bullseye triage

4 files changed, 11 insertions, 9 deletions

diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 7381b35be1..afca8cc516 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -28781,6 +28781,7 @@ CVE-2016-1586 (A malicious webview could install long-lived unload handlers that
 	NOT-FOR-US: Oxide
 CVE-2016-1585 (In all versions of AppArmor mount rules are accidentally widened when  ...)
 	- apparmor <unfixed> (low; bug #929990)
+	[bullseye] - apparmor <ignored> (Minor overall security impact)
 	[buster] - apparmor <ignored> (Minor overall security impact)
 	[stretch] - apparmor <ignored> (Minor overall security impact)
 	[jessie] - apparmor <ignored> (Minor overall security impact)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index f43b2880f6..374c804443 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -10344,8 +10344,7 @@ CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of H5
 	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10587
 	NOTE: fix in develop branch: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/7add52ff4f2443357648d53d52add274d1b18b5f
 CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ...)
-	[experimental] - hdf5 1.10.5+repack-1~exp1
-	- hdf5 <unfixed> (low)
+	- hdf5 1.10.6+repack-2 (low)
 	[buster] - hdf5 <no-dsa> (Minor issue)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <ignored> (Minor issue)
@@ -10361,8 +10360,7 @@ CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
 	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10591
 CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of h5repack_ ...)
-	[experimental] - hdf5 1.10.5+repack-1~exp1
-	- hdf5 <unfixed> (low)
+	- hdf5 1.10.6+repack-2 (low)
 	[buster] - hdf5 <no-dsa> (Minor issue)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <ignored> (Minor issue)
@@ -10801,7 +10799,7 @@ CVE-2018-17239
 CVE-2018-17238
 	RESERVED
 CVE-2018-17237 (A SIGFPE signal is raised in the function H5D__chunk_set_info_real() o ...)
-	- hdf5 <unfixed> (low)
+	- hdf5 1.10.6+repack-2 (low)
 	[buster] - hdf5 <no-dsa> (Minor issue)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <ignored> (Minor issue)
@@ -10820,7 +10818,7 @@ CVE-2018-17235 (The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp
 	[jessie] - mp4v2 <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629451
 CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in  ...)
-	- hdf5 <unfixed> (low)
+	- hdf5 1.10.6+repack-2 (low)
 	[buster] - hdf5 <no-dsa> (Minor issue)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <ignored> (Minor issue)
@@ -10829,8 +10827,7 @@ CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache
 	NOTE: does not appear in 1.10.5 release notes, but fixed in
 	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/f4138013dbc6851e968ea3d37b32776538ef306b
 CVE-2018-17233 (A SIGFPE signal is raised in the function H5D__create_chunk_file_map_h ...)
-	[experimental] - hdf5 1.10.5+repack-1~exp1
-	- hdf5 <unfixed> (low)
+	- hdf5 1.10.6+repack-2 (low)
 	[buster] - hdf5 <no-dsa> (Minor issue)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <ignored> (Minor issue)
@@ -45883,6 +45880,7 @@ CVE-2018-3980 (An exploitable out-of-bounds write exists in the TIFF-parsing fun
 	NOT-FOR-US: Canvas Draw
 CVE-2018-3979 (A remote denial-of-service vulnerability exists in the way the Nouveau ...)
 	- xserver-xorg-video-nouveau <unfixed> (low)
+	[bullseye] - xserver-xorg-video-nouveau <ignored> (Minor issue)
 	[buster] - xserver-xorg-video-nouveau <ignored> (Minor issue)
 	[stretch] - xserver-xorg-video-nouveau <ignored> (Minor issue)
 	[jessie] - xserver-xorg-video-nouveau <ignored> (Minor issue)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 735bcb9f93..83a8a834ce 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -36929,7 +36929,7 @@ CVE-2019-7331 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder thr
 	NOTE: https://github.com/ZoneMinder/zoneminder/commit/254b7286b4d2654b95080a175c44195667e42ea8
 	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
 CVE-2019-7330 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
-	- zoneminder <unfixed> (bug #922724)
+	- zoneminder <unfixed> (unimportant; bug #922724)
 	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2448
 	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
 CVE-2019-7329 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index bdf3482a40..ac712e982e 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -32897,6 +32897,7 @@ CVE-2020-14941
 	RESERVED
 CVE-2020-14940 (An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar  ...)
 	- tuxguitar <unfixed> (bug #963626)
+	[bullseye] - tuxguitar <no-dsa> (Minor issue)
 	[buster] - tuxguitar <no-dsa> (Minor issue)
 	[stretch] - tuxguitar <no-dsa> (Minor issue)
 	[jessie] - tuxguitar <no-dsa> (Minor issue)
@@ -32904,6 +32905,7 @@ CVE-2020-14940 (An issue was discovered in io/gpx/GPXDocumentReader.java in TuxG
 	NOTE: https://sourceforge.net/p/tuxguitar/bugs/126/
 CVE-2020-14939 (An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc ...)
 	- freedroidrpg <unfixed> (low; bug #964197)
+	[bullseye] - freedroidrpg <no-dsa> (Minor issue)
 	[buster] - freedroidrpg <no-dsa> (Minor issue)
 	[stretch] - freedroidrpg <no-dsa> (Minor issue)
 	[jessie] - freedroidrpg <end-of-life> (games are not supported)
@@ -32911,6 +32913,7 @@ CVE-2020-14939 (An issue was discovered in savestruct_internal.c in FreedroidRPG
 	NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html
 CVE-2020-14938 (An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes le ...)
 	- freedroidrpg <unfixed> (low; bug #964197)
+	[bullseye] - freedroidrpg <no-dsa> (Minor issue)
 	[buster] - freedroidrpg <no-dsa> (Minor issue)
 	[stretch] - freedroidrpg <no-dsa> (Minor issue)
 	[jessie] - freedroidrpg <end-of-life> (games are not supported)