From 2f1e2760cb3a031dc9c7b18b830c9faebda01b76 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 11 Jan 2021 21:38:18 +0100
Subject: bullseye triage

---
 data/CVE/2013.list |  2 ++
 data/CVE/2018.list |  2 +-
 data/CVE/2019.list | 12 ++++--------
 data/CVE/2020.list |  6 +++++-
 4 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 77fc7bf671..14f03a44a8 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -8,6 +8,7 @@ CVE-2013-7490 (An issue was discovered in the DBI module before 1.632 for Perl.
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=86744
 CVE-2013-7489 (The Beaker library through 1.11.0 for Python is affected by deserializ ...)
 	- beaker <unfixed> (bug #966197)
+	[bullseye] - beaker <no-dsa> (Minor issue)
 	[buster] - beaker <no-dsa> (Minor issue)
 	[stretch] - beaker <no-dsa> (Minor issue)
 	NOTE: https://github.com/bbangert/beaker/issues/191
@@ -153,6 +154,7 @@ CVE-2013-7446 (Use-after-free vulnerability in net/unix/af_unix.c in the Linux k
 	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c (v4.4-rc4)
 CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux kernel throu ...)
 	- linux <unfixed>
+	[bullseye] - linux <ignored> (Minor issue, requires invasive changes)
 	[buster] - linux <ignored> (Minor issue, requires invasive changes)
 	[stretch] - linux <ignored> (Minor issue, requires invasive changes)
 	[jessie] - linux <ignored> (Minor issue, requires invasive changes)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 1cf0f51809..7fdce5d2a4 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -9053,7 +9053,7 @@ CVE-2018-17979
 CVE-2018-17978
 	RESERVED
 CVE-2018-17977 (The Linux kernel 4.14.67 mishandles certain interaction among XFRM Net ...)
-	- linux <unfixed>
+	- linux <undetermined>
 CVE-2018-17976 (An issue was discovered in GitLab Community Edition 11.x before 11.1.8 ...)
 	- gitlab 11.1.8+dfsg-2
 	NOTE: https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 306dce5ca5..11b9807822 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -32268,19 +32268,15 @@ CVE-2019-9154 (Improper Verification of a Cryptographic Signature in OpenPGP.js
 CVE-2019-9153 (Improper Verification of a Cryptographic Signature in OpenPGP.js &lt;= ...)
 	- node-openpgp <itp> (bug #787774)
 CVE-2019-9152 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
-	- hdf5 <unfixed>
-	[buster] - hdf5 <no-dsa> (Minor issue)
-	[stretch] - hdf5 <no-dsa> (Minor issue)
-	[jessie] - hdf5 <ignored> (Minor issue)
+	- hdf5 <unfixed> (unimportant)
 	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul8
 	NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10719
+	NOTE: Negligible security impact
 CVE-2019-9151 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
-	- hdf5 <unfixed>
-	[buster] - hdf5 <no-dsa> (Minor issue)
-	[stretch] - hdf5 <no-dsa> (Minor issue)
-	[jessie] - hdf5 <ignored> (Minor issue)
+	- hdf5 <unfixed> (unimportant)
 	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul7
 	NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10718
+	NOTE: Negligible security impact
 CVE-2019-9150 (Mailvelope prior to 3.3.0 does not require user interaction to import  ...)
 	NOT-FOR-US: Mailvelope
 CVE-2019-9149 (Mailvelope prior to 3.3.0 allows private key operations without user i ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 44e245014b..c022921d5a 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -746,6 +746,8 @@ CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters properl
 	NOT-FOR-US: HGiga MailSherlock
 CVE-2020-35850 (** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Coc ...)
 	- cockpit <unfixed>
+	[bullseye] - cockpit <ignored> (Minor issue)
+	[buster] - cockpit <ignored> (Minor issue)
 	NOTE: https://github.com/cockpit-project/cockpit/issues/15077
 CVE-2020-35849 (An issue was discovered in MantisBT before 2.24.4. An incorrect access ...)
 	- mantis <removed>
@@ -11738,10 +11740,12 @@ CVE-2020-25658 (It was found that python-rsa is vulnerable to Bleichenbacher tim
 CVE-2020-25657
 	RESERVED
 	- m2crypto <unfixed> (bug #975002)
+	[bullseye] - m2crypto <no-dsa> (Minor issue)
 	[buster] - m2crypto <no-dsa> (Minor issue)
 	[stretch] - m2crypto <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889823
 	NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/285
+	NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/282 (restricted)
 CVE-2020-25656 (A flaw was found in the Linux kernel. A use-after-free was found in th ...)
 	{DLA-2494-1 DLA-2483-1}
 	- linux 5.9.6-1
@@ -39768,7 +39772,7 @@ CVE-2020-12862 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a
 	NOTE: https://gitlab.com/sane-project/backends/-/commit/27ea994d23ee52fe1ec1249c92ebc1080a358288 (1.0.30)
 CVE-2020-12861 (A heap buffer overflow in SANE Backends before 1.0.30 allows a malicio ...)
 	[experimental] - sane-backends 1.0.30-1~experimental1
-	- sane-backends <unfixed> (bug #961302)
+	- sane-backends 1.0.31-2 (bug #961302)
 	[buster] - sane-backends <no-dsa> (Minor issue)
 	[stretch] - sane-backends <ignored> (already mitigated, auto-discovery for unsupported network access added in 1.0.27)
 	[jessie] - sane-backends <not-affected> (epsonds backend was added in 1.0.25)
-- 
cgit v1.2.3