diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-11-20 20:45:49 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-11-22 12:02:05 +0100 |
commit | 92dc4dc004cfe16dce6f05098d68111be2266d3a (patch) | |
tree | 4dd180c96dc9a14866fc95adfba65ae8b88cf538 | |
parent | ad8ef6edc05bbf28862134c4af32cba95bc91d92 (diff) |
buster/bullseye triage
-rw-r--r-- | data/CVE/2020.list | 4 | ||||
-rw-r--r-- | data/CVE/2021.list | 7 |
2 files changed, 11 insertions, 0 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 8f98920b37..cc0cc56fb0 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -17326,9 +17326,13 @@ CVE-2020-23905 RESERVED CVE-2020-23904 (A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers t ...) - speex <unfixed> + [bullseye] - speex <no-dsa> (Minor issue) + [buster] - speex <no-dsa> (Minor issue) NOTE: https://github.com/xiph/speex/issues/14 CVE-2020-23903 (A Divide by Zero vulnerability in the function static int read_samples ...) - speex <unfixed> + [bullseye] - speex <no-dsa> (Minor issue) + [buster] - speex <no-dsa> (Minor issue) NOTE: https://github.com/xiph/speex/issues/13 CVE-2020-23902 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...) NOT-FOR-US: WildBit Viewer diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 03efd89224..8f302be48f 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1043,6 +1043,8 @@ CVE-2021-3957 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: kimai2 CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ...) - npm <unfixed> + [bullseye] - npm <no-dsa> (Minor issue) + [buster] - npm <no-dsa> (Minor issue) NOTE: https://github.com/npm/cli/issues/2701 CVE-2021-43615 RESERVED @@ -2114,6 +2116,8 @@ CVE-2021-43175 RESERVED CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification of Obj ...) - node-json-schema 0.4.0+~7.0.9-1 (bug #999765) + [bullseye] - node-json-schema <no-dsa> (Minor issue) + [buster] - node-json-schema <no-dsa> (Minor issue) NOTE: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 (v0.4.0) CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, suppo ...) - routinator <itp> (bug #929024) @@ -3086,6 +3090,8 @@ CVE-2021-23192 [dcerpc requests don't check all fragments against the first auth NOTE: https://www.samba.org/samba/security/CVE-2021-23192.html CVE-2021-XXXX [RUSTSEC-2020-0159: Potential segfault in localtime_r invocations] - rust-chrono <unfixed> (bug #996913) + [bullseye] - rust-chrono <no-dsa> (Minor issue) + [buster] - rust-chrono <no-dsa> (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0159.html NOTE: https://github.com/chronotope/chrono/issues/499 CVE-2021-42742 @@ -24669,6 +24675,7 @@ CVE-2021-33516 (An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2. NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac (master) CVE-2021-33515 (The submission service in Dovecot before 2.3.15 allows STARTTLS comman ...) - dovecot 1:2.3.13+dfsg1-2 (bug #990566) + [bullseye] - dovecot <postponed> (Minor issue, fix along with next update) [buster] - dovecot <postponed> (Minor issue, fix along with next update) [stretch] - dovecot <not-affected> (Vulnerable code (smtp_server_command queue) introduced later) NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html |