diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2021-10-13 19:47:09 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-10-13 19:50:12 +0200 |
| commit | b8de5b77f210d994db4392727786cbfaac998ca5 (patch) | |
| tree | 57638294ecbcc26ec6f2b820fc1b8322dbf78191 /data | |
| parent | 3c6a4e27de6e589f79edc4974484737636a468a7 (diff) | |
buster/bullseye triage
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list.2021 | 9 | ||||
| -rw-r--r-- | data/dsa-needed.txt | 2 |
2 files changed, 10 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 34b53e88df..a80b79ec57 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -836,6 +836,8 @@ CVE-2021-3854 RESERVED CVE-2021-XXXX [RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist] - rust-nix 0.19.0-2 (bug #995562) + [bullseye] - rust-nix <no-dsa> (Minor issue) + [buster] - rust-nix <no-dsa> (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html NOTE: https://github.com/nix-rust/nix/issues/1541 CVE-2021-41970 @@ -2348,8 +2350,9 @@ CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification o NOTE: https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6 CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...) - shiro <unfixed> + [bullseye] - shiro <no-dsa> (Minor issue) + [buster] - shiro <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1 - TODO: check CVE-2021-41302 (ECOA BAS controller stores sensitive data (backup exports) in clear-te ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41301 (ECOA BAS controller is vulnerable to configuration disclosure when dir ...) @@ -12084,11 +12087,15 @@ CVE-2021-37138 CVE-2021-37137 RESERVED - netty <unfixed> + [bullseye] - netty <no-dsa> (Minor issue) + [buster] - netty <no-dsa> (Minor issue) NOTE: https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363 NOTE: Fixed by: https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f (netty-4.1.68.Final) CVE-2021-37136 RESERVED - netty <unfixed> + [bullseye] - netty <no-dsa> (Minor issue) + [buster] - netty <no-dsa> (Minor issue) NOTE: https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv NOTE: Fixed by: https://github.com/netty/netty/commit/41d3d61a61608f2223bb364955ab2045dd5e4020 (netty-4.1.68.Final) CVE-2021-37135 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 9c1a3e3269..83965a060c 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -50,6 +50,8 @@ salt -- squashfs-tools (carnil) -- +thunderbird (jmm) +-- tomcat9 Markus Koschany proposed an update for CVE-2021-41079, plus a regression fix from previous CVE-2021-30640 and another non-security fix for #987179, might |