diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2021-01-11 21:38:18 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-01-11 21:38:58 +0100 |
| commit | 2f1e2760cb3a031dc9c7b18b830c9faebda01b76 (patch) | |
| tree | aba094728b433b953093b5fd63a4d1521cda8e5e | |
| parent | 1ba74d0ba812a00c03d7ee4afb9e6bd64d5e6695 (diff) | |
bullseye triage
| -rw-r--r-- | data/CVE/2013.list | 2 | ||||
| -rw-r--r-- | data/CVE/2018.list | 2 | ||||
| -rw-r--r-- | data/CVE/2019.list | 12 | ||||
| -rw-r--r-- | data/CVE/2020.list | 6 |
4 files changed, 12 insertions, 10 deletions
diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 77fc7bf671..14f03a44a8 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -8,6 +8,7 @@ CVE-2013-7490 (An issue was discovered in the DBI module before 1.632 for Perl. NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=86744 CVE-2013-7489 (The Beaker library through 1.11.0 for Python is affected by deserializ ...) - beaker <unfixed> (bug #966197) + [bullseye] - beaker <no-dsa> (Minor issue) [buster] - beaker <no-dsa> (Minor issue) [stretch] - beaker <no-dsa> (Minor issue) NOTE: https://github.com/bbangert/beaker/issues/191 @@ -153,6 +154,7 @@ CVE-2013-7446 (Use-after-free vulnerability in net/unix/af_unix.c in the Linux k NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c (v4.4-rc4) CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux kernel throu ...) - linux <unfixed> + [bullseye] - linux <ignored> (Minor issue, requires invasive changes) [buster] - linux <ignored> (Minor issue, requires invasive changes) [stretch] - linux <ignored> (Minor issue, requires invasive changes) [jessie] - linux <ignored> (Minor issue, requires invasive changes) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 1cf0f51809..7fdce5d2a4 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -9053,7 +9053,7 @@ CVE-2018-17979 CVE-2018-17978 RESERVED CVE-2018-17977 (The Linux kernel 4.14.67 mishandles certain interaction among XFRM Net ...) - - linux <unfixed> + - linux <undetermined> CVE-2018-17976 (An issue was discovered in GitLab Community Edition 11.x before 11.1.8 ...) - gitlab 11.1.8+dfsg-2 NOTE: https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/ diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 306dce5ca5..11b9807822 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -32268,19 +32268,15 @@ CVE-2019-9154 (Improper Verification of a Cryptographic Signature in OpenPGP.js CVE-2019-9153 (Improper Verification of a Cryptographic Signature in OpenPGP.js <= ...) - node-openpgp <itp> (bug #787774) CVE-2019-9152 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...) - - hdf5 <unfixed> - [buster] - hdf5 <no-dsa> (Minor issue) - [stretch] - hdf5 <no-dsa> (Minor issue) - [jessie] - hdf5 <ignored> (Minor issue) + - hdf5 <unfixed> (unimportant) NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul8 NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10719 + NOTE: Negligible security impact CVE-2019-9151 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...) - - hdf5 <unfixed> - [buster] - hdf5 <no-dsa> (Minor issue) - [stretch] - hdf5 <no-dsa> (Minor issue) - [jessie] - hdf5 <ignored> (Minor issue) + - hdf5 <unfixed> (unimportant) NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul7 NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10718 + NOTE: Negligible security impact CVE-2019-9150 (Mailvelope prior to 3.3.0 does not require user interaction to import ...) NOT-FOR-US: Mailvelope CVE-2019-9149 (Mailvelope prior to 3.3.0 allows private key operations without user i ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 44e245014b..c022921d5a 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -746,6 +746,8 @@ CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters properl NOT-FOR-US: HGiga MailSherlock CVE-2020-35850 (** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Coc ...) - cockpit <unfixed> + [bullseye] - cockpit <ignored> (Minor issue) + [buster] - cockpit <ignored> (Minor issue) NOTE: https://github.com/cockpit-project/cockpit/issues/15077 CVE-2020-35849 (An issue was discovered in MantisBT before 2.24.4. An incorrect access ...) - mantis <removed> @@ -11738,10 +11740,12 @@ CVE-2020-25658 (It was found that python-rsa is vulnerable to Bleichenbacher tim CVE-2020-25657 RESERVED - m2crypto <unfixed> (bug #975002) + [bullseye] - m2crypto <no-dsa> (Minor issue) [buster] - m2crypto <no-dsa> (Minor issue) [stretch] - m2crypto <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889823 NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/285 + NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/282 (restricted) CVE-2020-25656 (A flaw was found in the Linux kernel. A use-after-free was found in th ...) {DLA-2494-1 DLA-2483-1} - linux 5.9.6-1 @@ -39768,7 +39772,7 @@ CVE-2020-12862 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a NOTE: https://gitlab.com/sane-project/backends/-/commit/27ea994d23ee52fe1ec1249c92ebc1080a358288 (1.0.30) CVE-2020-12861 (A heap buffer overflow in SANE Backends before 1.0.30 allows a malicio ...) [experimental] - sane-backends 1.0.30-1~experimental1 - - sane-backends <unfixed> (bug #961302) + - sane-backends 1.0.31-2 (bug #961302) [buster] - sane-backends <no-dsa> (Minor issue) [stretch] - sane-backends <ignored> (already mitigated, auto-discovery for unsupported network access added in 1.0.27) [jessie] - sane-backends <not-affected> (epsonds backend was added in 1.0.25) |