diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2020-12-14 15:31:51 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-12-14 15:35:35 +0100 |
| commit | 28d47b98a4aecada17af449dcf57468bc499bd16 (patch) | |
| tree | 2d24cff387ac9a97cb41a5ef104dc51e1196693c | |
| parent | d1ea12fe24275cc47b785d76baa850960eb031ae (diff) | |
bullseye triage
remove arc entry entirely, crash in CLI tool w/o security impact
| -rw-r--r-- | data/CVE/2015.list | 7 | ||||
| -rw-r--r-- | data/CVE/2016.list | 1 | ||||
| -rw-r--r-- | data/CVE/2019.list | 4 |
3 files changed, 4 insertions, 8 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 1ddcba8a0b..7449d85705 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -25782,13 +25782,6 @@ CVE-2015-XXXX [Zoo directory traversal] [wheezy] - zoo <no-dsa> (Minor issue) [squeeze] - zoo <no-dsa> (Minor issue) NOTE: CVE Request: https://marc.info/?l=oss-security&m=142024361327375&w=2 -CVE-2015-XXXX [buffer over-read] - - arc <unfixed> (low; bug #774439) - [buster] - arc <ignored> (Minor issue) - [stretch] - arc <ignored> (Minor issue) - [jessie] - arc <ignored> (Minor issue) - [wheezy] - arc <no-dsa> (Minor issue) - [squeeze] - arc <no-dsa> (Minor issue) CVE-2015-0557 (Open-source ARJ archiver 3.10.22 does not properly remove leading slas ...) {DSA-3213-1 DLA-188-1} - arj 3.10.22-13 (low; bug #774435) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 3104b1f32e..9236bfb5d4 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -25098,6 +25098,7 @@ CVE-2016-2782 (The treo_attach function in drivers/usb/serial/visor.c in the Lin NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0 (v4.5-rc2) CVE-2016-2781 (chroot in GNU coreutils, when used with --userspec, allows local users ...) - coreutils <unfixed> (low; bug #816320) + [bullseye] - coreutils <ignored> (Minor issue) [buster] - coreutils <ignored> (Minor issue) [stretch] - coreutils <ignored> (Minor issue) [jessie] - coreutils <ignored> (Minor issue) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index a32be13b6e..eda2924400 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -15498,6 +15498,7 @@ CVE-2019-14855 (A flaw was found in the way certificate signatures could be forg [stretch] - gnupg2 <no-dsa> (Minor issue) [jessie] - gnupg2 <ignored> (No backport to version << 2.2.x, low impact, danger of breaking things) - gnupg1 <unfixed> (low) + [bullseye] - gnupg1 <ignored> (Minor issue) [buster] - gnupg1 <ignored> (Minor issue) [stretch] - gnupg1 <no-dsa> (Minor issue) - gnupg <removed> (low) @@ -29153,6 +29154,7 @@ CVE-2019-9905 RESERVED CVE-2019-9904 (An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2. ...) - graphviz <unfixed> (low; bug #925284) + [bullseye] - graphviz <ignored> (Minor issue) [buster] - graphviz <ignored> (Minor issue) [stretch] - graphviz <no-dsa> (Minor issue) [jessie] - graphviz <no-dsa> (Minor issue) @@ -36822,7 +36824,7 @@ CVE-2019-7350 (Session fixation exists in ZoneMinder through 1.32.3, as an attac NOTE: https://github.com/ZoneMinder/zoneminder/issues/2471 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7349 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...) - - zoneminder 1.34.6-1 (bug #922724) + - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2465 NOTE: https://github.com/ZoneMinder/zoneminder/commit/cef54feaf9bf1374f0404bf525cdd322300882b5 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone |