[Git][security-tracker-team/security-tracker][master] new u-boot, asterisk issues

Moritz Muehlenhoff Fri, 19 Feb 2021 14:08:05 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e48f4435 by Moritz Muehlenhoff at 2021-02-19T23:07:42+01:00
new u-boot, asterisk issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -213,15 +213,15 @@ CVE-2021-27401
 CVE-2021-27400
        RESERVED
 CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has 
one out ...)
-       TODO: check
+       - owncloud <removed>
 CVE-2020-36251 (ownCloud Server before 10.3.0 allows an attacker, who has 
received non ...)
-       TODO: check
+       - owncloud <removed>
 CVE-2020-36250 (In the ownCloud application before 2.15 for Android, the lock 
protecti ...)
-       TODO: check
+       NOT-FOR-US: ownCloud app for Android
 CVE-2020-36249 (The File Firewall before 2.8.0 for ownCloud Server does not 
properly e ...)
-       TODO: check
+       NOT-FOR-US: ownCloud addon
 CVE-2020-36248 (The ownCloud application before 2.15 for Android allows 
attackers to u ...)
-       TODO: check
+       NOT-FOR-US: ownCloud app for Android
 CVE-2020-36247 (Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows 
CSRF. ...)
        NOT-FOR-US: Open OnDemand
 CVE-2020-36246 (Amaze File Manager before 3.5.1 allows attackers to obtain 
root privil ...)
@@ -792,7 +792,11 @@ CVE-2021-27140 (An issue was discovered on FiberHome 
HG6245D devices through RP2
 CVE-2021-27139 (An issue was discovered on FiberHome HG6245D devices through 
RP2613. I ...)
        NOT-FOR-US: FiberHome devices
 CVE-2021-27138 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles 
use of uni ...)
-       TODO: check
+       - u-boot <unfixed>
+       [buster] - u-boot <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917
+       NOTE: 
https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4
+       NOTE: 
https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
 CVE-2021-27137
        RESERVED
 CVE-2021-27136
@@ -880,7 +884,11 @@ CVE-2021-27099
 CVE-2021-27098
        RESERVED
 CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a 
modified ...)
-       TODO: check
+       - u-boot <unfixed>
+       [buster] - u-boot <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01
+       NOTE: 
https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b
+       NOTE: 
https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
 CVE-2021-27096
        RESERVED
 CVE-2021-27095
@@ -1312,7 +1320,8 @@ CVE-2021-26908
 CVE-2021-26907
        RESERVED
 CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium 
Asterisk thro ...)
-       TODO: check
+       - asterisk <unfixed>
+       NOTE: https://downloads.asterisk.org/pub/security/AST-2021-005.html
 CVE-2021-3402
        RESERVED
        - yara 4.0.4-1
@@ -1672,7 +1681,7 @@ CVE-2021-26748
 CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow 
Shell Metach ...)
        NOT-FOR-US: Netis devices
 CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a 
main/calendar/agenda_list.php?type= U ...)
-       TODO: check
+       NOT-FOR-US: Chamilo
 CVE-2021-26745
        RESERVED
 CVE-2021-26744
@@ -1734,7 +1743,9 @@ CVE-2021-26719 (A directory traversal issue was 
discovered in Gradle gradle-ente
 CVE-2021-26718
        RESERVED
 CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 
16.16.1, 17.x  ...)
-       TODO: check
+       - asterisk <unfixed>
+       [buster] - asterisk <not-affected> (Introduced in 16.15.0)
+       NOTE: https://downloads.asterisk.org/pub/security/AST-2021-002.html
 CVE-2021-26716
        RESERVED
 CVE-2021-26715
@@ -1744,7 +1755,8 @@ CVE-2021-26714
 CVE-2021-26713
        RESERVED
 CVE-2021-26712 (Incorrect access controls in res_srtp.c in Sangoma Asterisk 
13.38.1, 1 ...)
-       TODO: check
+       - asterisk <not-affected> (Only affects 16.16)
+       NOTE: https://downloads.asterisk.org/pub/security/AST-2021-002.html
 CVE-2021-26711 (A frame-injection issue in the online help in Redwood 
Report2Web 4.3.4 ...)
        NOT-FOR-US: Redwood Report2Web
 CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in 
Redwood Repor ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e48f44356a7105bacca6394b393039eb5118dcbd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e48f44356a7105bacca6394b393039eb5118dcbd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new u-boot, asterisk issues

Reply via email to