Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: e48f4435 by Moritz Muehlenhoff at 2021-02-19T23:07:42+01:00 new u-boot, asterisk issues NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -213,15 +213,15 @@ CVE-2021-27401 CVE-2021-27400 RESERVED CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has one out ...) - TODO: check + - owncloud <removed> CVE-2020-36251 (ownCloud Server before 10.3.0 allows an attacker, who has received non ...) - TODO: check + - owncloud <removed> CVE-2020-36250 (In the ownCloud application before 2.15 for Android, the lock protecti ...) - TODO: check + NOT-FOR-US: ownCloud app for Android CVE-2020-36249 (The File Firewall before 2.8.0 for ownCloud Server does not properly e ...) - TODO: check + NOT-FOR-US: ownCloud addon CVE-2020-36248 (The ownCloud application before 2.15 for Android allows attackers to u ...) - TODO: check + NOT-FOR-US: ownCloud app for Android CVE-2020-36247 (Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. ...) NOT-FOR-US: Open OnDemand CVE-2020-36246 (Amaze File Manager before 3.5.1 allows attackers to obtain root privil ...) @@ -792,7 +792,11 @@ CVE-2021-27140 (An issue was discovered on FiberHome HG6245D devices through RP2 CVE-2021-27139 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) NOT-FOR-US: FiberHome devices CVE-2021-27138 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of uni ...) - TODO: check + - u-boot <unfixed> + [buster] - u-boot <no-dsa> (Minor issue) + NOTE: https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917 + NOTE: https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4 + NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0 CVE-2021-27137 RESERVED CVE-2021-27136 @@ -880,7 +884,11 @@ CVE-2021-27099 CVE-2021-27098 RESERVED CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified ...) - TODO: check + - u-boot <unfixed> + [buster] - u-boot <no-dsa> (Minor issue) + NOTE: https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01 + NOTE: https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b + NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0 CVE-2021-27096 RESERVED CVE-2021-27095 @@ -1312,7 +1320,8 @@ CVE-2021-26908 CVE-2021-26907 RESERVED CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium Asterisk thro ...) - TODO: check + - asterisk <unfixed> + NOTE: https://downloads.asterisk.org/pub/security/AST-2021-005.html CVE-2021-3402 RESERVED - yara 4.0.4-1 @@ -1672,7 +1681,7 @@ CVE-2021-26748 CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metach ...) NOT-FOR-US: Netis devices CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= U ...) - TODO: check + NOT-FOR-US: Chamilo CVE-2021-26745 RESERVED CVE-2021-26744 @@ -1734,7 +1743,9 @@ CVE-2021-26719 (A directory traversal issue was discovered in Gradle gradle-ente CVE-2021-26718 RESERVED CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x ...) - TODO: check + - asterisk <unfixed> + [buster] - asterisk <not-affected> (Introduced in 16.15.0) + NOTE: https://downloads.asterisk.org/pub/security/AST-2021-002.html CVE-2021-26716 RESERVED CVE-2021-26715 @@ -1744,7 +1755,8 @@ CVE-2021-26714 CVE-2021-26713 RESERVED CVE-2021-26712 (Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 1 ...) - TODO: check + - asterisk <not-affected> (Only affects 16.16) + NOTE: https://downloads.asterisk.org/pub/security/AST-2021-002.html CVE-2021-26711 (A frame-injection issue in the online help in Redwood Report2Web 4.3.4 ...) NOT-FOR-US: Redwood Report2Web CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in Redwood Repor ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e48f44356a7105bacca6394b393039eb5118dcbd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e48f44356a7105bacca6394b393039eb5118dcbd You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits