diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-02-06 10:18:37 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-02-06 10:21:51 +0100 |
commit | 60bf99562d2e1203cddc11a15fbad3d733711c9a (patch) | |
tree | f5f345c709e2294ab125a119af52fdd70a82488d | |
parent | f89c93558cbb27d667843500f758cd3984fd46f3 (diff) |
Merge updates acked and included in the Debian buster 10.8 point release
For the first time with the help of 'merge-cve-files' as implemented by
Emilio Pozuelo Monfort.
next-point-update.txt: Cleanup list from merged entries
-rw-r--r-- | data/CVE/2014.list | 2 | ||||
-rw-r--r-- | data/CVE/2019.list | 10 | ||||
-rw-r--r-- | data/CVE/2020.list | 60 | ||||
-rw-r--r-- | data/CVE/2021.list | 4 | ||||
-rw-r--r-- | data/next-point-update.txt | 75 |
5 files changed, 38 insertions, 113 deletions
diff --git a/data/CVE/2014.list b/data/CVE/2014.list index bfea2d3db9..5ef0fa04ef 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -1,6 +1,6 @@ CVE-2014-10402 (An issue was discovered in the DBI module through 1.643 for Perl. DBD: ...) - libdbi-perl 1.643-3 (bug #972180) - [buster] - libdbi-perl <no-dsa> (Minor issue; can be fixed via point release) + [buster] - libdbi-perl 1.642-1+deb10u2 [stretch] - libdbi-perl <postponed> (Revisit when fixed upstream) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590 CVE-2014-10401 (An issue was discovered in the DBI module before 1.632 for Perl. DBD:: ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index f7ac573379..e811896ddb 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -3688,7 +3688,7 @@ CVE-2019-19554 RESERVED CVE-2019-19553 (In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector cou ...) - wireshark 3.0.7-1 (low) - [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA) + [buster] - wireshark 2.6.20-0+deb10u1 [stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x DSA) [jessie] - wireshark <postponed> (Can be fixed along in next 1.12.x DLA) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15961 @@ -11767,7 +11767,7 @@ CVE-2019-16277 (PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cs NOT-FOR-US: PicoC CVE-2019-16319 (In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector ...) - wireshark 3.0.4-1 (low) - [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA) + [buster] - wireshark 2.6.20-0+deb10u1 [stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x DSA) [jessie] - wireshark <not-affected> (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2019-21.html @@ -16355,7 +16355,7 @@ CVE-2019-14585 CVE-2019-14584 RESERVED - edk2 2020.11-1 (bug #977300) - [buster] - edk2 <no-dsa> (Minor issue) + [buster] - edk2 0~20181115.85588389-3+deb10u3 [stretch] - edk2 <ignored> (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1914 NOTE: https://github.com/tianocore/edk2/commit/26442d11e620a9e81c019a24a4ff38441c64ba10 @@ -18973,7 +18973,7 @@ CVE-2019-13620 RESERVED CVE-2019-13619 (In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ...) - wireshark 2.6.10-1 (low) - [buster] - wireshark <postponed> (Can be fixed along in next 2.6.x release) + [buster] - wireshark 2.6.20-0+deb10u1 [stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release) [jessie] - wireshark <not-affected> (vulnerable code not present, binary encoding not yet supported) NOTE: https://www.wireshark.org/security/wnpa-sec-2019-20.html @@ -28255,7 +28255,7 @@ CVE-2019-10204 RESERVED CVE-2019-10203 (PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1. ...) - pdns 4.2.0-1 (low; bug #970729) - [buster] - pdns <no-dsa> (Minor issue) + [buster] - pdns 4.1.6-3+deb10u1 [stretch] - pdns <no-dsa> (Minor issue) [jessie] - pdns <no-dsa> (Minor issue) NOTE: Fixed in 4.2.0, 4.1.11, 4.0.9, for existing installations a manual schema update diff --git a/data/CVE/2020.list b/data/CVE/2020.list index a45d4a0019..7db3bf8aca 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1244,7 +1244,7 @@ CVE-2020-35702 (** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20 NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/ae614bf8ab42c9d0c7ac57ecdfdcbcfc4ff6c639 CVE-2020-35701 (An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection ...) - cacti 1.2.16+ds1-2 (bug #979998) - [buster] - cacti <no-dsa> (Minor issue; will be fixed via point release) + [buster] - cacti 1.2.2+ds1-2+deb10u4 [stretch] - cacti <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/issues/4022 NOTE: https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/ @@ -1557,7 +1557,7 @@ CVE-2020-35571 CVE-2020-35573 (srs2.c in PostSRSd before 1.10 allows remote attackers to cause a deni ...) {DLA-2502-1} - postsrsd 1.10-1 - [buster] - postsrsd <no-dsa> (Minor issue) + [buster] - postsrsd 1.5-2+deb10u1 NOTE: https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac (1.10) CVE-2020-35570 RESERVED @@ -1800,7 +1800,7 @@ CVE-2020-35492 [cairo: buffer overflow in image compositor] RESERVED {DLA-2518-1} - cairo 1.16.0-5 (bug #978658) - [buster] - cairo <no-dsa> (Minor issue) + [buster] - cairo 1.16.0-4+deb10u1 NOTE: https://gitlab.freedesktop.org/cairo/cairo/-/issues/437 NOTE: Introduced by: https://gitlab.freedesktop.org/cairo/cairo/-/commit/c986a7310bb06582b7d8a566d5f007ba4e5e75bf (1.12.12) NOTE: Fixed by: https://gitlab.freedesktop.org/cairo/cairo/-/commit/03a820b173ed1fdef6ff14b4468f5dbc02ff59be @@ -5411,7 +5411,7 @@ CVE-2020-28474 CVE-2020-28473 (The package bottle from 0 and before 0.12.19 are vulnerable to Web Cac ...) {DLA-2531-1} - python-bottle 0.12.19-1 - [buster] - python-bottle <no-dsa> (Minor issue) + [buster] - python-bottle 0.12.15-2+deb10u1 NOTE: https://snyk.io/vuln/SNYK-PYTHON-BOTTLE-1017108 NOTE: Fixed by: https://github.com/bottlepy/bottle/commit/57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b (0.12.19) CVE-2020-28472 (This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0- ...) @@ -5937,7 +5937,7 @@ CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.3 CVE-2020-28241 (libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_en ...) {DLA-2445-1} - libmaxminddb 1.4.3-1 (bug #973878) - [buster] - libmaxminddb <no-dsa> (Minor issue) + [buster] - libmaxminddb 1.3.2-1+deb10u1 NOTE: https://github.com/maxmind/libmaxminddb/issues/236 NOTE: https://github.com/maxmind/libmaxminddb/pull/237 CVE-2020-28240 @@ -6418,7 +6418,7 @@ CVE-2020-28031 (eramba through c2.8.1 allows HTTP Host header injection with (fo NOT-FOR-US: eramba CVE-2020-28030 (In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was ...) - wireshark 3.2.8-0.1 (bug #974689) - [buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA) + [buster] - wireshark 2.6.20-0+deb10u1 [stretch] - wireshark <postponed> (Minor issue, Can be fixed in next DLA by backporting patch together with earlier fix for invalid parameter) NOTE: https://gitlab.com/wireshark/wireshark/-/commit/b287e7165e8aa89cde6ae37e7c257c5d87d16b9b NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16887 @@ -6919,7 +6919,7 @@ CVE-2020-27819 [NULL pointer dereference via crafted xls file] NOTE: https://github.com/libxls/libxls/issues/84 CVE-2020-27818 (A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. ...) - pngcheck 2.3.0-13 (bug #976350) - [buster] - pngcheck <no-dsa> (Minor issue) + [buster] - pngcheck 2.3.0-7+deb10u1 [stretch] - pngcheck <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902011 NOTE: Patch applied in Fedora: https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch @@ -9846,7 +9846,7 @@ CVE-2020-26576 RESERVED CVE-2020-26575 (In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) di ...) - wireshark 3.2.8-0.1 (bug #974688) - [buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA) + [buster] - wireshark 2.6.20-0+deb10u1 [stretch] - wireshark <postponed> (Minor issue, can be fixed in next DLA by backporting patch) NOTE: https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16887 @@ -10623,7 +10623,7 @@ CVE-2020-26238 (Cron-utils is a Java library to parse, validate, migrate crons a CVE-2020-26237 (Highlight.js is a syntax highlighter written in JavaScript. Highlight. ...) {DLA-2511-1} - highlight.js 9.18.1+dfsg1-3 (bug #976446) - [buster] - highlight.js <no-dsa> (Minor issue) + [buster] - highlight.js 9.12.0+dfsg1-4+deb10u1 NOTE: https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx NOTE: https://github.com/highlightjs/highlight.js/pull/2636 NOTE: https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0 @@ -11442,13 +11442,13 @@ CVE-2020-25864 RESERVED CVE-2020-25863 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...) - wireshark 3.2.7-1 - [buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA) + [buster] - wireshark 2.6.20-0+deb10u1 [stretch] - wireshark <postponed> (Minor issue, can be fixed along in next DLA) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-11.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16741 CVE-2020-25862 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...) - wireshark 3.2.7-1 - [buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA) + [buster] - wireshark 2.6.20-0+deb10u1 [stretch] - wireshark <postponed> (Minor issue, can be fixed along in next DLA) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-12.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16816 @@ -11874,7 +11874,7 @@ CVE-2020-25696 (A flaw was found in the psql interactive terminal of PostgreSQL - postgresql-13 13.1-1 - postgresql-12 <removed> - postgresql-11 <removed> - [buster] - postgresql-11 <no-dsa> (Minor issue) + [buster] - postgresql-11 11.10-0+deb10u1 - postgresql-9.6 <removed> NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/ CVE-2020-25695 (A flaw was found in PostgreSQL versions before 13.1, before 12.5, befo ...) @@ -11882,7 +11882,7 @@ CVE-2020-25695 (A flaw was found in PostgreSQL versions before 13.1, before 12.5 - postgresql-13 13.1-1 - postgresql-12 <removed> - postgresql-11 <removed> - [buster] - postgresql-11 <no-dsa> (Minor issue) + [buster] - postgresql-11 11.10-0+deb10u1 - postgresql-9.6 <removed> NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/ CVE-2020-25694 (A flaw was found in PostgreSQL versions before 13.1, before 12.5, befo ...) @@ -11890,7 +11890,7 @@ CVE-2020-25694 (A flaw was found in PostgreSQL versions before 13.1, before 12.5 - postgresql-13 13.1-1 - postgresql-12 <removed> - postgresql-11 <removed> - [buster] - postgresql-11 <no-dsa> (Minor issue) + [buster] - postgresql-11 11.10-0+deb10u1 - postgresql-9.6 <removed> NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/ CVE-2020-25693 (A flaw was found in CImg in versions prior to 2.9.3. Integer overflows ...) @@ -28878,7 +28878,7 @@ CVE-2020-17483 RESERVED CVE-2020-17482 (An issue has been found in PowerDNS Authoritative Server before 4.3.1 ...) - pdns 4.3.1-1 (bug #970737) - [buster] - pdns <no-dsa> (Minor issue) + [buster] - pdns 4.1.6-3+deb10u1 [stretch] - pdns <no-dsa> (Minor issue) NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html CVE-2020-17481 @@ -33633,7 +33633,7 @@ CVE-2020-15467 (The administrative interface of Cohesive Networks vns3:vpn appli NOT-FOR-US: Cohesive Networks vns3:vpn appliances CVE-2020-15466 (In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infin ...) - wireshark 3.2.5-1 (low) - [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA) + [buster] - wireshark 2.6.20-0+deb10u1 [stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=11f40896b696e4e8c7f8b2ad96028404a83a51a4 @@ -39436,7 +39436,7 @@ CVE-2020-13165 RESERVED CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the ...) - wireshark 3.2.4-1 (low) - [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA) + [buster] - wireshark 2.6.20-0+deb10u1 [stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark <postponed> (Can be fixed along with other CVEs) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16476 @@ -43318,7 +43318,7 @@ CVE-2020-11648 RESERVED CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...) - wireshark 3.2.3-1 (low; bug #958213) - [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA) + [buster] - wireshark 2.6.20-0+deb10u1 [stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark <postponed> (Minor, can be fixed along in a future update) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 @@ -48887,7 +48887,7 @@ CVE-2020-9419 RESERVED CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) - wireshark 3.2.2-1 - [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA) + [buster] - wireshark 2.6.20-0+deb10u1 [stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark <not-affected> (composite TVB handling added later) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-03.html @@ -48895,7 +48895,7 @@ CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086003c9d616906e08bbeeab9c17b3aa4c6ff850 CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) - wireshark 3.2.2-1 - [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA) + [buster] - wireshark 2.6.20-0+deb10u1 [stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark <not-affected> (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-04.html @@ -48905,7 +48905,7 @@ CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93d6b03a67953b82880cdbdcf0d30e2a3246d790 CVE-2020-9428 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) - wireshark 3.2.2-1 (low) - [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA) + [buster] - wireshark 2.6.20-0+deb10u1 [stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark <not-affected> (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-05.html @@ -50532,19 +50532,19 @@ CVE-2020-8699 CVE-2020-8698 (Improper isolation of shared resources in some Intel(R) Processors may ...) {DLA-2546-1} - intel-microcode 3.20201110.1 - [buster] - intel-microcode <no-dsa> (Minor issue; can be fixed via point release) + [buster] - intel-microcode 3.20201118.1~deb10u1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html CVE-2020-8697 RESERVED CVE-2020-8696 (Improper removal of sensitive information before storage or transfer i ...) {DLA-2546-1} - intel-microcode 3.20201110.1 - [buster] - intel-microcode <no-dsa> (Minor issue; can be fixed via point release) + [buster] - intel-microcode 3.20201118.1~deb10u1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html CVE-2020-8695 (Observable discrepancy in the RAPL interface for some Intel(R) Process ...) {DLA-2546-1} - intel-microcode 3.20201110.1 - [buster] - intel-microcode <no-dsa> (Minor issue; can be fixed via point release) + [buster] - intel-microcode 3.20201118.1~deb10u1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html CVE-2020-8694 (Insufficient access control in the Linux kernel driver for some Intel( ...) {DLA-2494-1 DLA-2483-1} @@ -50792,7 +50792,7 @@ CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snpr - qemu 1:4.1-2 - qemu-kvm <removed> - slirp 1:1.0.17-11 - [buster] - slirp <ignored> (Minor issue, too intrusive to backport) + [buster] - slirp 1:1.0.17-8+deb10u1 - slirp4netns 1.0.1-1 [buster] - slirp4netns <no-dsa> (Minor issue) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843 @@ -52765,7 +52765,7 @@ CVE-2020-7789 (This affects the package node-notifier before 9.0.0. It allows an CVE-2020-7788 (This affects the package ini before 1.3.6. If an attacker submits a ma ...) {DLA-2503-1} - node-ini 2.0.0-1 (bug #977718) - [buster] - node-ini <no-dsa> (Minor issue) + [buster] - node-ini 1.3.5-1+deb10u1 NOTE: https://snyk.io/vuln/SNYK-JS-INI-1048974 NOTE: https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6) CVE-2020-7787 (This affects all versions of package react-adal. It is possible for a ...) @@ -52796,7 +52796,7 @@ CVE-2020-7775 (This affects all versions of package freediskspace. The vulnerabi TODO: check CVE-2020-7774 (This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po ...) - node-y18n 4.0.0-3 (bug #976390) - [buster] - node-y18n <no-dsa> (Minor issue) + [buster] - node-y18n 3.2.1-2+deb10u1 [stretch] - node-y18n <no-dsa> (Minor issue) NOTE: https://snyk.io/vuln/SNYK-JS-Y18N-1021887 NOTE: https://github.com/yargs/y18n/issues/96 @@ -54477,7 +54477,7 @@ CVE-2020-7046 (lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3 NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/1 CVE-2020-7045 (In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. Thi ...) - wireshark 3.2.0-1 - [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA) + [buster] - wireshark 2.6.20-0+deb10u1 [stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark <not-affected> (Doesn't support request-respone tracking in affected code passage, yet) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258 @@ -54520,7 +54520,7 @@ CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, m - qemu 1:4.1-2 - qemu-kvm <removed> - slirp 1:1.0.17-10 (bug #949085) - [buster] - slirp <no-dsa> (Minor issue; can be fixed via point release) + [buster] - slirp 1:1.0.17-8+deb10u1 [stretch] - slirp <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/2 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289 @@ -57062,7 +57062,7 @@ CVE-2020-6098 (An exploitable denial of service vulnerability exists in the free NOTE: Possible fix: http://www.freediameter.net/trac/changeset/19ab8ac08a361642e7f9ec9f2657202c6f8ef9ee/freeDiameter?old=edfb2b662b91af94b2fccc48b11eec904ccab370 CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atftpd da ...) - atftp 0.7.git20120829-3.2 (bug #970066) - [buster] - atftp <no-dsa> (Minor issue) + [buster] - atftp 0.7.git20120829-3.2~deb10u1 [stretch] - atftp <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029 NOTE: https://sourceforge.net/u/peterkaestle/atftp/ci/96409ef3b9ca061f9527cfaafa778105cf15d994/ diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 34a59b4329..c33a757fd9 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -17611,14 +17611,14 @@ CVE-2021-1057 (NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnera NOT-FOR-US: NVIDIA Virtual GPU Manager NVIDIA vGPU manager CVE-2021-1056 (NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerab ...) - nvidia-graphics-drivers 460.32.03-1 (bug #979670) - [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) + [buster] - nvidia-graphics-drivers 418.181.07-1 [stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #979671) [bullseye] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340) [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported) [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx 390.141-1 (bug #979672) - [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx 390.141-2~deb10u1 - nvidia-graphics-drivers-tesla-418 418.181.07-1 (bug #979673) - nvidia-graphics-drivers-tesla-440 <unfixed> (bug #979674) - nvidia-graphics-drivers-tesla-450 450.102.04-1 (bug #979675) diff --git a/data/next-point-update.txt b/data/next-point-update.txt index 16887a5b1e..b7e71332cc 100644 --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -1,78 +1,3 @@ -CVE-2019-10203 - [buster] - pdns 4.1.6-3+deb10u1 -CVE-2020-17482 - [buster] - pdns 4.1.6-3+deb10u1 -CVE-2014-10402 - [buster] - libdbi-perl 1.642-1+deb10u2 -CVE-2019-13619 - [buster] - wireshark 2.6.20-0+deb10u1 -CVE-2019-16319 - [buster] - wireshark 2.6.20-0+deb10u1 -CVE-2019-19553 - [buster] - wireshark 2.6.20-0+deb10u1 -CVE-2020-7045 - [buster] - wireshark 2.6.20-0+deb10u1 -CVE-2020-9428 - [buster] - wireshark 2.6.20-0+deb10u1 -CVE-2020-9430 - [buster] - wireshark 2.6.20-0+deb10u1 -CVE-2020-9431 - [buster] - wireshark 2.6.20-0+deb10u1 -CVE-2020-11647 - [buster] - wireshark 2.6.20-0+deb10u1 -CVE-2020-13164 - [buster] - wireshark 2.6.20-0+deb10u1 -CVE-2020-15466 - [buster] - wireshark 2.6.20-0+deb10u1 -CVE-2020-25862 - [buster] - wireshark 2.6.20-0+deb10u1 -CVE-2020-25863 - [buster] - wireshark 2.6.20-0+deb10u1 -CVE-2020-26575 - [buster] - wireshark 2.6.20-0+deb10u1 -CVE-2020-28030 - [buster] - wireshark 2.6.20-0+deb10u1 -CVE-2020-25694 - [buster] - postgresql-11 11.10-0+deb10u1 -CVE-2020-25695 - [buster] - postgresql-11 11.10-0+deb10u1 -CVE-2020-25696 - [buster] - postgresql-11 11.10-0+deb10u1 -CVE-2020-7774 - [buster] - node-y18n 3.2.1-2+deb10u1 -CVE-2020-27818 - [buster] - pngcheck 2.3.0-7+deb10u1 -CVE-2019-14584 - [buster] - edk2 0~20181115.85588389-3+deb10u3 -CVE-2020-7788 - [buster] - node-ini 1.3.5-1+deb10u1 -CVE-2020-35573 - [buster] - postsrsd 1.5-2+deb10u1 -CVE-2020-7039 - [buster] - slirp 1:1.0.17-8+deb10u1 -CVE-2020-8608 - [buster] - slirp 1:1.0.17-8+deb10u1 -CVE-2020-28241 - [buster] - libmaxminddb 1.3.2-1+deb10u1 -CVE-2021-1056 - [buster] - nvidia-graphics-drivers 418.181.07-1 - [buster] - nvidia-graphics-drivers-legacy-390xx 390.141-2~deb10u1 -CVE-2020-35701 - [buster] - cacti 1.2.2+ds1-2+deb10u4 -CVE-2020-26237 - [buster] - highlight.js 9.12.0+dfsg1-4+deb10u1 -CVE-2020-6097 - [buster] - atftp 0.7.git20120829-3.2~deb10u1 -CVE-2020-8695 - [buster] - intel-microcode 3.20201118.1~deb10u1 -CVE-2020-8696 - [buster] - intel-microcode 3.20201118.1~deb10u1 -CVE-2020-8698 - [buster] - intel-microcode 3.20201118.1~deb10u1 -CVE-2020-28473 - [buster] - python-bottle 0.12.15-2+deb10u1 -CVE-2020-35492 - [buster] - cairo 1.16.0-4+deb10u1 CVE-2019-20446 [buster] - librsvg 2.44.10-2.1+deb10u1 CVE-2019-14267 |