diff options
| author | Abhijith PA <abhijith@disroot.org> | 2021-03-06 14:13:22 +0530 |
|---|---|---|
| committer | Abhijith PA <abhijith@disroot.org> | 2021-03-06 14:13:22 +0530 |
| commit | 755c656cacc1138aa6f42e71870da578b007315f (patch) | |
| tree | 235484d29dbb0f9842983f85692766e5071ab750 | |
| parent | 36b3bf8012424f638bcb221ab373eb91cc26cae7 (diff) | |
Stretch triage
| -rw-r--r-- | data/CVE/list.2020 | 4 | ||||
| -rw-r--r-- | data/CVE/list.2021 | 2 | ||||
| -rw-r--r-- | data/dla-needed.txt | 4 |
3 files changed, 10 insertions, 0 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 715ec12097..47b60b4af0 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -1722,11 +1722,13 @@ CVE-2020-35525 CVE-2020-35524 [Heap-based buffer overflow in TIFF2PDF tool] RESERVED - tiff 4.1.0+git201212-1 + [stretch] - tiff <no-dsa> (can be fixed along in next DLA) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/159 CVE-2020-35523 [Integer overflow in tif_getimage.c] RESERVED - tiff 4.1.0+git201212-1 + [stretch] - tiff <no-dsa> (can be fixed along in next DLA) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/160 CVE-2020-35522 [Memory allocation failure in tif_pixarlog.c] @@ -5466,6 +5468,7 @@ CVE-2020-28497 RESERVED CVE-2020-28496 (This affects the package three before 0.125.0. This can happen when ha ...) - three.js <unfixed> + [stretch] - three.js <no-dsa> (can be fixed along in next DLA) NOTE: https://github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e NOTE: https://github.com/mrdoob/three.js/issues/21132 CVE-2020-28495 (This affects the package total.js before 3.4.7. The set function can b ...) @@ -8242,6 +8245,7 @@ CVE-2020-27353 CVE-2020-27352 RESERVED - snapd 2.49-1 + [stretch] - snapd <no-dsa> (Minor issue) NOTE: https://ubuntu.com/security/notices/USN-4728-1 NOTE: https://github.com/docker-snap/docker-snap/security/advisories/GHSA-798c-v3jq-h646 NOTE: https://bugs.launchpad.net/snapd/+bug/1910456 diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 67e9138253..fe0afd13f4 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -258,6 +258,7 @@ CVE-2021-27928 RESERVED CVE-2021-27927 (In Zabbix before 4.0.28rc1, 5.x before 5.0.8rc1, 5.1.x and 5.2.x befor ...) - zabbix 1:5.0.8+dfsg-1 + [stretch] - zabbix <no-dsa> (minor issue) NOTE: https://support.zabbix.com/browse/ZBX-18942 CVE-2021-27926 RESERVED @@ -283,6 +284,7 @@ CVE-2021-27918 CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper overfl ...) - newlib <unfixed> (bug #984446) [buster] - newlib <no-dsa> (Minor issue) + [stretch] - newlib <no-dsa> (Minor issue) - picolibc 1.5-1 - libnewlib-nano <unfixed> (bug #984424) [buster] - libnewlib-nano <no-dsa> (Minor issue) diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 622d6d23e8..920beee484 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -67,6 +67,8 @@ libebml (Thorsten Alteholz) libupnp NOTE: 20210302: since utkarsh working wpa, might want to handle this as well ? (abhijith) -- +libcaca (Abhijith PA) +-- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) @@ -117,6 +119,8 @@ shiro NOTE: 20201004: Sent additional request to upstream dev list; stil no response. (roberto) NOTE: 20201220: Upstream has responded. Working with them to backport fixes. (roberto) -- +smarty3 (Abhijith PA) +-- spotweb NOTE: 20201220: The affected code uses string concatenation to construct a SQL query. NOTE: 20201220: Upstream's "fix" is to blacklist all the "bad" SQL commands. (roberto) |