diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-03-22 17:56:28 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-03-22 17:56:51 +0100 |
commit | 544738db15ccc2baa1bc48a20af7ed290329a8a5 (patch) | |
tree | e4cf8d154371b3ecaf0ad5a477129f17cacf6572 | |
parent | a85fcf5f0bc4b6b5d9e47ac28347d25251185073 (diff) |
bullseye triage
-rw-r--r-- | data/CVE/list.2016 | 1 | ||||
-rw-r--r-- | data/CVE/list.2018 | 3 | ||||
-rw-r--r-- | data/CVE/list.2019 | 6 | ||||
-rw-r--r-- | data/CVE/list.2020 | 2 | ||||
-rw-r--r-- | data/CVE/list.2021 | 5 |
5 files changed, 17 insertions, 0 deletions
diff --git a/data/CVE/list.2016 b/data/CVE/list.2016 index fa9ce1f522..0891c59421 100644 --- a/data/CVE/list.2016 +++ b/data/CVE/list.2016 @@ -26804,6 +26804,7 @@ CVE-2016-2142 (Red Hat OpenShift Enterprise 3.1 uses world-readable permissions NOT-FOR-US: OpenShift CVE-2016-2141 (JGroups before 4.0 does not require the proper headers for the ENCRYPT ...) - libjgroups-java <unfixed> (low; bug #867493) + [bullseye] - libjgroups-java <ignored> (Minor issue, only used as build dep) [buster] - libjgroups-java <ignored> (Minor issue, only used as build dep) [stretch] - libjgroups-java <ignored> (Minor issue, only used as build dep) [jessie] - libjgroups-java <no-dsa> (Minor issue) diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index e48479e750..e2fde151cc 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -21914,6 +21914,7 @@ CVE-2018-12929 (ntfs_read_locked_inode in the ntfs.ko filesystem driver in the L [jessie] - linux <ignored> (ntfs is not supportable) CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was discovered ...) - linux <unfixed> (low) + [bullseye] - linux <ignored> (Minor issue) [buster] - linux <ignored> (Minor issue) [stretch] - linux <ignored> (Minor issue) - linux-4.9 <removed> @@ -52143,6 +52144,7 @@ CVE-2018-1298 (A Denial of Service vulnerability was found in Apache Qpid Broker NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=4b9fb37 CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x and 3. ...) - jakarta-jmeter <unfixed> (low; bug #897259) + [bullseye] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport) [buster] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport) [stretch] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport) [jessie] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport) @@ -52171,6 +52173,7 @@ CVE-2018-1288 (In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0. - kafka <itp> (bug #786460) CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI ba ...) - jakarta-jmeter <unfixed> (low) + [bullseye] - jakarta-jmeter <no-dsa> (Minor issue) [buster] - jakarta-jmeter <no-dsa> (Minor issue) [stretch] - jakarta-jmeter <no-dsa> (Minor issue) [jessie] - jakarta-jmeter <no-dsa> (Minor issue) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 62a05951bb..85a6506d45 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -2994,6 +2994,8 @@ CVE-2019-19815 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem i [stretch] - linux 4.9.184-1 CVE-2019-19814 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...) - linux <unfixed> + [bullseye] - linux <no-dsa> (Minor issue) + [buster] - linux <no-dsa> (Minor issue) CVE-2019-19813 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...) {DLA-2586-1 DLA-2385-1} - linux 5.2.6-1 @@ -4175,6 +4177,8 @@ CVE-2019-19379 (In app/Controller/TagsController.php in MISP 2.4.118, users can NOT-FOR-US: MISP CVE-2019-19378 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image ...) - linux <unfixed> + [bullseye] - linux <no-dsa> (Minor issue) + [buster] - linux <no-dsa> (Minor issue) CVE-2019-19377 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...) {DLA-2483-1} - linux 5.6.7-1 @@ -37855,6 +37859,7 @@ CVE-2019-6989 (TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, NOT-FOR-US: TP-Link CVE-2019-6988 (An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers ...) - openjpeg2 <unfixed> (low; bug #922648) + [bullseye] - openjpeg2 <ignored> (Minor issue) [buster] - openjpeg2 <ignored> (Minor issue) [stretch] - openjpeg2 <ignored> (Minor issue) [jessie] - openjpeg2 <ignored> (Minor issue) @@ -41639,6 +41644,7 @@ CVE-2019-5428 REJECTED CVE-2019-5427 (c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack ...) - c3p0 <unfixed> (low; bug #927936) + [bullseye] - c3p0 <no-dsa> (Minor issue) [buster] - c3p0 <no-dsa> (Minor issue) [stretch] - c3p0 <no-dsa> (Minor issue) [jessie] - c3p0 <no-dsa> (Minor issue) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index ebb93d81e2..79f17e0b2a 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -5573,6 +5573,7 @@ CVE-2020-28492 REJECTED CVE-2020-28491 (This affects the package com.fasterxml.jackson.dataformat:jackson-data ...) - jackson-dataformat-cbor <unfixed> (bug #983664) + [bullseye] - jackson-dataformat-cbor <no-dsa> (Minor issue) [buster] - jackson-dataformat-cbor <no-dsa> (Minor issue) [stretch] - jackson-dataformat-cbor <no-dsa> (Minor issue) NOTE: https://people.debian.org/~abhijith/CVE-2020-28491.txt (stretch fix) @@ -59348,6 +59349,7 @@ CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit a NOT-FOR-US: Mailu CVE-2020-5238 (The table extension in GitHub Flavored Markdown before version 0.29.0. ...) - cmark-gfm <unfixed> (bug #965984) + [bullseye] - cmark-gfm <no-dsa> (Minor issue) [buster] - cmark-gfm <no-dsa> (Minor issue) - python-cmarkgfm <unfixed> (bug #965983) [bullseye] - python-cmarkgfm <no-dsa> (Minor issue) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 018b16ec8b..9a37c64cf5 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -2330,6 +2330,7 @@ CVE-2021-27918 (encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an NOTE: https://github.com/golang/go/issues/44913 CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper overfl ...) - newlib <unfixed> (bug #984446) + [bullseye] - newlib <no-dsa> (Minor issue) [buster] - newlib <no-dsa> (Minor issue) [stretch] - newlib <no-dsa> (Minor issue) - picolibc 1.5-1 @@ -19519,6 +19520,7 @@ CVE-2021-20197 CVE-2021-20196 [block: fdc: null pointer dereference may lead to guest crash] RESERVED - qemu <unfixed> (bug #984453) + [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream) [buster] - qemu <postponed> (Fix along in future DSA) [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919210 @@ -19547,6 +19549,7 @@ CVE-2021-20191 [buster] - ansible <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1916813 NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227 + NOTE: https://github.com/ansible-collections/cisco.nxos/commit/120956963f47502151a358e4a7bc2a87f71813aa CVE-2021-20190 (A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishan ...) - jackson-databind 2.12.1-1 [buster] - jackson-databind <no-dsa> (Minor issue) @@ -19587,6 +19590,7 @@ CVE-2021-20180 [buster] - ansible <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1915808 NOTE: https://github.com/ansible-collections/community.general/pull/1635 + NOTE: https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc CVE-2021-20179 (A flaw was found in pki-core. An attacker who has successfully comprom ...) - dogtag-pki 10.10.2-2 NOTE: https://github.com/dogtagpki/pki/pull/3475 @@ -19596,6 +19600,7 @@ CVE-2021-20178 [user data leak in snmp_facts module] [buster] - ansible <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1914774 NOTE: https://github.com/ansible-collections/community.general/pull/1621 + NOTE: https://github.com/ansible-collections/community.general/commit/3560aeb12f7061bf21d63ca0e1e19feb99c57de3 CVE-2021-20177 RESERVED {DSA-4843-1 DLA-2557-1} |