From 34691df1b8de64e330652517d3e3cf552d2f1368 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 29 Sep 2021 17:31:30 +0200
Subject: buster/bullseye triage

---
 data/CVE/list       | 7 +++++++
 data/dsa-needed.txt | 7 +++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

(limited to 'data')

diff --git a/data/CVE/list b/data/CVE/list
index 291c78644b..f771abd0ca 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7779,6 +7779,8 @@ CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle attackers can create new f
 	- trojita <itp> (bug #795701)
 CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response injection  ...)
 	- exim4 <unfixed> (bug #992172)
+	[bullseye] - exim4 <no-dsa> (Minor issue)
+	[buster] - exim4 <no-dsa> (Minor issue)
 	[stretch] - exim4 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://nostarttls.secvuln.info
 	NOTE: https://www.exim.org/static/doc/security/CVE-2021-38371.txt
@@ -10675,6 +10677,8 @@ CVE-2021-37147
 	RESERVED
 CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...)
 	- ros-ros-comm <unfixed>
+	[bullseye] - ros-ros-comm <no-dsa> (Minor issue)
+	[buster] - ros-ros-comm <no-dsa> (Minor issue)
 	NOTE: https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446
 	NOTE: https://discourse.ros.org/t/new-packages-for-noetic-2021-09-27/22447
 	NOTE: https://github.com/ros/ros_comm/pull/2185
@@ -79412,12 +79416,14 @@ CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the read_text
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8)
 CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfont fun ...)
 	- fig2dev 1:3.2.8-1
+	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/64/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/421afa17d8cb8dafcaf3e6044a70790fa4fe307b/ (3.2.8)
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/00cdedac7a0b029846dee891769a1e77df83a01b/ (3.2.8)
 CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_i ...)
 	- fig2dev 1:3.2.8-1
+	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/63/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/2f8d1ae9763dcdc99b88a2b14849fe37174bcd69/ (3.2.8)
@@ -79429,6 +79435,7 @@ CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the read_objects
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8)
 CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline f ...)
 	- fig2dev 1:3.2.8-1
+	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/65/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8)
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index 67e6066760..0a16e2e84d 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -12,8 +12,7 @@ To pick an issue, simply add your uid behind it.
 If needed, specify the release by adding a slash after the name of the source package.
 
 --
-apache2
-  Yadd prepared update for bullseye-security, ping about buster?
+apache2 (jmm)
 --
 asterisk
   Maintainer prepared update for bullseye, needs ping for buster
@@ -24,6 +23,8 @@ chromium
 --
 djvulibre
 --
+faad2/oldstable (jmm)
+--
 ffmpeg/oldstable (jmm)
   4.1.7 fixes a number of bugs, but several further one in the 4.1 branch, reaching out for a 4.1.8 release date
 --
@@ -41,6 +42,8 @@ puppetdb (jmm)
 --
 python-pysaml2 (jmm)
 --
+qemu (jmm)
+--
 rabbitmq-server
 --
 runc
-- 
cgit v1.2.3