822 @@ -4798,6 +4799,8 @@ CVE-2021-3739 CVE-2021-3735 [ahci: deadlock issue leads to denial of service] RESERVED - qemu <unfixed> + [bullseye] - qemu <no-dsa> (Minor issue) + [buster] - qemu <no-dsa> (Minor issue) [stretch] - qemu <postponed> (Fix along with a future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997184 CVE-2021-40083 (Knot Resolver before 5.3.2 is prone to an assertion failure, triggerab ...) @@ -10137,9 +10140,11 @@ CVE-2021-37846 CVE-2021-37845 RESERVED - citadel <unfixed> + [buster] - citadel <ignored> (Minor issue) [stretch] - citadel <postponed> (Minor issue, revisit when fixed upstream) NOTE: https://uncensored.citadel.org/readfwd?go=Citadel Security?view=0?start_reading_at=2099264259#2099264259 NOTE: https://nostarttls.secvuln.info/ + NOTE: CVE-2020-29547 and CVE-2021-37845 seem like dupes CVE-2021-37844 RESERVED CVE-2021-3677 [Memory disclosure in certain queries] @@ -32597,6 +32602,7 @@ CVE-2021-28703 RESERVED CVE-2021-28702 (PCI devices with RMRRs not deassigned correctly Certain PCI devices in ...) - xen <unfixed> + [bullseye] - xen <postponed> (Minor issue, fix along with next DSA) [buster] - xen <not-affected> (Vulnerable code introduced later) [stretch] - xen <not-affected> (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-386.html @@ -45284,7 +45290,9 @@ CVE-2021-23439 (This affects the package file-upload-with-preview before 4.2.0. CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion vulnerab ...) NOT-FOR-US: Node mpath CVE-2021-23437 (The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Ex ...) - - pillow <unfixed> + - pillow 8.3.2-1 + [bullseye] - pillow <no-dsa> (Minor issue) + [buster] - pillow <no-dsa> (Minor issue) [stretch] - pillow <postponed> (Minor issue, can be fixed in the next DLA) NOTE: https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b NOTE: https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443 @@ -58284,9 +58292,11 @@ CVE-2020-29548 (An issue was discovered in SmarterTools SmarterMail through 100. CVE-2020-29547 RESERVED - citadel <unfixed> + [buster] - citadel <ignored> (Minor issue) [stretch] - citadel <postponed> (Minor issue, revisit when fixed upstream) NOTE: https://uncensored.citadel.org/readfwd?go=Citadel Security?view=0?start_reading_at=2099264259#2099264259 NOTE: https://nostarttls.secvuln.info/ + NOTE: CVE-2020-29547 and CVE-2021-37845 seem like dupes CVE-2020-29546 RESERVED CVE-2020-29545 @@ -78132,6 +78142,7 @@ CVE-2020-22618 RESERVED CVE-2020-22617 (Ardour v5.12 contains a use-after-free vulnerability in the component ...) - ardour 1:6.0.0~ds0-1 + [buster] - ardour <no-dsa> (Minor issue) NOTE: https://tracker.ardour.org/view.php?id=7926 NOTE: https://github.com/Ardour/ardour/commit/96daa4036a425ff3f23a7dfcba57bfb0f942bec6 (6.0-pre1) CVE-2020-22616 @@ -81884,8 +81895,7 @@ CVE-2020-20900 CVE-2020-20899 REJECTED CVE-2020-20898 (Integer Overflow vulnerability in function filter16_prewitt in libavfi ...) - - ffmpeg 7:4.3-2 - [buster] - ffmpeg <ignored> (Minor issue) + - ffmpeg 7:4.3-2 (unimportant) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 (4.3) NOTE: https://trac.ffmpeg.org/ticket/8263 CVE-2020-20897 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 98b62135f3..9c1a3e3269 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -28,11 +28,13 @@ ffmpeg/oldstable (jmm) -- icu -- +libreoffice (jmm) +-- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v4.19.y versions. -- -ndpi +ndpi/oldstable -- nodejs (jmm) -- |