diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-10-12 19:20:59 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-10-12 19:21:35 +0200 |
commit | 543bb2158d1333f527f2656de7d505476100625d (patch) | |
tree | dc002137c8b08ca0008e8aed76ac72994971e224 /data | |
parent | 70014de6a1baa1f23c842fe295f38e434b636026 (diff) |
buster/bullseye triage
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list.2020 | 3 | ||||
-rw-r--r-- | data/CVE/list.2021 | 12 |
2 files changed, 15 insertions, 0 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 71947b49bc..b2e5005981 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -6694,6 +6694,8 @@ CVE-2020-28283 (Prototype pollution vulnerability in 'libnested' versions 0.0.0 NOT-FOR-US: libnested CVE-2020-28282 (Prototype pollution vulnerability in 'getobject' version 0.1.0 allows ...) - node-getobject 1.0.2-1 + [bullseye] - node-getobject <no-dsa> (Minor issue) + [buster] - node-getobject <no-dsa> (Minor issue) NOTE: https://github.com/cowboy/node-getobject/commit/84071748fa407caa8f824e0d0b9c1cde9ec56633 (v1.0.0) CVE-2020-28281 (Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 ...) NOT-FOR-US: react-atomic-organism @@ -21414,6 +21416,7 @@ CVE-2020-21913 (International Components for Unicode (ICU-20850) v66.1 was disco - icu 67.1-2 NOTE: https://github.com/unicode-org/icu/pull/886 NOTE: https://unicode-org.atlassian.net/browse/ICU-20850 + NOTE: https://github.com/unicode-org/icu/commit/727505bddab0bfd527f1db6697cb4d4f7febe4a9 CVE-2020-21912 RESERVED CVE-2020-21911 diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index b6b05e5ebf..a0cee53731 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1810,16 +1810,22 @@ CVE-2021-41460 RESERVED CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...) - gpac <unfixed> + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/1912 NOTE: Fixed by: https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339 CVE-2021-41458 RESERVED CVE-2021-41457 (There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nh ...) - gpac <unfixed> + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/1909 NOTE: Fixed by: https://github.com/gpac/gpac/commit/ae2828284f2fc0381548aaa991958f1eb9b90619 CVE-2021-41456 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...) - gpac <unfixed> + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/1911 NOTE: Fixed by: https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e CVE-2021-41455 @@ -10785,6 +10791,8 @@ CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading, wri NOTE: https://github.com/Exiv2/exiv2/pull/1752 CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 <unfixed> + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2 NOTE: https://github.com/Exiv2/exiv2/pull/1759 CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) @@ -10792,10 +10800,14 @@ CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 <unfixed> + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w NOTE: https://github.com/Exiv2/exiv2/pull/1758 CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 <unfixed> + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w NOTE: https://github.com/Exiv2/exiv2/pull/1758 CVE-2021-37614 (In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0 ...) |