From bb43c8a26c7bc685cce51bc7d4f9ab6450c1ca8f Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 31 Mar 2021 21:09:03 +0200
Subject: buster triage

---
 data/CVE/2021.list  | 6 ++++++
 data/dsa-needed.txt | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index e6e821776b..621989e4ed 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -28,6 +28,7 @@ CVE-2021-3480
 CVE-2021-3479 [Out-of-memory caused by allocation of a very large buffer]
 	RESERVED
 	- openexr <unfixed>
+	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/830
@@ -479,14 +480,17 @@ CVE-2021-29425
 	RESERVED
 CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality in versi ...)
 	- openexr <unfixed>
+	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9
 CVE-2021-3475 (There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker  ...)
 	- openexr <unfixed>
+	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753
 CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted inp ...)
 	- openexr <unfixed>
+	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f
 CVE-2021-29424 (The Net::Netmask module before 2.0000 for Perl does not properly consi ...)
@@ -12754,6 +12758,7 @@ CVE-2021-23980 [mutation XSS via allowed math or svg; p or br; and style, title,
 	- python-bleach <unfixed>
 	NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1689399
+	NOTE: https://github.com/mozilla/bleach/commit/79b7a3c5e56a09d1d323a5006afa59b56162eb13
 CVE-2021-23979 (Mozilla developers reported memory safety bugs present in Firefox 85.  ...)
 	- firefox 86.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979
@@ -20672,6 +20677,7 @@ CVE-2021-20297 [Setting match.path and activating a profiles crashes NetworkMana
 CVE-2021-20296
 	RESERVED
 	- openexr <unfixed>
+	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a
 CVE-2021-20295 [Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.3]
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index 95b23eae9a..489a60f255 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -33,6 +33,8 @@ netty
 --
 openjpeg2 (jmm)
 --
+python-bleach
+--
 python-pysaml2 (jmm)
 --
 salt
-- 
cgit v1.2.3