Merge in the accepted packages from buster 10.11

Though the release has not been happened yet, this is the list of packages which were copied over from buster-pu to buster. The final 10.11 changes need to still be verifed for any missing additional ones.
author: Salvatore Bonaccorso <carnil@debian.org> 2021-10-09 12:09:27 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-10-09 12:09:27 +0200
commit: c9d3ab67b7d6dd80b78f0a37c5caca8844741e8f (patch)
tree: edb4430ab03c0add286105101f0b9a9655039c15 /data
parent: e99daf016d544dc0c91fa1acb35bf2a14a9e9b4e (diff)
2 files changed, 33 insertions, 96 deletions
diff --git a/data/CVE/list b/data/CVE/list
index a51031fe6c..caad0df371 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1894,7 +1894,7 @@ CVE-2021-3808
 CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Complexity ...)
 	- node-ansi-regex 5.0.1-1 (bug #994568)
 	[bullseye] - node-ansi-regex 5.0.1-1~deb11u1
-	[buster] - node-ansi-regex <no-dsa> (Minor issue)
+	[buster] - node-ansi-regex 3.0.0-1+deb10u1
 	[stretch] - node-ansi-regex <not-affected> (Vulnerable code introduced later)
 	NOTE: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
 	NOTE: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 (v6.0.1)
@@ -2848,7 +2848,7 @@ CVE-2021-3799 (grav-plugin-admin is vulnerable to Improper Restriction of Render
 CVE-2021-41054 (tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buff ...)
 	- atftp 0.7.git20210915-1 (bug #994895)
 	[bullseye] - atftp 0.7.git20120829-3.3+deb11u1
-	[buster] - atftp <no-dsa> (Minor issue; can be fixed via point release)
+	[buster] - atftp 0.7.git20120829-3.2~deb10u2
 	[stretch] - atftp <postponed> (Minor issue)
 	NOTE: https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/
 CVE-2021-3798 [Soft token does not check if an EC key is valid]
@@ -3602,7 +3602,7 @@ CVE-2021-40541
 CVE-2021-40540 (ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info ...)
 	- ulfius 2.7.1-2 (bug #993851)
 	[bullseye] - ulfius 2.7.1-1+deb11u1
-	[buster] - ulfius <no-dsa> (Minor issue)
+	[buster] - ulfius 2.5.2-4+deb10u1
 	NOTE: https://github.com/babelouest/ulfius/commit/c83f564c184a27145e07c274b305cabe943bbfaa
 CVE-2021-40539 (Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnera ...)
 	NOT-FOR-US: Zoho ManageEngine
@@ -4191,7 +4191,7 @@ CVE-2021-3750 [hcd-ehci: DMA reentrancy issue leads to use-after-free]
 CVE-2021-3749 (axios is vulnerable to Inefficient Regular Expression Complexity ...)
 	- node-axios 0.21.3+dfsg-1
 	[bullseye] - node-axios 0.21.1+dfsg-1+deb11u1
-	[buster] - node-axios <no-dsa> (Minor issue)
+	[buster] - node-axios 0.17.1+dfsg-2+deb10u1
 	NOTE: https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/
 	NOTE: https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929
 	NOTE: https://github.com/axios/axios/pull/3980
@@ -8277,7 +8277,7 @@ CVE-2021-38562
 	- request-tracker5 <unfixed> (bug #995167)
 	- request-tracker4 4.4.4+dfsg-3 (bug #995175)
 	[bullseye] - request-tracker4 4.4.4+dfsg-2+deb11u1
-	[buster] - request-tracker4 <no-dsa> (Minor issue; will be fixed via point release)
+	[buster] - request-tracker4 4.4.3-2+deb10u1
 	[stretch] - request-tracker4 <no-dsa> (Minor issue)
 	NOTE: https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c (rt-5.0.2)
 	NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.4.5)
@@ -9317,7 +9317,7 @@ CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mish
 	{DLA-2755-1}
 	- btrbk 0.27.1-2
 	[bullseye] - btrbk 0.27.1-1.1+deb11u1
-	[buster] - btrbk <no-dsa> (Minor issue; can be fixed via point release)
+	[buster] - btrbk 0.27.1-1+deb10u1
 	NOTE: Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2)
 	NOTE: Introduced by: https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144 (v0.23.0-rc1)
 CVE-2021-38172
@@ -10307,7 +10307,7 @@ CVE-2021-37750 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) b
 	{DLA-2771-1}
 	- krb5 1.18.3-7 (bug #992607)
 	[bullseye] - krb5 1.18.3-6+deb11u1
-	[buster] - krb5 <no-dsa> (Minor issue)
+	[buster] - krb5 1.17-3+deb10u3
 	NOTE: https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
 CVE-2021-37749 (MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16 ...)
 	NOT-FOR-US: Hexagon GeoMedia WebMap
@@ -12530,7 +12530,7 @@ CVE-2021-36774
 CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...)
 	- ublock-origin 1.37.0+dfsg-1 (bug #991386)
 	[bullseye] - ublock-origin 1.37.0+dfsg-1~deb11u1
-	[buster] - ublock-origin <no-dsa> (Minor issue)
+	[buster] - ublock-origin 1.37.0+dfsg-1~deb10u1
 	[stretch] - ublock-origin <no-dsa> (Minor issue)
 	- umatrix <unfixed> (bug #991344)
 	[buster] - umatrix <no-dsa> (Minor issue)
@@ -15847,7 +15847,7 @@ CVE-2021-35368 [CRS Request Body Bypass]
 	RESERVED
 	- modsecurity-crs 3.3.2-1 (bug #992000)
 	[bullseye] - modsecurity-crs 3.3.0-1+deb11u1
-	[buster] - modsecurity-crs <no-dsa> (Minor issue)
+	[buster] - modsecurity-crs 3.1.0-1+deb10u2
 	[stretch] - modsecurity-crs <no-dsa> (Minor issue)
 	NOTE: https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/
 	NOTE: https://github.com/coreruleset/coreruleset/pull/2143
@@ -19958,7 +19958,7 @@ CVE-2021-33583 (REINER timeCard 6.05.07 installs a Microsoft SQL Server with an
 CVE-2021-33582 (Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of s ...)
 	- cyrus-imapd 3.4.2-1 (bug #993433)
 	[bullseye] - cyrus-imapd 3.2.6-2+deb11u1
-	[buster] - cyrus-imapd <no-dsa> (Minor issue; can be fixed via point release)
+	[buster] - cyrus-imapd 3.0.8-6+deb10u6
 	[stretch] - cyrus-imapd <no-dsa> (Minor issue; can be fixed via point release)
 	- cyrus-imapd-2.4 <removed>
 	NOTE: https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released
@@ -21887,14 +21887,14 @@ CVE-2021-32805 (Flask-AppBuilder is an application development framework, built
 CVE-2021-32804 (The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4 ...)
 	- node-tar 6.1.7+~cs11.3.10-1 (bug #992111)
 	[bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1
-	[buster] - node-tar <no-dsa> (Minor issue)
+	[buster] - node-tar 4.4.6+ds1-3+deb10u1
 	[stretch] - node-tar <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9
 	NOTE: https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4
 CVE-2021-32803 (The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4 ...)
 	- node-tar 6.1.7+~cs11.3.10-1 (bug #992110)
 	[bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1
-	[buster] - node-tar <no-dsa> (Minor issue)
+	[buster] - node-tar 4.4.6+ds1-3+deb10u1
 	[stretch] - node-tar <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw
 	NOTE: https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20
@@ -30605,7 +30605,7 @@ CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG. In
 CVE-2021-29488 (SABnzbd is an open source binary newsreader. A vulnerability was disco ...)
 	- sabnzbdplus 3.2.1+dfsg-1
 	[bullseye] - sabnzbdplus 3.1.1+dfsg-2+deb11u1
-	[buster] - sabnzbdplus <no-dsa> (Minor issue; non-free/contrib not security supported)
+	[buster] - sabnzbdplus 2.3.6+dfsg-1+deb10u2
 	[stretch] - sabnzbdplus <no-dsa> (Minor issue; contrib not supported)
 	NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp
 	NOTE: https://github.com/sabnzbd/sabnzbd/commit/3766ba54026eaa520dbee5b57a2f33d4954fb98b
@@ -30830,7 +30830,7 @@ CVE-2021-29426
 CVE-2021-29425 (In Apache Commons IO before 2.7, When invoking the method FileNameUtil ...)
 	{DLA-2741-1}
 	- commons-io 2.8.0-1
-	[buster] - commons-io <no-dsa> (Minor issue; can be fixed via point release)
+	[buster] - commons-io 2.6-2+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/12/1
 	NOTE: https://issues.apache.org/jira/browse/IO-556
 CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality in versi ...)
@@ -45278,7 +45278,7 @@ CVE-2021-23414 (This affects the package video.js before 7.14.3. The src attribu
 	NOT-FOR-US: video.js
 CVE-2021-23413 (This affects the package jszip before 3.7.0. Crafting a new zip file w ...)
 	- node-jszip 3.5.0+dfsg-2
-	[buster] - node-jszip <no-dsa> (Minor issue)
+	[buster] - node-jszip 3.1.4+dfsg-1+deb10u1
 	NOTE: https://github.com/Stuk/jszip/pull/766
 	NOTE: https://github.com/Stuk/jszip/commit/22357494f424178cb416cdb7d93b26dd4f824b36
 CVE-2021-23412 (All versions of package gitlogplus are vulnerable to Command Injection ...)
@@ -51357,7 +51357,7 @@ CVE-2021-21375 (PJSIP is a free and open source multimedia communication library
 	{DLA-2665-1 DLA-2636-1}
 	- pjproject <removed>
 	- ring 20210112.2.b757bac~ds1-1 (bug #986815)
-	[buster] - ring <no-dsa> (Minor issue; can be fixed via point release)
+	[buster] - ring 20190215.1.f152c98~ds1-1+deb10u1
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
 	NOTE: https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365
 CVE-2021-21374 (Nimble is a package manager for the Nim programming language. In Nim r ...)
@@ -56432,7 +56432,7 @@ CVE-2021-2389 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
 	- mariadb-10.5 1:10.5.12-1
 	[bullseye] - mariadb-10.5 1:10.5.12-0+deb11u1
 	- mariadb-10.3 <removed>
-	[buster] - mariadb-10.3 <no-dsa> (Minor issue, can be fixed via point release)
+	[buster] - mariadb-10.3 1:10.3.31-0+deb10u1
 	- mysql-5.7 <removed>
 	- mysql-8.0 <unfixed>
 	NOTE: Fixed in MariaDB 10.5.12, 10.3.31
@@ -56475,7 +56475,7 @@ CVE-2021-2372 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
 	- mariadb-10.5 1:10.5.12-1
 	[bullseye] - mariadb-10.5 1:10.5.12-0+deb11u1
 	- mariadb-10.3 <removed>
-	[buster] - mariadb-10.3 <no-dsa> (Minor issue, can be fixed via point release)
+	[buster] - mariadb-10.3 1:10.3.31-0+deb10u1
 	- mysql-5.7 <removed>
 	- mysql-8.0 <unfixed>
 	NOTE: Fixed in MariaDB 10.5.12, 10.3.31
@@ -61753,9 +61753,9 @@ CVE-2021-1096 (NVIDIA Windows GPU Display Driver for Windows contains a vulnerab
 	NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
 CVE-2021-1095 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
 	- nvidia-graphics-drivers 460.91.03-1 (bug #991351)
-	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers 418.211.00-1
 	- nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353)
-	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
 	- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352)
 	[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
 	[stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
@@ -61766,9 +61766,9 @@ CVE-2021-1095 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211
 CVE-2021-1094 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
 	- nvidia-graphics-drivers 460.91.03-1 (bug #991351)
-	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers 418.211.00-1
 	- nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353)
-	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
 	- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352)
 	[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
 	[stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
@@ -61779,9 +61779,9 @@ CVE-2021-1094 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211
 CVE-2021-1093 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
 	- nvidia-graphics-drivers 460.91.03-1 (bug #991351)
-	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers 418.211.00-1
 	- nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353)
-	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+	[buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
 	- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352)
 	[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
 	[stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
@@ -88813,7 +88813,7 @@ CVE-2020-17510 (Apache Shiro before 1.7.0, when using Apache Shiro with Spring,
 	{DLA-2726-1}
 	- shiro 1.3.2-5 (bug #988728)
 	[bullseye] - shiro 1.3.2-4+deb11u1
-	[buster] - shiro <no-dsa> (Minor issue)
+	[buster] - shiro 1.3.2-4+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/7
 	NOTE: https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E
 	NOTE: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12349284&styleName=Text&projectId=12310950
@@ -98057,7 +98057,7 @@ CVE-2020-13933 (Apache Shiro before 1.6.0, when using Apache Shiro, a specially
 	{DLA-2726-1}
 	- shiro 1.3.2-5 (bug #968753)
 	[bullseye] - shiro 1.3.2-4+deb11u1
-	[buster] - shiro <no-dsa> (Minor issue)
+	[buster] - shiro 1.3.2-4+deb10u1
 	NOTE: https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E
 CVE-2020-13932 (In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT p ...)
 	NOT-FOR-US: Apache ActiveMQ Artemis
@@ -98197,7 +98197,7 @@ CVE-2020-13882 (CISOfy Lynis before 3.0.0 has Incorrect Access Control because o
 CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...)
 	{DLA-2730-1 DLA-2239-1}
 	- libpam-tacplus 1.3.8-2.1 (low; bug #962830)
-	[buster] - libpam-tacplus <no-dsa> (Minor issue)
+	[buster] - libpam-tacplus 1.3.8-2+deb10u1
 	[stretch] - libpam-tacplus <no-dsa> (Minor issue)
 	NOTE: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0
 	NOTE: https://github.com/kravietz/pam_tacplus/issues/149
@@ -103231,7 +103231,7 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring d
 	{DLA-2273-1}
 	- shiro 1.3.2-5 (bug #988728)
 	[bullseye] - shiro 1.3.2-4+deb11u1
-	[buster] - shiro <no-dsa> (Minor issue)
+	[buster] - shiro 1.3.2-4+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/22/1
 	NOTE: https://github.com/apache/shiro/pull/211
 	NOTE: https://issues.apache.org/jira/browse/SHIRO-753
@@ -103241,7 +103241,7 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring d
 CVE-2020-11988 (Apache XmlGraphics Commons 2.4 is vulnerable to server-side request fo ...)
 	- xmlgraphics-commons 2.4-2 (bug #984949)
 	[bullseye] - xmlgraphics-commons 2.4-2~deb11u1
-	[buster] - xmlgraphics-commons <no-dsa> (Minor issue)
+	[buster] - xmlgraphics-commons 2.3-1+deb10u1
 	[stretch] - xmlgraphics-commons <not-affected> (Vulnerable code is not present)
 	NOTE: https://github.com/apache/xmlgraphics-commons/commit/57393912eb87b994c7fed39ddf30fb778a275183
 	NOTE: https://issues.apache.org/jira/browse/XGC-122
@@ -122248,7 +122248,7 @@ CVE-2019-20226
 CVE-2019-20326 (A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg( ...)
 	{DLA-2749-1 DLA-2066-1}
 	- gthumb 3:3.8.3-0.1 (bug #948197)
-	[buster] - gthumb <no-dsa> (Minor issue)
+	[buster] - gthumb 3:3.6.2-4+deb10u1
 	NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/14860321ce3235d420498c4f81f21003d1fb78f4 (3.8.3)
 	NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad (master)
 CVE-2020-5200
@@ -131301,7 +131301,7 @@ CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dy
 	{DLA-2273-1 DLA-2181-1}
 	- shiro 1.3.2-5 (bug #955018)
 	[bullseye] - shiro 1.3.2-4+deb11u1
-	[buster] - shiro <no-dsa> (Minor issue)
+	[buster] - shiro 1.3.2-4+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2
 	NOTE: Fixed by: https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139
 	NOTE: https://github.com/apache/shiro/pull/203#issuecomment-606270322
@@ -146265,7 +146265,7 @@ CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes maliciou
 	[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
 	[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
 	- http-parser 2.9.4-2 (bug #977467)
-	[buster] - http-parser <no-dsa> (Minor issue)
+	[buster] - http-parser 2.8.1-1+deb10u1
 	[stretch] - http-parser <ignored> (Invasive patch, requires prior content-length support and public struct changes that break ABI)
 	[jessie] - http-parser <ignored> (Invasive patch, requires prior content-length support and public struct changes that break ABI)
 	NOTE: https://hackerone.com/reports/735748
@@ -155647,7 +155647,7 @@ CVE-2016-10761 (Logitech Unifying devices before 2016-02-26 allow keystroke inje
 	NOT-FOR-US: Logitech
 CVE-2019-13045 (Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when S ...)
 	- irssi 1.2.1-1 (low; bug #931264)
-	[buster] - irssi <no-dsa> (Minor issue)
+	[buster] - irssi 1.2.0-2+deb10u1
 	[stretch] - irssi <no-dsa> (Minor issue)
 	[jessie] - irssi <not-affected> (vulnerable sasl code is not present)
 	NOTE: https://irssi.org/security/irssi_sa_2019_06.txt
diff --git a/data/next-oldstable-point-update.txt b/data/next-oldstable-point-update.txt
index 5e5e328f85..bb95f7c93d 100644
--- a/data/next-oldstable-point-update.txt
+++ b/data/next-oldstable-point-update.txt
@@ -1,66 +1,3 @@
-CVE-2019-15605
-	[buster] - http-parser 2.8.1-1+deb10u1
-CVE-2021-21375
-	[buster] - ring 20190215.1.f152c98~ds1-1+deb10u1
-CVE-2021-1093
-	[buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
-	[buster] - nvidia-graphics-drivers 418.211.00-1
-CVE-2021-1094
-	[buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
-	[buster] - nvidia-graphics-drivers 418.211.00-1
-CVE-2021-1095
-	[buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
-	[buster] - nvidia-graphics-drivers 418.211.00-1
-CVE-2021-23413
-	[buster] - node-jszip 3.1.4+dfsg-1+deb10u1
-CVE-2019-13045
-	[buster] - irssi 1.2.0-2+deb10u1
-CVE-2020-11988
-	[buster] - xmlgraphics-commons 2.3-1+deb10u1
-CVE-2020-13881
-	[buster] - libpam-tacplus 1.3.8-2+deb10u1
-CVE-2021-32803
-	[buster] - node-tar 4.4.6+ds1-3+deb10u1
-CVE-2021-32804
-	[buster] - node-tar 4.4.6+ds1-3+deb10u1
-CVE-2021-29425
-	[buster] - commons-io 2.6-2+deb10u1
-CVE-2021-35368
-	[buster] - modsecurity-crs 3.1.0-1+deb10u2
-CVE-2021-29488
-	[buster] - sabnzbdplus 2.3.6+dfsg-1+deb10u2
-CVE-2020-1957
-        [buster] - shiro 1.3.2-4+deb10u1
-CVE-2020-11989
-        [buster] - shiro 1.3.2-4+deb10u1
-CVE-2020-13933
-        [buster] - shiro 1.3.2-4+deb10u1
-CVE-2020-17510
-        [buster] - shiro 1.3.2-4+deb10u1
-CVE-2021-36773
-	[buster] - ublock-origin 1.37.0+dfsg-1~deb10u1
-CVE-2019-20326
-	[buster] - gthumb 3:3.6.2-4+deb10u1
-CVE-2021-37750
-	[buster] - krb5 1.17-3+deb10u3
-CVE-2021-33582
-	[buster] - cyrus-imapd 3.0.8-6+deb10u6
-CVE-2021-2389
-	[buster] - mariadb-10.3 1:10.3.31-0+deb10u1
-CVE-2021-2372
-	[buster] - mariadb-10.3 1:10.3.31-0+deb10u1
-CVE-2021-38173
-	[buster] - btrbk 0.27.1-1+deb10u1
-CVE-2021-41054
-	[buster] - atftp 0.7.git20120829-3.2~deb10u2
-CVE-2021-3749
-	[buster] - node-axios 0.17.1+dfsg-2+deb10u1
-(CVE-2021-3807
-	[buster] - node-ansi-regex 3.0.0-1+deb10u1
-CVE-2021-40540
-	[buster] - ulfius 2.5.2-4+deb10u1
-CVE-2021-38562
-	[buster] - request-tracker4 4.4.3-2+deb10u1
 CVE-2019-20807
 	[buster] - vim 2:8.1.0875-5+deb10u1
 CVE-2021-3770
author	Salvatore Bonaccorso <carnil@debian.org>	2021-10-09 12:09:27 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-10-09 12:09:27 +0200
commit	c9d3ab67b7d6dd80b78f0a37c5caca8844741e8f (patch)
tree	edb4430ab03c0add286105101f0b9a9655039c15 /data
parent	e99daf016d544dc0c91fa1acb35bf2a14a9e9b4e (diff)