diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-01-10 23:41:26 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-01-10 23:41:26 +0100 |
commit | 32995bf1cd92f2de16e9d8588142f2dca5a4b18f (patch) | |
tree | 38fe49fc838cdab05c331c8f171e58e0eb447f24 | |
parent | 83e9d8482bbc1a4508d65f126533a6648a942129 (diff) |
bullseye triage
-rw-r--r-- | data/CVE/2017.list | 8 | ||||
-rw-r--r-- | data/CVE/2019.list | 3 | ||||
-rw-r--r-- | data/CVE/2021.list | 1 |
3 files changed, 7 insertions, 5 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 61d30bcc2c..3b5b817a49 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1667,6 +1667,7 @@ CVE-2017-18227 (TitanHQ WebTitan Gateway has incorrect certificate validation fo NOT-FOR-US: TitanHQ WebTitan Gateway CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of ...) - jabberd2 <unfixed> (low; bug #902783) + [bullseye] - jabberd2 <ignored> (Minor issue, default init system not affected) [buster] - jabberd2 <ignored> (Minor issue, default init system not affected) [stretch] - jabberd2 <ignored> (Minor issue, default init system not affected) NOTE: https://bugs.gentoo.org/631068 @@ -4117,15 +4118,12 @@ CVE-2017-17508 (In HDF5 1.10.1, there is a divide-by-zero vulnerability in the f NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/0a7128c0d5bd035288be7b02ca9cf9bba321aadd CVE-2017-17507 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the fu ...) - - hdf5 <unfixed> (low; bug #915807) - [buster] - hdf5 <no-dsa> (Minor issue, requires ABI change) - [stretch] - hdf5 <no-dsa> (Minor issue) - [jessie] - hdf5 <no-dsa> (Minor issue) - [wheezy] - hdf5 <no-dsa> (Minor issue) + - hdf5 <unfixed> (unimportant; bug #915807) NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/3-hdf5-outbound-read-H5T_conv_struct_opt NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md NOTE: Fixing the bug requires an ABI changes thus upstream will only include a fix NOTE: on a major version bump. + NOTE: Negligible security impact CVE-2017-17506 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the fu ...) - hdf5 1.10.4+repack-1 (bug #884365) [stretch] - hdf5 <no-dsa> (Minor issue) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 89616b7746..b3d6a04fcd 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -14906,6 +14906,7 @@ CVE-2019-15053 (The "HTML Include and replace macro" plugin before 1.5.0 for Con NOT-FOR-US: "HTML Include and replace macro" plugin for Confluence Server CVE-2019-15052 (The HTTP client in Gradle before 5.6 sends authentication credentials ...) - gradle <unfixed> (low; bug #941187) + [bullseye] - gradle <no-dsa> (Minor issue) [buster] - gradle <no-dsa> (Minor issue) [stretch] - gradle <no-dsa> (Minor issue) [jessie] - gradle <postponed> (Minor issue, old gradle mainly used for building Debian packages with system libraries) @@ -22802,6 +22803,7 @@ CVE-2019-12215 (** DISPUTED ** A full path disclosure vulnerability was discover - matomo <itp> (bug #448532) CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of mishand ...) - freeimage <unfixed> (bug #947478) + [bullseye] - freeimage <postponed> (Revisit when upstream fixes are available) [buster] - freeimage <postponed> (Revisit when upstream fixes are available) [stretch] - freeimage <postponed> (Revisit when upstream fixes are available) [jessie] - freeimage <postponed> (Revisit when upstream fixes are available) @@ -22818,6 +22820,7 @@ CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDir NOTE: https://sourceforge.net/p/freeimage/svn/1825/ CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize ...) - freeimage <unfixed> (bug #947477) + [bullseye] - freeimage <postponed> (Revisit when upstream fixes are available) [buster] - freeimage <postponed> (Revisit when upstream fixes are available) [stretch] - freeimage <postponed> (Revisit when upstream fixes are available) [jessie] - freeimage <postponed> (Revisit when upstream fixes are available) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 137c6c8b99..a5e0a66fd9 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -10553,6 +10553,7 @@ CVE-2021-1056 (NVIDIA GPU Display Driver for Linux, all versions, contains a vul [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) [stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #979671) + [bullseye] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340) [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported) [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx 390.141-1 (bug #979672) |