From b8de5b77f210d994db4392727786cbfaac998ca5 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 13 Oct 2021 19:47:09 +0200
Subject: buster/bullseye triage

---
 data/CVE/list.2021  | 9 ++++++++-
 data/dsa-needed.txt | 2 ++
 2 files changed, 10 insertions(+), 1 deletion(-)

(limited to 'data')

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 34b53e88df..a80b79ec57 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -836,6 +836,8 @@ CVE-2021-3854
 	RESERVED
 CVE-2021-XXXX [RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist]
 	- rust-nix 0.19.0-2 (bug #995562)
+	[bullseye] - rust-nix <no-dsa> (Minor issue)
+	[buster] - rust-nix <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html
 	NOTE: https://github.com/nix-rust/nix/issues/1541
 CVE-2021-41970
@@ -2348,8 +2350,9 @@ CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification o
 	NOTE: https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6
 CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...)
 	- shiro <unfixed>
+	[bullseye] - shiro <no-dsa> (Minor issue)
+	[buster] - shiro <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1
-	TODO: check
 CVE-2021-41302 (ECOA BAS controller stores sensitive data (backup exports) in clear-te ...)
 	NOT-FOR-US: ECOA BAS controller
 CVE-2021-41301 (ECOA BAS controller is vulnerable to configuration disclosure when dir ...)
@@ -12084,11 +12087,15 @@ CVE-2021-37138
 CVE-2021-37137
 	RESERVED
 	- netty <unfixed>
+	[bullseye] - netty <no-dsa> (Minor issue)
+	[buster] - netty <no-dsa> (Minor issue)
 	NOTE: https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363
 	NOTE: Fixed by: https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f (netty-4.1.68.Final)
 CVE-2021-37136
 	RESERVED
 	- netty <unfixed>
+	[bullseye] - netty <no-dsa> (Minor issue)
+	[buster] - netty <no-dsa> (Minor issue)
 	NOTE: https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv
 	NOTE: Fixed by: https://github.com/netty/netty/commit/41d3d61a61608f2223bb364955ab2045dd5e4020 (netty-4.1.68.Final)
 CVE-2021-37135
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index 9c1a3e3269..83965a060c 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -50,6 +50,8 @@ salt
 --
 squashfs-tools (carnil)
 --
+thunderbird (jmm)
+--
 tomcat9
   Markus Koschany proposed an update for CVE-2021-41079, plus a regression fix
   from previous CVE-2021-30640 and another non-security fix for #987179, might
-- 
cgit v1.2.3