From f524cfffc21f1c186fad69adf8f003c90e4409be Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Wed, 16 Feb 2022 12:36:55 +0100 Subject: buster/bullseye triage --- data/CVE/2021.list | 13 +++++++++++-- data/dsa-needed.txt | 4 ++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 0dd786844d..f0bd9c9362 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -9727,6 +9727,8 @@ CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During Web NOT-FOR-US: Grav CMS CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim 2:8.2.3565-1 + [bullseye] - vim (Minor issue) + [buster] - vim (Minor issue) [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8 NOTE: https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43 @@ -20443,6 +20445,8 @@ CVE-2021-3701 CVE-2021-3700 RESERVED - usbredir 0.11.0-1 + [bullseye] - usbredir (Minor issue) + [buster] - usbredir (Minor issue) NOTE: https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba75120e00ebebbf1d5a1f7220ab (usbredir-0.11.0) CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4. ...) - request-tracker5 (bug #995167) @@ -29983,10 +29987,9 @@ CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerabilit NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-3596 [NULL pointer dereference in ReadSVGImage() in coders/svg.c] RESERVED - - imagemagick + - imagemagick (Specific to IM7) NOTE: https://github.com/ImageMagick/ImageMagick/issues/2624 NOTE: https://github.com/ImageMagick/ImageMagick/commit/43dfb1894761c4929d5d5c98dc80ba4e59a0d114 - TODO: check if affects Imagemagick6 CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP network ...) {DLA-2753-1} - libslirp 4.6.1-1 (bug #989996) @@ -30559,11 +30562,15 @@ CVE-2021-34336 RESERVED CVE-2021-34335 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 (bug #992707) + [bullseye] - exiv2 (Minor issue) + [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984 NOTE: https://github.com/Exiv2/exiv2/pull/1750 CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 (bug #992706) + [bullseye] - exiv2 (Minor issue) + [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p NOTE: https://github.com/Exiv2/exiv2/pull/1766 @@ -34148,6 +34155,8 @@ CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for t NOT-FOR-US: ProtonMail Web Client CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 (bug #992705) + [bullseye] - exiv2 (Minor issue) + [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m NOTE: https://github.com/Exiv2/exiv2/pull/1739 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index a244b1ac2f..107d76b292 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -18,8 +18,12 @@ chromium -- condor -- +expat +-- faad2/oldstable (jmm) -- +freecad (aron) +-- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v4.19.y versions. -- cgit v1.2.3