Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
67bd2972 by security tracker role at 2021-08-14T12:45:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2021-38693
+ RESERVED
+CVE-2021-38692
+ RESERVED
+CVE-2021-38691
+ RESERVED
+CVE-2021-38690
+ RESERVED
+CVE-2021-38689
+ RESERVED
+CVE-2021-38688
+ RESERVED
+CVE-2021-38687
+ RESERVED
+CVE-2021-38686
+ RESERVED
+CVE-2021-38685
+ RESERVED
+CVE-2021-38684
+ RESERVED
+CVE-2021-38683
+ RESERVED
+CVE-2021-38682
+ RESERVED
+CVE-2021-38681
+ RESERVED
+CVE-2021-38680
+ RESERVED
+CVE-2021-38679
+ RESERVED
+CVE-2021-38678
+ RESERVED
+CVE-2021-38677
+ RESERVED
+CVE-2021-38676
+ RESERVED
+CVE-2021-38675
+ RESERVED
+CVE-2021-38674
+ RESERVED
+CVE-2021-3706
+ RESERVED
CVE-2021-38673
RESERVED
CVE-2021-38672
@@ -2209,8 +2251,8 @@ CVE-2021-37707
RESERVED
CVE-2021-37706
RESERVED
-CVE-2021-37705
- RESERVED
+CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service
platform. S ...)
+ TODO: check
CVE-2021-37704 (PhpFastCache is a high-performance backend cache system
(packagist pac ...)
TODO: check
CVE-2021-37703 (Discourse is an open-source platform for community discussion.
In Disc ...)
@@ -7291,6 +7333,7 @@ CVE-2021-3615
CVE-2021-3614 (A vulnerability was reported on some Lenovo Notebook systems
that coul ...)
NOT-FOR-US: Lenovo
CVE-2021-35474 (Stack-based Buffer Overflow vulnerability in cachekey plugin
of Apache ...)
+ {DSA-4957-1}
- trafficserver 8.1.1+ds-1.1 (bug #990303)
NOTE:
https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
@@ -14070,18 +14113,21 @@ CVE-2021-32569
CVE-2021-32568
RESERVED
CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache
Traffic Se ...)
+ {DSA-4957-1}
- trafficserver 8.1.1+ds-1.1 (bug #990303)
NOTE:
https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
NOTE:
https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed
(master)
NOTE:
https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277
(8.1.x)
CVE-2021-32566 (Improper Input Validation vulnerability in HTTP/2 of Apache
Traffic Se ...)
+ {DSA-4957-1}
- trafficserver 8.1.1+ds-1.1 (bug #990303)
NOTE:
https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
NOTE:
https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed
(master)
NOTE:
https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277
(8.1.x)
CVE-2021-32565 (Invalid values in the Content-Length header sent to Apache
Traffic Ser ...)
+ {DSA-4957-1}
- trafficserver 8.1.1+ds-1.1 (bug #990303)
NOTE:
https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
@@ -17335,6 +17381,7 @@ CVE-2021-31294
CVE-2021-31293
RESERVED
CVE-2021-31292 (An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3
allows att ...)
+ {DSA-4958-1}
- exiv2 <unfixed> (bug #991706)
[bullseye] - exiv2 0.27.3-3+deb11u1
NOTE: https://github.com/Exiv2/exiv2/issues/1530
@@ -20896,6 +20943,7 @@ CVE-2021-30002 (An issue was discovered in the Linux
kernel before 5.11.3 when a
[buster] - linux 4.19.181-1
NOTE:
https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899
CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including
0.27.4-RC1. ...)
+ {DSA-4958-1}
- exiv2 <unfixed> (bug #986888)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[stretch] - exiv2 <postponed> (Minor issue; can be fixed in next update)
@@ -22026,6 +22074,7 @@ CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is
an open-source collaborat
CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source
collaborative ma ...)
NOT-FOR-US: HedgeDoc
CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read,
write, dele ...)
+ {DSA-4958-1}
- exiv2 <unfixed> (bug #987736)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
@@ -22108,6 +22157,7 @@ CVE-2021-29458 (Exiv2 is a command-line utility and C++
library for reading, wri
NOTE:
https://github.com/Exiv2/exiv2/commit/fadb68718eb1bff3bd3222bd26ff3328f5306730
NOTE:
https://github.com/Exiv2/exiv2/commit/06d2db6e5fd2fcca9c060e95fc97f8a5b5d4c22d
CVE-2021-29457 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
+ {DSA-4958-1}
- exiv2 <unfixed> (bug #991705)
[bullseye] - exiv2 0.27.3-3+deb11u1
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
@@ -26647,6 +26697,7 @@ CVE-2021-27579 (Snow Inventory Agent through 6.7.0 on
Windows uses CPUID to repo
CVE-2021-27578
RESERVED
CVE-2021-27577 (Incorrect handling of url fragment vulnerability of Apache
Traffic Ser ...)
+ {DSA-4957-1}
- trafficserver 8.1.1+ds-1.1 (bug #990303)
NOTE:
https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
@@ -40184,14 +40235,14 @@ CVE-2021-21817 (An information disclosure
vulnerability exists in the Zebra IP R
NOT-FOR-US: D-LINK
CVE-2021-21816 (An information disclosure vulnerability exists in the Syslog
functiona ...)
NOT-FOR-US: D-LINK
-CVE-2021-21815
- RESERVED
-CVE-2021-21814
- RESERVED
-CVE-2021-21813
- RESERVED
-CVE-2021-21812
- RESERVED
+CVE-2021-21815 (A stack-based buffer overflow vulnerability exists in the
command-line ...)
+ TODO: check
+CVE-2021-21814 (Within the function HandleFileArg the argument filepattern is
under co ...)
+ TODO: check
+CVE-2021-21813 (Within the function HandleFileArg the argument filepattern is
under co ...)
+ TODO: check
+CVE-2021-21812 (A stack-based buffer overflow vulnerability exists in the
command-line ...)
+ TODO: check
CVE-2021-21811
RESERVED
CVE-2021-21810
@@ -72318,12 +72369,12 @@ CVE-2020-21068
RESERVED
CVE-2020-21067
RESERVED
-CVE-2020-21066
- RESERVED
+CVE-2020-21066 (An issue was discovered in Bento4 v1.5.1.0. There is a
heap-buffer-ove ...)
+ TODO: check
CVE-2020-21065
RESERVED
-CVE-2020-21064
- RESERVED
+CVE-2020-21064 (A buffer-overflow vulnerability in the
AP4_RtpAtom::AP4_RtpAtom functi ...)
+ TODO: check
CVE-2020-21063
RESERVED
CVE-2020-21062
@@ -105673,6 +105724,7 @@ CVE-2019-20422 (In the Linux kernel before 5.3.4,
fib6_rule_lookup in net/ipv6/i
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7b09c2d052db4b4ad0b27b97918b46a7746966fa
CVE-2019-20421 (In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2,
an input ...)
+ {DSA-4958-1}
- exiv2 0.27.2-8 (low; bug #950183)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67bd2972e76d138f59b5dfc3432a9b6d4720fd5f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67bd2972e76d138f59b5dfc3432a9b6d4720fd5f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
