diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-01-07 08:11:52 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-01-07 08:11:52 +0100 |
commit | ba413ae41f957970d81a01bea099e4f3953acd91 (patch) | |
tree | b67a23beb745cf09197f966cfc6e2e285ae539f4 | |
parent | e7b6795ec15f0a5c1a0d1d5bf1559547ef24001d (diff) |
stable triage
-rw-r--r-- | data/CVE/2017.list | 2 | ||||
-rw-r--r-- | data/CVE/2018.list | 3 | ||||
-rw-r--r-- | data/CVE/2019.list | 1 | ||||
-rw-r--r-- | data/CVE/2020.list | 10 | ||||
-rw-r--r-- | data/dsa-needed.txt | 4 |
5 files changed, 17 insertions, 3 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index da380f7e8b..74e59494e8 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1728,6 +1728,7 @@ CVE-2017-18214 (The moment module before 2.19.3 for Node.js is prone to a regula NOTE: nodejs not covered by security support CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...) - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/2140 CVE-2017-18211 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was fou ...) {DLA-2366-1} @@ -12016,6 +12017,7 @@ CVE-2017-14750 RESERVED CVE-2017-14749 (JerryScript 1.0 allows remote attackers to cause a denial of service ( ...) - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/2008 CVE-2017-14748 (Race condition in Blizzard Overwatch 1.15.0.2 allows remote authentica ...) NOT-FOR-US: Blizzard Overwatch diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 5588f4caf5..583d0a8b76 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -15303,6 +15303,7 @@ CVE-2018-1000638 (MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vuln NOT-FOR-US: MiniCMS CVE-2018-1000636 (JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726 ...) - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/2435 NOTE: https://github.com/jerryscript-project/jerryscript/commit/87897849f6879df10e8ad68a41bf8cf507edf710 CVE-2018-1000635 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 co ...) @@ -26166,10 +26167,12 @@ CVE-2018-11420 (There is Memory corruption in the web interface of Moxa OnCell G NOT-FOR-US: Moxa CVE-2018-11419 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...) - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/2230 NOTE: https://github.com/jerryscript-project/jerryscript/pull/2352 CVE-2018-11418 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...) - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/2237 NOTE: https://github.com/jerryscript-project/jerryscript/pull/2352 CVE-2018-11417 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index d34b440a4a..90da85788a 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -29644,6 +29644,7 @@ CVE-2019-1010177 (Jsish 2.4.70 2.047 is affected by: Use After Free. The impact NOT-FOR-US: Jsish CVE-2019-1010176 (JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affecte ...) - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/2476 NOTE: https://github.com/jerryscript-project/jerryscript/commit/505dace719aebb3308a3af223cfaa985159efae0 CVE-2019-1010175 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 89055579b9..68aed828e6 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -225,10 +225,12 @@ CVE-2020-36068 RESERVED CVE-2020-36067 (GJSON <=v1.6.5 allows attackers to cause a denial of service (panic ...) - golang-github-tidwall-gjson <unfixed> + [buster] - golang-github-tidwall-gjson <no-dsa> (Minor issue) NOTE: https://github.com/tidwall/gjson/issues/196 NOTE: https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b CVE-2020-36066 (GJSON <1.6.5 allows attackers to cause a denial of service (remote) ...) - golang-github-tidwall-gjson <unfixed> + [buster] - golang-github-tidwall-gjson <no-dsa> (Minor issue) NOTE: https://github.com/tidwall/gjson/issues/195 NOTE: https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc CVE-2020-36065 @@ -1318,6 +1320,7 @@ CVE-2020-35546 RESERVED CVE-2020-35545 (Time-based SQL injection exists in Spotweb 1.4.9 via the query string. ...) - spotweb <unfixed> (bug #977719) + [buster] - spotweb <no-dsa> (Minor issue) NOTE: https://github.com/spotweb/spotweb/issues/629 NOTE: https://github.com/spotweb/spotweb/commit/fefb39ad143caad021ad496427617db79c42aff2 CVE-2020-35544 @@ -1475,6 +1478,7 @@ CVE-2020-35492 [cairo: libreoffice slideshow aborts with stack smashing in cairo RESERVED {DLA-2518-1} - cairo 1.16.0-5 (bug #978658) + [buster] - cairo <no-dsa> (Minor issue) NOTE: https://gitlab.freedesktop.org/cairo/cairo/-/issues/437 NOTE: Introduced by: https://gitlab.freedesktop.org/cairo/cairo/-/commit/c986a7310bb06582b7d8a566d5f007ba4e5e75bf (1.12.12) NOTE: Fixed by: https://gitlab.freedesktop.org/cairo/cairo/-/commit/03a820b173ed1fdef6ff14b4468f5dbc02ff59be @@ -2386,6 +2390,7 @@ CVE-2020-29658 RESERVED CVE-2020-29657 (In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unh ...) - iotjs <unfixed> (bug #977736) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4244 CVE-2020-29656 (An information disclosure vulnerability exists in RT-AC88U Download Ma ...) NOT-FOR-US: RT-AC88U Download Master @@ -10132,7 +10137,8 @@ CVE-2020-26265 (Go Ethereum, or "Geth", is the official Golang implementation of CVE-2020-26264 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...) - golang-github-go-ethereum <itp> (bug #890541) CVE-2020-26263 (tlslite-ng is an open source python library that implements SSL and TL ...) - - tlslite-ng <unfixed> + - tlslite-ng <removed> + [buster] - tlslite-ng <ignored> (Minor issue) NOTE: https://github.com/tlsfuzzer/tlslite-ng/security/advisories/GHSA-wvcv-832q-fjg7 NOTE: https://github.com/tlsfuzzer/tlslite-ng/commit/c28d6d387bba59d8bd5cb3ba15edc42edf54b368 NOTE: https://github.com/tlsfuzzer/tlslite-ng/pull/438 @@ -14593,6 +14599,7 @@ CVE-2020-24345 (** DISPUTED ** JerryScript through 2.3.0 allows stack consumptio NOTE: Disputed JerryScript issue CVE-2020-24344 (JerryScript through 2.3.0 has a (function({a=arguments}){const argumen ...) - iotjs <unfixed> + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3976 NOTE: https://github.com/jerryscript-project/jerryscript/commit/841d536fce1ce29267cdf0ea12be4026e1c35d3a CVE-2020-24343 (Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of ...) @@ -37825,6 +37832,7 @@ CVE-2020-13650 (An issue was discovered in DigDash 2018R2 before p20200210 and 2 NOT-FOR-US: DigDash CVE-2020-13649 (parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during c ...) - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24 NOTE: https://github.com/jerryscript-project/jerryscript/issues/3786 NOTE: https://github.com/jerryscript-project/jerryscript/issues/3788 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 611f33d7c4..6c630b71be 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -14,12 +14,12 @@ If needed, specify the release by adding a slash after the name of the source pa -- ansible -- -firefox-esr +firefox-esr (jmm) -- knot-resolver Santiago Ruano Rincón proposed a debdiff for review -- -libxstream-java +libxstream-java (jmm) Markus Koschany proposed an update for review -- linux (carnil) |