Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 67bd2972 by security tracker role at 2021-08-14T12:45:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,45 @@ +CVE-2021-38693 + RESERVED +CVE-2021-38692 + RESERVED +CVE-2021-38691 + RESERVED +CVE-2021-38690 + RESERVED +CVE-2021-38689 + RESERVED +CVE-2021-38688 + RESERVED +CVE-2021-38687 + RESERVED +CVE-2021-38686 + RESERVED +CVE-2021-38685 + RESERVED +CVE-2021-38684 + RESERVED +CVE-2021-38683 + RESERVED +CVE-2021-38682 + RESERVED +CVE-2021-38681 + RESERVED +CVE-2021-38680 + RESERVED +CVE-2021-38679 + RESERVED +CVE-2021-38678 + RESERVED +CVE-2021-38677 + RESERVED +CVE-2021-38676 + RESERVED +CVE-2021-38675 + RESERVED +CVE-2021-38674 + RESERVED +CVE-2021-3706 + RESERVED CVE-2021-38673 RESERVED CVE-2021-38672 @@ -2209,8 +2251,8 @@ CVE-2021-37707 RESERVED CVE-2021-37706 RESERVED -CVE-2021-37705 - RESERVED +CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. S ...) + TODO: check CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...) TODO: check CVE-2021-37703 (Discourse is an open-source platform for community discussion. In Disc ...) @@ -7291,6 +7333,7 @@ CVE-2021-3615 CVE-2021-3614 (A vulnerability was reported on some Lenovo Notebook systems that coul ...) NOT-FOR-US: Lenovo CVE-2021-35474 (Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache ...) + {DSA-4957-1} - trafficserver 8.1.1+ds-1.1 (bug #990303) NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) @@ -14070,18 +14113,21 @@ CVE-2021-32569 CVE-2021-32568 RESERVED CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...) + {DSA-4957-1} - trafficserver 8.1.1+ds-1.1 (bug #990303) NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) NOTE: https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed (master) NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) CVE-2021-32566 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...) + {DSA-4957-1} - trafficserver 8.1.1+ds-1.1 (bug #990303) NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) NOTE: https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed (master) NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) CVE-2021-32565 (Invalid values in the Content-Length header sent to Apache Traffic Ser ...) + {DSA-4957-1} - trafficserver 8.1.1+ds-1.1 (bug #990303) NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) @@ -17335,6 +17381,7 @@ CVE-2021-31294 CVE-2021-31293 RESERVED CVE-2021-31292 (An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows att ...) + {DSA-4958-1} - exiv2 <unfixed> (bug #991706) [bullseye] - exiv2 0.27.3-3+deb11u1 NOTE: https://github.com/Exiv2/exiv2/issues/1530 @@ -20896,6 +20943,7 @@ CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899 CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. ...) + {DSA-4958-1} - exiv2 <unfixed> (bug #986888) [bullseye] - exiv2 <no-dsa> (Minor issue) [stretch] - exiv2 <postponed> (Minor issue; can be fixed in next update) @@ -22026,6 +22074,7 @@ CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is an open-source collaborat CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...) NOT-FOR-US: HedgeDoc CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...) + {DSA-4958-1} - exiv2 <unfixed> (bug #987736) [bullseye] - exiv2 <no-dsa> (Minor issue) [stretch] - exiv2 <not-affected> (Vulnerable code introduced later) @@ -22108,6 +22157,7 @@ CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading, wri NOTE: https://github.com/Exiv2/exiv2/commit/fadb68718eb1bff3bd3222bd26ff3328f5306730 NOTE: https://github.com/Exiv2/exiv2/commit/06d2db6e5fd2fcca9c060e95fc97f8a5b5d4c22d CVE-2021-29457 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + {DSA-4958-1} - exiv2 <unfixed> (bug #991705) [bullseye] - exiv2 0.27.3-3+deb11u1 NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm @@ -26647,6 +26697,7 @@ CVE-2021-27579 (Snow Inventory Agent through 6.7.0 on Windows uses CPUID to repo CVE-2021-27578 RESERVED CVE-2021-27577 (Incorrect handling of url fragment vulnerability of Apache Traffic Ser ...) + {DSA-4957-1} - trafficserver 8.1.1+ds-1.1 (bug #990303) NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) @@ -40184,14 +40235,14 @@ CVE-2021-21817 (An information disclosure vulnerability exists in the Zebra IP R NOT-FOR-US: D-LINK CVE-2021-21816 (An information disclosure vulnerability exists in the Syslog functiona ...) NOT-FOR-US: D-LINK -CVE-2021-21815 - RESERVED -CVE-2021-21814 - RESERVED -CVE-2021-21813 - RESERVED -CVE-2021-21812 - RESERVED +CVE-2021-21815 (A stack-based buffer overflow vulnerability exists in the command-line ...) + TODO: check +CVE-2021-21814 (Within the function HandleFileArg the argument filepattern is under co ...) + TODO: check +CVE-2021-21813 (Within the function HandleFileArg the argument filepattern is under co ...) + TODO: check +CVE-2021-21812 (A stack-based buffer overflow vulnerability exists in the command-line ...) + TODO: check CVE-2021-21811 RESERVED CVE-2021-21810 @@ -72318,12 +72369,12 @@ CVE-2020-21068 RESERVED CVE-2020-21067 RESERVED -CVE-2020-21066 - RESERVED +CVE-2020-21066 (An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-ove ...) + TODO: check CVE-2020-21065 RESERVED -CVE-2020-21064 - RESERVED +CVE-2020-21064 (A buffer-overflow vulnerability in the AP4_RtpAtom::AP4_RtpAtom functi ...) + TODO: check CVE-2020-21063 RESERVED CVE-2020-21062 @@ -105673,6 +105724,7 @@ CVE-2019-20422 (In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/i - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7b09c2d052db4b4ad0b27b97918b46a7746966fa CVE-2019-20421 (In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input ...) + {DSA-4958-1} - exiv2 0.27.2-8 (low; bug #950183) [stretch] - exiv2 <ignored> (Minor issue) [jessie] - exiv2 <ignored> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67bd2972e76d138f59b5dfc3432a9b6d4720fd5f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67bd2972e76d138f59b5dfc3432a9b6d4720fd5f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits