Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: a736b065 by Moritz Mühlenhoff at 2021-03-06T21:17:39+01:00 various bugs - - - - - e466c26f by Moritz Mühlenhoff at 2021-03-06T21:17:41+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -13,7 +13,7 @@ CVE-2021-28044 CVE-2021-28043 RESERVED CVE-2021-28042 (Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Tra ...) - TODO: check + NOT-FOR-US: Deutsche Post Mailoptimizer CVE-2021-3423 RESERVED CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...) @@ -25,27 +25,27 @@ CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be re CVE-2021-28040 (An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vuln ...) - ossec-hids <itp> (bug #361954) CVE-2021-28037 (An issue was discovered in the internment crate before 0.4.2 for Rust. ...) - TODO: check + NOT-FOR-US: Rust crate internment CVE-2021-28036 (An issue was discovered in the quinn crate before 0.7.0 for Rust. It m ...) - TODO: check + NOT-FOR-US: Rust crate quinn CVE-2021-28035 (An issue was discovered in the stack_dst crate before 0.6.1 for Rust. ...) - TODO: check + NOT-FOR-US: Rust crate stack_dst CVE-2021-28034 (An issue was discovered in the stack_dst crate before 0.6.1 for Rust. ...) - TODO: check + NOT-FOR-US: Rust crate stack_dst CVE-2021-28033 (An issue was discovered in the byte_struct crate before 0.6.1 for Rust ...) - TODO: check + NOT-FOR-US: Rust crate byte_struct CVE-2021-28032 (An issue was discovered in the nano_arena crate before 0.5.2 for Rust. ...) - TODO: check + NOT-FOR-US: Rust crate nano_arena CVE-2021-28031 (An issue was discovered in the scratchpad crate before 1.3.1 for Rust. ...) - TODO: check + NOT-FOR-US: Rust crate scratchpad CVE-2021-28030 (An issue was discovered in the truetype crate before 0.30.1 for Rust. ...) - TODO: check + NOT-FOR-US: Rust crate truetype CVE-2021-28029 (An issue was discovered in the toodee crate before 0.3.0 for Rust. The ...) - TODO: check + NOT-FOR-US: Rust crate toodee CVE-2021-28028 (An issue was discovered in the toodee crate before 0.3.0 for Rust. Row ...) - TODO: check + NOT-FOR-US: Rust crate toodee CVE-2021-28027 (An issue was discovered in the bam crate before 0.1.3 for Rust. There ...) - TODO: check + NOT-FOR-US: Rust crate bam CVE-2021-28026 (jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff ...) - jpeg-xl <itp> (bug #948862) CVE-2021-28025 @@ -9553,7 +9553,7 @@ CVE-2021-23898 CVE-2021-23897 RESERVED CVE-2021-25900 (An issue was discovered in the smallvec crate before 0.6.14 and 1.x be ...) - - rust-smallvec <unfixed> + - rust-smallvec <unfixed> (bug #984665) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0003.html NOTE: https://github.com/servo/rust-smallvec/issues/252 CVE-2021-3127 @@ -15335,7 +15335,7 @@ CVE-2019-25009 (An issue was discovered in the http crate before 0.1.20 for Rust - rust-http <unfixed> NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0034.html CVE-2019-25008 (An issue was discovered in the http crate before 0.1.20 for Rust. Head ...) - - rust-http <unfixed> + - rust-http <unfixed> (bug #969896) NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0033.html CVE-2019-25007 (An issue was discovered in the streebog crate before 0.8.0 for Rust. T ...) NOT-FOR-US: streebog rust crate @@ -74209,7 +74209,7 @@ CVE-2020-9490 (Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted NOTE: https://github.com/apache/httpd/commit/a61223e9cb906110f35ec144b93fee9eb80ad6e4 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2030 CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit in Tika' ...) - - tika <unfixed> + - tika <unfixed> (bug #984666) [bullseye] - tika <no-dsa> (Minor issue) [buster] - tika <no-dsa> (Minor issue) [jessie] - tika <ignored> (the fix is too invasive to backport) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0baaf4a49cc766af0c50e00266bb97bac62dfa24...e466c26fa7aa30d78c669f0353d879490d53be34 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0baaf4a49cc766af0c50e00266bb97bac62dfa24...e466c26fa7aa30d78c669f0353d879490d53be34 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits