diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2021-03-31 21:09:03 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-03-31 21:09:56 +0200 |
| commit | bb43c8a26c7bc685cce51bc7d4f9ab6450c1ca8f (patch) | |
| tree | 0184b9f8176899fb50bafd11f23e463647670925 | |
| parent | af9f14cba8cc47ec3b49761544b76405f0287803 (diff) | |
buster triage
| -rw-r--r-- | data/CVE/2021.list | 6 | ||||
| -rw-r--r-- | data/dsa-needed.txt | 2 |
2 files changed, 8 insertions, 0 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index e6e821776b..621989e4ed 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -28,6 +28,7 @@ CVE-2021-3480 CVE-2021-3479 [Out-of-memory caused by allocation of a very large buffer] RESERVED - openexr <unfixed> + [buster] - openexr <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/830 @@ -479,14 +480,17 @@ CVE-2021-29425 RESERVED CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality in versi ...) - openexr <unfixed> + [buster] - openexr <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9 CVE-2021-3475 (There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker ...) - openexr <unfixed> + [buster] - openexr <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753 CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted inp ...) - openexr <unfixed> + [buster] - openexr <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f CVE-2021-29424 (The Net::Netmask module before 2.0000 for Perl does not properly consi ...) @@ -12754,6 +12758,7 @@ CVE-2021-23980 [mutation XSS via allowed math or svg; p or br; and style, title, - python-bleach <unfixed> NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1689399 + NOTE: https://github.com/mozilla/bleach/commit/79b7a3c5e56a09d1d323a5006afa59b56162eb13 CVE-2021-23979 (Mozilla developers reported memory safety bugs present in Firefox 85. ...) - firefox 86.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979 @@ -20672,6 +20677,7 @@ CVE-2021-20297 [Setting match.path and activating a profiles crashes NetworkMana CVE-2021-20296 RESERVED - openexr <unfixed> + [buster] - openexr <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a CVE-2021-20295 [Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.3] diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 95b23eae9a..489a60f255 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -33,6 +33,8 @@ netty -- openjpeg2 (jmm) -- +python-bleach +-- python-pysaml2 (jmm) -- salt |