diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-10-13 19:47:09 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-10-13 19:50:12 +0200 |
commit | 72e1d1aebace35b90cf42d26f208bc11213c8586 (patch) | |
tree | 14e6db528564545c49343e6d0958bfdf2dadd588 /data | |
parent | e8874d63a36d0a566c95b121c69d2ce9ca62d988 (diff) |
buster/bullseye triage
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 9 | ||||
-rw-r--r-- | data/dsa-needed.txt | 2 |
2 files changed, 10 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index 274e041eed..c4f330a32d 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1056,6 +1056,8 @@ CVE-2021-3854 RESERVED CVE-2021-XXXX [RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist] - rust-nix 0.19.0-2 (bug #995562) + [bullseye] - rust-nix <no-dsa> (Minor issue) + [buster] - rust-nix <no-dsa> (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html NOTE: https://github.com/nix-rust/nix/issues/1541 CVE-2021-41970 @@ -2570,8 +2572,9 @@ CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification o NOTE: https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6 CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...) - shiro <unfixed> + [bullseye] - shiro <no-dsa> (Minor issue) + [buster] - shiro <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1 - TODO: check CVE-2021-41302 (ECOA BAS controller stores sensitive data (backup exports) in clear-te ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41301 (ECOA BAS controller is vulnerable to configuration disclosure when dir ...) @@ -12411,11 +12414,15 @@ CVE-2021-37138 CVE-2021-37137 RESERVED - netty <unfixed> + [bullseye] - netty <no-dsa> (Minor issue) + [buster] - netty <no-dsa> (Minor issue) NOTE: https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363 NOTE: Fixed by: https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f (netty-4.1.68.Final) CVE-2021-37136 RESERVED - netty <unfixed> + [bullseye] - netty <no-dsa> (Minor issue) + [buster] - netty <no-dsa> (Minor issue) NOTE: https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv NOTE: Fixed by: https://github.com/netty/netty/commit/41d3d61a61608f2223bb364955ab2045dd5e4020 (netty-4.1.68.Final) CVE-2021-37135 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 9c1a3e3269..83965a060c 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -50,6 +50,8 @@ salt -- squashfs-tools (carnil) -- +thunderbird (jmm) +-- tomcat9 Markus Koschany proposed an update for CVE-2021-41079, plus a regression fix from previous CVE-2021-30640 and another non-security fix for #987179, might |