diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2021-10-11 16:46:35 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-10-11 16:47:05 +0200 |
| commit | 0c08faab487ba1defff356133a3a66bf4027f298 (patch) | |
| tree | ff4c12650758325ce5001bbed727f01504759f67 /data/CVE/list.2021 | |
| parent | 5cdc2fb02cba0f0669be27c474a5ee2665f96dff (diff) | |
pillow fixed in sid
buster/bullseye triage
Diffstat (limited to 'data/CVE/list.2021')
| -rw-r--r-- | data/CVE/list.2021 | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 92195266ed..61cab147f7 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -2985,6 +2985,7 @@ CVE-2021-40823 (A logic error in the room key sharing functionality of matrix-js - element-web <itp> (bug #866502) - node-matrix-js-sdk <unfixed> (bug #994213) [bullseye] - node-matrix-js-sdk <no-dsa> (Minor issue) + [buster] - node-matrix-js-sdk <no-dsa> (Minor issue) NOTE: https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing/ NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9 (v12.4.1) CVE-2021-40822 @@ -4772,6 +4773,8 @@ CVE-2021-3739 CVE-2021-3735 [ahci: deadlock issue leads to denial of service] RESERVED - qemu <unfixed> + [bullseye] - qemu <no-dsa> (Minor issue) + [buster] - qemu <no-dsa> (Minor issue) [stretch] - qemu <postponed> (Fix along with a future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997184 CVE-2021-40083 (Knot Resolver before 5.3.2 is prone to an assertion failure, triggerab ...) @@ -10010,9 +10013,11 @@ CVE-2021-37846 CVE-2021-37845 RESERVED - citadel <unfixed> + [buster] - citadel <ignored> (Minor issue) [stretch] - citadel <postponed> (Minor issue, revisit when fixed upstream) NOTE: https://uncensored.citadel.org/readfwd?go=Citadel Security?view=0?start_reading_at=2099264259#2099264259 NOTE: https://nostarttls.secvuln.info/ + NOTE: CVE-2020-29547 and CVE-2021-37845 seem like dupes CVE-2021-37844 RESERVED CVE-2021-3677 [Memory disclosure in certain queries] @@ -31829,6 +31834,7 @@ CVE-2021-28703 RESERVED CVE-2021-28702 (PCI devices with RMRRs not deassigned correctly Certain PCI devices in ...) - xen <unfixed> + [bullseye] - xen <postponed> (Minor issue, fix along with next DSA) [buster] - xen <not-affected> (Vulnerable code introduced later) [stretch] - xen <not-affected> (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-386.html @@ -44190,7 +44196,9 @@ CVE-2021-23439 (This affects the package file-upload-with-preview before 4.2.0. CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion vulnerab ...) NOT-FOR-US: Node mpath CVE-2021-23437 (The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Ex ...) - - pillow <unfixed> + - pillow 8.3.2-1 + [bullseye] - pillow <no-dsa> (Minor issue) + [buster] - pillow <no-dsa> (Minor issue) [stretch] - pillow <postponed> (Minor issue, can be fixed in the next DLA) NOTE: https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b NOTE: https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443 |