diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2021-09-29 17:31:30 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-09-29 17:31:30 +0200 |
| commit | 34691df1b8de64e330652517d3e3cf552d2f1368 (patch) | |
| tree | 2317d68da78bfad70bd8ce29d029e275db6aca36 /data | |
| parent | 78ef22c172c3d8d3e50bda14545a7a5f2c4d0832 (diff) | |
buster/bullseye triage
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 7 | ||||
| -rw-r--r-- | data/dsa-needed.txt | 7 |
2 files changed, 12 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list index 291c78644b..f771abd0ca 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -7779,6 +7779,8 @@ CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle attackers can create new f - trojita <itp> (bug #795701) CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response injection ...) - exim4 <unfixed> (bug #992172) + [bullseye] - exim4 <no-dsa> (Minor issue) + [buster] - exim4 <no-dsa> (Minor issue) [stretch] - exim4 <postponed> (Minor issue, revisit when fixed upstream) NOTE: https://nostarttls.secvuln.info NOTE: https://www.exim.org/static/doc/security/CVE-2021-38371.txt @@ -10675,6 +10677,8 @@ CVE-2021-37147 RESERVED CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...) - ros-ros-comm <unfixed> + [bullseye] - ros-ros-comm <no-dsa> (Minor issue) + [buster] - ros-ros-comm <no-dsa> (Minor issue) NOTE: https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446 NOTE: https://discourse.ros.org/t/new-packages-for-noetic-2021-09-27/22447 NOTE: https://github.com/ros/ros_comm/pull/2185 @@ -79412,12 +79416,14 @@ CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the read_text NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfont fun ...) - fig2dev 1:3.2.8-1 + [buster] - fig2dev <no-dsa> (Minor issue) - transfig <removed> NOTE: https://sourceforge.net/p/mcj/tickets/64/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/421afa17d8cb8dafcaf3e6044a70790fa4fe307b/ (3.2.8) NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/00cdedac7a0b029846dee891769a1e77df83a01b/ (3.2.8) CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_i ...) - fig2dev 1:3.2.8-1 + [buster] - fig2dev <no-dsa> (Minor issue) - transfig <removed> NOTE: https://sourceforge.net/p/mcj/tickets/63/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/2f8d1ae9763dcdc99b88a2b14849fe37174bcd69/ (3.2.8) @@ -79429,6 +79435,7 @@ CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the read_objects NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline f ...) - fig2dev 1:3.2.8-1 + [buster] - fig2dev <no-dsa> (Minor issue) - transfig <removed> NOTE: https://sourceforge.net/p/mcj/tickets/65/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8) diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 67e6066760..0a16e2e84d 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -12,8 +12,7 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. -- -apache2 - Yadd prepared update for bullseye-security, ping about buster? +apache2 (jmm) -- asterisk Maintainer prepared update for bullseye, needs ping for buster @@ -24,6 +23,8 @@ chromium -- djvulibre -- +faad2/oldstable (jmm) +-- ffmpeg/oldstable (jmm) 4.1.7 fixes a number of bugs, but several further one in the 4.1 branch, reaching out for a 4.1.8 release date -- @@ -41,6 +42,8 @@ puppetdb (jmm) -- python-pysaml2 (jmm) -- +qemu (jmm) +-- rabbitmq-server -- runc |