diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-12-18 15:34:27 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-12-18 15:34:27 +0100 |
commit | a9c0ce8c9d41eda8d33989ef2c9386280f9ca9c5 (patch) | |
tree | be91a12b75678db593b7469f7c8382a65f46647f /data/CVE | |
parent | cfbe36fb515381a8b2c961d131d8052826185c6f (diff) |
bullseye triage
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2016.list | 1 | ||||
-rw-r--r-- | data/CVE/2018.list | 14 | ||||
-rw-r--r-- | data/CVE/2019.list | 2 | ||||
-rw-r--r-- | data/CVE/2020.list | 3 |
4 files changed, 11 insertions, 9 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 7381b35be1..afca8cc516 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -28781,6 +28781,7 @@ CVE-2016-1586 (A malicious webview could install long-lived unload handlers that NOT-FOR-US: Oxide CVE-2016-1585 (In all versions of AppArmor mount rules are accidentally widened when ...) - apparmor <unfixed> (low; bug #929990) + [bullseye] - apparmor <ignored> (Minor overall security impact) [buster] - apparmor <ignored> (Minor overall security impact) [stretch] - apparmor <ignored> (Minor overall security impact) [jessie] - apparmor <ignored> (Minor overall security impact) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index f43b2880f6..374c804443 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -10344,8 +10344,7 @@ CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of H5 NOTE: https://jira.hdfgroup.org/browse/HDFFV-10587 NOTE: fix in develop branch: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/7add52ff4f2443357648d53d52add274d1b18b5f CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ...) - [experimental] - hdf5 1.10.5+repack-1~exp1 - - hdf5 <unfixed> (low) + - hdf5 1.10.6+repack-2 (low) [buster] - hdf5 <no-dsa> (Minor issue) [stretch] - hdf5 <no-dsa> (Minor issue) [jessie] - hdf5 <ignored> (Minor issue) @@ -10361,8 +10360,7 @@ CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode NOTE: https://jira.hdfgroup.org/browse/HDFFV-10591 CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of h5repack_ ...) - [experimental] - hdf5 1.10.5+repack-1~exp1 - - hdf5 <unfixed> (low) + - hdf5 1.10.6+repack-2 (low) [buster] - hdf5 <no-dsa> (Minor issue) [stretch] - hdf5 <no-dsa> (Minor issue) [jessie] - hdf5 <ignored> (Minor issue) @@ -10801,7 +10799,7 @@ CVE-2018-17239 CVE-2018-17238 RESERVED CVE-2018-17237 (A SIGFPE signal is raised in the function H5D__chunk_set_info_real() o ...) - - hdf5 <unfixed> (low) + - hdf5 1.10.6+repack-2 (low) [buster] - hdf5 <no-dsa> (Minor issue) [stretch] - hdf5 <no-dsa> (Minor issue) [jessie] - hdf5 <ignored> (Minor issue) @@ -10820,7 +10818,7 @@ CVE-2018-17235 (The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp [jessie] - mp4v2 <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629451 CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in ...) - - hdf5 <unfixed> (low) + - hdf5 1.10.6+repack-2 (low) [buster] - hdf5 <no-dsa> (Minor issue) [stretch] - hdf5 <no-dsa> (Minor issue) [jessie] - hdf5 <ignored> (Minor issue) @@ -10829,8 +10827,7 @@ CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache NOTE: does not appear in 1.10.5 release notes, but fixed in NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/f4138013dbc6851e968ea3d37b32776538ef306b CVE-2018-17233 (A SIGFPE signal is raised in the function H5D__create_chunk_file_map_h ...) - [experimental] - hdf5 1.10.5+repack-1~exp1 - - hdf5 <unfixed> (low) + - hdf5 1.10.6+repack-2 (low) [buster] - hdf5 <no-dsa> (Minor issue) [stretch] - hdf5 <no-dsa> (Minor issue) [jessie] - hdf5 <ignored> (Minor issue) @@ -45883,6 +45880,7 @@ CVE-2018-3980 (An exploitable out-of-bounds write exists in the TIFF-parsing fun NOT-FOR-US: Canvas Draw CVE-2018-3979 (A remote denial-of-service vulnerability exists in the way the Nouveau ...) - xserver-xorg-video-nouveau <unfixed> (low) + [bullseye] - xserver-xorg-video-nouveau <ignored> (Minor issue) [buster] - xserver-xorg-video-nouveau <ignored> (Minor issue) [stretch] - xserver-xorg-video-nouveau <ignored> (Minor issue) [jessie] - xserver-xorg-video-nouveau <ignored> (Minor issue) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 735bcb9f93..83a8a834ce 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -36929,7 +36929,7 @@ CVE-2019-7331 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder thr NOTE: https://github.com/ZoneMinder/zoneminder/commit/254b7286b4d2654b95080a175c44195667e42ea8 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7330 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...) - - zoneminder <unfixed> (bug #922724) + - zoneminder <unfixed> (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2448 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7329 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index bdf3482a40..ac712e982e 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -32897,6 +32897,7 @@ CVE-2020-14941 RESERVED CVE-2020-14940 (An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar ...) - tuxguitar <unfixed> (bug #963626) + [bullseye] - tuxguitar <no-dsa> (Minor issue) [buster] - tuxguitar <no-dsa> (Minor issue) [stretch] - tuxguitar <no-dsa> (Minor issue) [jessie] - tuxguitar <no-dsa> (Minor issue) @@ -32904,6 +32905,7 @@ CVE-2020-14940 (An issue was discovered in io/gpx/GPXDocumentReader.java in TuxG NOTE: https://sourceforge.net/p/tuxguitar/bugs/126/ CVE-2020-14939 (An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc ...) - freedroidrpg <unfixed> (low; bug #964197) + [bullseye] - freedroidrpg <no-dsa> (Minor issue) [buster] - freedroidrpg <no-dsa> (Minor issue) [stretch] - freedroidrpg <no-dsa> (Minor issue) [jessie] - freedroidrpg <end-of-life> (games are not supported) @@ -32911,6 +32913,7 @@ CVE-2020-14939 (An issue was discovered in savestruct_internal.c in FreedroidRPG NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html CVE-2020-14938 (An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes le ...) - freedroidrpg <unfixed> (low; bug #964197) + [bullseye] - freedroidrpg <no-dsa> (Minor issue) [buster] - freedroidrpg <no-dsa> (Minor issue) [stretch] - freedroidrpg <no-dsa> (Minor issue) [jessie] - freedroidrpg <end-of-life> (games are not supported) |