diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2022-01-17 17:26:32 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-01-17 17:26:32 +0100 |
| commit | 7155dbe5fe85c561f31a848b8f13a75fef301c81 (patch) | |
| tree | 14c8171bd9c31c7c1f4a4a06180e3f723f2edee0 /data | |
| parent | 30b6db3d1f74a002852ad8349acc83f735e8acee (diff) | |
buster/bullseye triage
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 11 | ||||
| -rw-r--r-- | data/dsa-needed.txt | 5 |
2 files changed, 16 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 2f96826979..5c601f0ca5 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -6570,12 +6570,16 @@ CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12 CVE-2021-31566 [symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive] RESERVED - libarchive 3.5.2-1 (bug #1001990) + [bullseye] - libarchive <no-dsa> (Minor issue) + [buster] - libarchive <no-dsa> (Minor issue) NOTE: https://github.com/libarchive/libarchive/issues/1566 NOTE: https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 (v3.5.2) NOTE: https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b (v3.5.2) CVE-2021-23177 [extracting a symlink with ACLs modifies ACLs of target] RESERVED - libarchive 3.5.2-1 (bug #1001986) + [bullseye] - libarchive <no-dsa> (Minor issue) + [buster] - libarchive <no-dsa> (Minor issue) NOTE: https://github.com/libarchive/libarchive/issues/1565 NOTE: https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad (v3.5.2) CVE-2022-21943 @@ -7964,6 +7968,7 @@ CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write - golang-1.15 1.15.15-5 [bullseye] - golang-1.15 1.15.15-1~deb11u2 - golang-1.11 <removed> + [buster] - golang-1.11 <no-dsa> (Minor issue) - golang-1.8 <removed> - golang-1.7 <removed> NOTE: https://github.com/golang/go/issues/50057 @@ -9803,10 +9808,14 @@ CVE-2021-4000 (showdoc is vulnerable to URL Redirection to Untrusted Site ...) CVE-2021-3999 [Off-by-one buffer overflow/underflow in getcwd()] RESERVED - glibc <unfixed> + [bullseye] - glibc <no-dsa> (Minor issue) + [buster] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28769 CVE-2021-3998 [Unexpected return value from realpath() for too long results] RESERVED - glibc <unfixed> + [bullseye] - glibc <no-dsa> (Minor issue) + [buster] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28770 NOTE: https://patchwork.sourceware.org/project/glibc/patch/20220113055920.3155918-1-siddhesh@sourceware.org/ CVE-2021-3997 [Uncontrolled recursion in systemd's systemd-tmpfiles] @@ -9941,6 +9950,7 @@ CVE-2021-44039 RESERVED CVE-2021-44038 (An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod op ...) - quagga <removed> + [buster] - quagga <no-dsa> (Minor issue) [stretch] - quagga <postponed> (revisit when/if fixed upstream) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1191890 NOTE: Debian installed systemd unit files install the problematic redhat/*.service @@ -39086,6 +39096,7 @@ CVE-2021-33431 RESERVED CVE-2021-33430 (A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_N ...) - numpy 1:1.21.4-2 + [bullseye] - numpy <no-dsa> (Minor issue) NOTE: https://github.com/numpy/numpy/issues/18939 NOTE: https://github.com/numpy/numpy/pull/18989 NOTE: https://github.com/numpy/numpy/commit/16f7824b4d935b6aee98298ca4123d57174a6f2e (v1.22.0.dev0) diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 23300c66b0..c59ac6907b 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -29,12 +29,17 @@ linux (carnil) -- ndpi/oldstable -- +nss +-- nodejs (jmm) -- pillow (jmm) -- python-pysaml2 (jmm) -- +rpki-client/stable + new 7.6 release required libretls, which isn't in Bullseye +-- ruby2.5/oldstable Maintainer is preparing updates -- |