[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim ruby-activerecord-session-store
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 47df9443 by Abhijith PA at 2021-04-07T10:36:50+05:30 data/dla-needed.txt: Claim ruby-activerecord-session-store - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -99,7 +99,7 @@ ruby-actionpack-page-caching NOTE: 20200819: uses the path without normalising any "../" etc., simply NOTE: 20200819: URI.parser.unescap-ing it. Requires more investigation. (lamby) -- -ruby-activerecord-session-store +ruby-activerecord-session-store (Abhijith PA) -- ruby-carrierwave NOTE: 20210320: Will be difficult to backport as code in LTS version appears View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47df94432b073f5b53ccdc7809a94df722084d88 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47df94432b073f5b53ccdc7809a94df722084d88 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f125eb44 by Salvatore Bonaccorso at 2021-04-06T22:27:35+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -299,9 +299,9 @@ CVE-2021-30048 CVE-2021-30047 RESERVED CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmentation f ...) - TODO: check + NOT-FOR-US: VIGRA Computer Vision Library CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: SerenityOS CVE-2021-30044 RESERVED CVE-2021-30043 @@ -1174,9 +1174,9 @@ CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11. tipc [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/0217ed2848e8538bcf9172d97ed2eeb4a26041bb CVE-2020-36285 (Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Impro ...) - TODO: check + NOT-FOR-US: Union Pay CVE-2020-36284 (Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper ...) - TODO: check + NOT-FOR-US: Union Pay CVE-2021-3480 RESERVED CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in versions bef ...) @@ -2886,7 +2886,7 @@ CVE-2021-28876 CVE-2021-28875 RESERVED CVE-2021-28874 (SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contai ...) - TODO: check + NOT-FOR-US: SerenityOS CVE-2021-28873 RESERVED CVE-2021-28872 @@ -4404,11 +4404,11 @@ CVE-2021-28175 (The Radius configuration function in ASUS BMCs firmware W CVE-2021-28174 RESERVED CVE-2021-28173 (The file upload function of Vangene deltaFlow E-platform does not perf ...) - TODO: check + NOT-FOR-US: Vangene deltaFlow E-platform CVE-2021-28172 (There is a Path Traversal vulnerability in the file download function ...) - TODO: check + NOT-FOR-US: Vangene deltaFlow E-platform CVE-2021-28171 (The Vangene deltaFlow E-platform does not take properly protective mea ...) - TODO: check + NOT-FOR-US: Vangene deltaFlow E-platform CVE-2021-28170 RESERVED CVE-2021-28169 @@ -4527,7 +4527,7 @@ CVE-2021-28144 (prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows re CVE-2021-28143 (/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated ...) NOT-FOR-US: D-Link CVE-2021-28142 (CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete." ...) - TODO: check + NOT-FOR-US: CITSmart CVE-2021-28141 (** DISPUTED ** An issue was discovered in Progress Telerik UI for ASP. ...) NOT-FOR-US: Telerik CVE-2021-28140 @@ -4754,7 +4754,7 @@ CVE-2021-28077 CVE-2021-28076 RESERVED CVE-2021-28075 (iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulner ...) - TODO: check + NOT-FOR-US: iKuaiOS CVE-2021-28074 RESERVED CVE-2021-28073 @@ -5624,9 +5624,9 @@ CVE-2021-27700 CVE-2021-27699 RESERVED CVE-2021-27698 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/g ...) - TODO: check + NOT-FOR-US: RIOT RIOT-OS CVE-2021-27697 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gn ...) - TODO: check + NOT-FOR-US: RIOT RIOT-OS CVE-2021-27696 RESERVED CVE-2021-27695 (Multiple stored cross-site scripting (XSS) vulnerabilities in openMAIN ...) @@ -6376,7 +6376,7 @@ CVE-2021-27359 CVE-2021-27358 (The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unaut ...) - grafana CVE-2021-27357 (RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/g ...) - TODO: check + NOT-FOR-US: RIOT RIOT-OS CVE-2021-27356 RESERVED CVE-2021-27355 @@ -6409,7 +6409,7 @@ CVE-2021-27345 CVE-2021-27344 RESERVED CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: ...) - TODO: check + NOT-FOR-US: SerenityOS CVE-2021-27342 RESERVED CVE-2021-27341 @@ -7599,7 +7599,7 @@ CVE-2021-26835 CVE-2021-26834 RESERVED CVE-2021-26833 (Code Execution vulnerability in Profile Picture upload in TimelyBills ...) - TODO: check + NOT-FOR-US: TimelyBills App Budget, Expense tracker & Bills CVE-2021-26832 RESERVED CVE-2021-26831 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f125eb4485f836e54b78e05ddb5ed5885ec2e8bd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f125eb4485f836e54b78e05ddb5ed5885ec2e8bd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-30130/phpseclib
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f5c5845a by Salvatore Bonaccorso at 2021-04-06T22:26:45+02:00 Add CVE-2021-30130/phpseclib - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -130,7 +130,8 @@ CVE-2021-30132 CVE-2021-30131 RESERVED CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...) - TODO: check + - phpseclib + NOTE: https://github.com/phpseclib/phpseclib/pull/1635 CVE-2021-30129 RESERVED CVE-2021-30128 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5c5845a7e160ef067971b0142cb57b9e9c61198 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5c5845a7e160ef067971b0142cb57b9e9c61198 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new redmine issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2aec5129 by Salvatore Bonaccorso at 2021-04-06T22:22:23+02:00 Add new redmine issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,9 +29,11 @@ CVE-2021-30166 CVE-2021-30165 RESERVED CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...) - TODO: check + - redmine + TODO: check fixing commit, fixed in 4.0.8 CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...) - TODO: check + - redmine + TODO: check fixing commit, fixed in 4.0.8 CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 4.4 throu ...) NOT-FOR-US: LG mobile devices CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...) @@ -55,13 +57,17 @@ CVE-2021-23158 CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...) TODO: check CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discov ...) - TODO: check + - redmine 4.0.7-1 + TODO: check fixing commit, fixed in 4.0.7 CVE-2020-36307 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile ...) - TODO: check + - redmine 4.0.7-1 + TODO: check fixing commit, fixed in 4.0.7 CVE-2020-36306 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url f ...) - TODO: check + - redmine 4.0.7-1 + TODO: check fixing commit, fixed in 4.0.7 CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data duri ...) - TODO: check + - redmine 4.0.6-1 + TODO: check fixing commit, fixed in 4.0.6 CVE-2021-30160 RESERVED CVE-2021-30159 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2aec51292b89493873214092d0c056ec874a391c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2aec51292b89493873214092d0c056ec874a391c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 453bf7d0 by Salvatore Bonaccorso at 2021-04-06T22:18:40+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33,9 +33,9 @@ CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...) TODO: check CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 4.4 throu ...) - TODO: check + NOT-FOR-US: LG mobile devices CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...) - TODO: check + NOT-FOR-US: LG mobile devices CVE-2021-26948 RESERVED CVE-2021-26259 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/453bf7d04400728acdeef059a2765d4f9a5696b1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/453bf7d04400728acdeef059a2765d4f9a5696b1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fa58a1cf by security tracker role at 2021-04-06T20:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,67 @@ +CVE-2021-3484 + RESERVED +CVE-2021-3483 + RESERVED +CVE-2021-30177 + RESERVED +CVE-2021-30176 + RESERVED +CVE-2021-30175 + RESERVED +CVE-2021-30174 + RESERVED +CVE-2021-30173 + RESERVED +CVE-2021-30172 + RESERVED +CVE-2021-30171 + RESERVED +CVE-2021-30170 + RESERVED +CVE-2021-30169 + RESERVED +CVE-2021-30168 + RESERVED +CVE-2021-30167 + RESERVED +CVE-2021-30166 + RESERVED +CVE-2021-30165 + RESERVED +CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...) + TODO: check +CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...) + TODO: check +CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 4.4 throu ...) + TODO: check +CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...) + TODO: check +CVE-2021-26948 + RESERVED +CVE-2021-26259 + RESERVED +CVE-2021-26252 + RESERVED +CVE-2021-23206 + RESERVED +CVE-2021-23191 + RESERVED +CVE-2021-23180 + RESERVED +CVE-2021-23165 + RESERVED +CVE-2021-23158 + RESERVED +CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...) + TODO: check +CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discov ...) + TODO: check +CVE-2020-36307 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile ...) + TODO: check +CVE-2020-36306 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url f ...) + TODO: check +CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data duri ...) + TODO: check CVE-2021-30160 RESERVED CVE-2021-30159 @@ -27,8 +91,8 @@ CVE-2021-30148 RESERVED CVE-2021-30147 RESERVED -CVE-2021-30146 - RESERVED +CVE-2021-30146 (Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library f ...) + TODO: check CVE-2021-30145 RESERVED CVE-2021-30144 (The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileg ...) @@ -39,8 +103,8 @@ CVE-2021-30142 RESERVED CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica through 202 ...) NOT-FOR-US: Friendica -CVE-2021-30140 - RESERVED +CVE-2021-30140 (LiquidFiles 3.4.15 has stored XSS through the "send email" functionali ...) + TODO: check CVE-2021-30139 RESERVED CVE-2021-30138 @@ -59,8 +123,8 @@ CVE-2021-30132 RESERVED CVE-2021-30131 RESERVED -CVE-2021-30130 - RESERVED +CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...) + TODO: check CVE-2021-30129 RESERVED CVE-2021-30128 @@ -227,10 +291,10 @@ CVE-2021-30048 RESERVED CVE-2021-30047 RESERVED -CVE-2021-30046 - RESERVED -CVE-2021-30045 - RESERVED +CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmentation f ...) + TODO: check +CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the ...) + TODO: check CVE-2021-30044 RESERVED CVE-2021-30043 @@ -1102,10 +1166,10 @@ CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11. tipc [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/0217ed2848e8538bcf9172d97ed2eeb4a26041bb -CVE-2020-36285 - RESERVED -CVE-2020-36284 - RESERVED +CVE-2020-36285 (Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Impro ...) + TODO: check +CVE-2020-36284 (Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper ...) + TODO: check CVE-2021-3480 RESERVED CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in versions bef ...) @@ -2234,8 +2298,7 @@ CVE-2021-29138 RESERVED CVE-2021-29137 RESERVED -CVE-2021-29136 - RESERVED +CVE-2021-29136 (Open Container Initiative umoci before 0.4.7 allows attackers to overw ...) - umoci 0.4.7+ds-1 NOTE: https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v NOTE: https://github.com/opencontainers/umoci/commit/d9efc31daf2206f7d3fdb839863cf7a576a2eb57 (v0.4.7) @@ -2815,8 +2878,8 @@ CVE-2021-28876 RESERVED CVE-2021-28875 RESERVED -CVE-2021-28874 - RESERVED +CVE-2021-28874 (SerenityOS fixed as of
[Git][security-tracker-team/security-tracker][master] CVE-2021-29136: directly reference the fixing commit
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ef6f2afb by Salvatore Bonaccorso at 2021-04-06T22:08:42+02:00 CVE-2021-29136: directly reference the fixing commit - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2238,7 +2238,7 @@ CVE-2021-29136 RESERVED - umoci 0.4.7+ds-1 NOTE: https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v - NOTE: https://github.com/opencontainers/umoci/commit/9b9c3cae049b1c79974ad54f1822a8a58d77ad32 + NOTE: https://github.com/opencontainers/umoci/commit/d9efc31daf2206f7d3fdb839863cf7a576a2eb57 (v0.4.7) CVE-2021-29135 RESERVED CVE-2020-36283 (HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef6f2afb00050b77ef6ebe5dcec0a6cd3b7a8275 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef6f2afb00050b77ef6ebe5dcec0a6cd3b7a8275 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add GHSA reference for CVE-2021-29136
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ee8b16d by Salvatore Bonaccorso at 2021-04-06T22:07:22+02:00 Add GHSA reference for CVE-2021-29136 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2237,6 +2237,7 @@ CVE-2021-29137 CVE-2021-29136 RESERVED - umoci 0.4.7+ds-1 + NOTE: https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v NOTE: https://github.com/opencontainers/umoci/commit/9b9c3cae049b1c79974ad54f1822a8a58d77ad32 CVE-2021-29135 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ee8b16d3fa5e66f93bf740ab44813630bb757ae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ee8b16d3fa5e66f93bf740ab44813630bb757ae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-28851/golang-golang-x-text
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 317856f8 by Salvatore Bonaccorso at 2021-04-06T20:52:05+02:00 Add CVE-2020-28851/golang-golang-x-text - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29485,7 +29485,7 @@ CVE-2020-28852 (In x/text in Go before v0.3.5, a "slice bounds out of range" pan NOTE: https://github.com/golang/go/issues/42536 NOTE: https://github.com/golang/text/commit/4482a914f52311356f6f4b7a695d4075ca22c0c6 (v0.3.5) CVE-2020-28851 (In x/text in Go 1.15.4, an "index out of range" panic occurs in langua ...) - - golang-golang-x-text (bug #980001) + - golang-golang-x-text 0.3.6-1 (bug #980001) - golang-x-text NOTE: https://github.com/golang/go/issues/42535 CVE-2020-28850 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/317856f840b441f3f2d58a11d8d8b80bef6bfef4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/317856f840b441f3f2d58a11d8d8b80bef6bfef4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Associate umoci issue to CVE-2021-29136
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1e722aa7 by Salvatore Bonaccorso at 2021-04-06T20:41:48+02:00 Associate umoci issue to CVE-2021-29136 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2236,10 +2236,10 @@ CVE-2021-29137 RESERVED CVE-2021-29136 RESERVED -CVE-2021-29135 - RESERVED - umoci 0.4.7+ds-1 NOTE: https://github.com/opencontainers/umoci/commit/9b9c3cae049b1c79974ad54f1822a8a58d77ad32 +CVE-2021-29135 + RESERVED CVE-2020-36283 (HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when ...) NOT-FOR-US: HID OMNIKEY 5427 and OMNIKEY 5127 readers CVE-2021-3464 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e722aa74bffaf682c043a231f2c7e31b566 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e722aa74bffaf682c043a231f2c7e31b566 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new umoci issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c5e95178 by Moritz Muehlenhoff at 2021-04-06T19:33:23+02:00 new umoci issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2238,6 +2238,8 @@ CVE-2021-29136 RESERVED CVE-2021-29135 RESERVED + - umoci 0.4.7+ds-1 + NOTE: https://github.com/opencontainers/umoci/commit/9b9c3cae049b1c79974ad54f1822a8a58d77ad32 CVE-2020-36283 (HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when ...) NOT-FOR-US: HID OMNIKEY 5427 and OMNIKEY 5127 readers CVE-2021-3464 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5e951781c0a01c2fee4951dc25c8abffdaecc44 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5e951781c0a01c2fee4951dc25c8abffdaecc44 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] buster triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: cfb4f210 by Moritz Muehlenhoff at 2021-04-06T19:31:23+02:00 buster triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -439,6 +439,7 @@ CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a CVE-2021-3482 [heap-based buffer overflow in Jp2Image::readMetadata() in jp2image.cpp] RESERVED - exiv2 + [buster] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/1522 CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file] RESERVED @@ -1962,6 +1963,7 @@ CVE-2021-3469 CVE-2021-3468 [Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket] RESERVED - avahi (bug #984938) + [buster] - avahi (Minor issue) NOTE: https://github.com/lathiat/avahi/pull/330 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3 CVE-2021-29262 @@ -15661,6 +15663,7 @@ CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 3.7.0 - python3.5 - python2.7 [bullseye] - python2.7 (Python 2.7 in Bullseye not covered by security support) + [buster] - python2.7 (Minor issue) - pypy3 7.3.3+dfsg-3 [buster] - pypy3 (Minor issue) NOTE: https://github.com/python/cpython/pull/24297 @@ -20130,6 +20133,7 @@ CVE-2020-35922 (An issue was discovered in the mio crate before 0.7.6 for Rust. TODO: check CVE-2020-35920 (An issue was discovered in the socket2 crate before 0.3.16 for Rust. I ...) - rust-socket2 0.3.19-1 + [buster] - rust-socket2 (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0079.html NOTE: https://github.com/rust-lang/socket2-rs/issues/119 CVE-2020-35918 (An issue was discovered in the branca crate before 0.10.0 for Rust. De ...) @@ -23649,8 +23653,9 @@ CVE-2021-20310 CVE-2021-20309 RESERVED CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow attackers ...) - - htmldoc + - htmldoc (unimportant) NOTE: https://github.com/michaelrsweet/htmldoc/issues/423 + NOTE: Crash in CLI tool, no security impact CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in libpano1 ...) - libpano13 2.9.20~rc3+dfsg-1 (bug #985249) [buster] - libpano13 2.9.19+dfsg-3+deb10u1 @@ -23659,6 +23664,7 @@ CVE-2021-20306 RESERVED CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where several Net ...) - nettle 3.7.2-1 (bug #985652) + [buster] - nettle (Minor issue) NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html NOTE: New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical: NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/a63893791280d441c713293491da97c79c0950fe @@ -23932,11 +23938,12 @@ CVE-2021-20244 (A flaw was found in ImageMagick in MagickCore/visual-effects.c. NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d NOTE: In IM6 the code seems to be in magick/fx.c CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An attacker wh ...) - - imagemagick + - imagemagick + [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/pull/3193 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/9751bd619872c8e58609fbed56c4827afa083b40 - TODO: check + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745 (resize.c hunk) CVE-2021-20242 REJECTED CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker who submi ...) @@ -40200,6 +40207,7 @@ CVE-2020-25694 (A flaw was found in PostgreSQL versions before 13.1, before 12.5 CVE-2020-25693 (A flaw was found in CImg in versions prior to 2.9.3. Integer overflows ...) {DLA-2462-1} - cimg 2.9.4+dfsg-2 (bug #973770) + [buster] - cimg (Minor issue) NOTE: https://github.com/dtschump/CImg/pull/295 NOTE: https://bugs.launchpad.net/ubuntu/+source/cimg/+bug/1900983 NOTE: Fixed by: https://github.com/dtschump/CImg/commit/4f184f89f9ab6785a6c90fd238dbaa6d901d3505 @@ -70559,6 +70567,7 @@ CVE-2020-12365 (Untrusted pointer dereference in some Intel(R) Graphics Drivers CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for Windows* ...) - linux - firmware-nonfree 20210208-1 + [buster] - firmware-nonfree (Non-free not supported) NOTE: Short of details:
[Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert pushed to branch master at Debian Security Tracker / security-tracker Commits: 2b42e575 by Michael Gilbert at 2021-04-06T13:34:50+00:00 chromium dsa - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[06 Apr 2021] DSA-4886-1 chromium - security update + {CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199} + [buster] - chromium 89.0.4389.114-1~deb10u1 [05 Apr 2021] DSA-4885-1 netty - security update {CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 CVE-2020-11612 CVE-2021-21290 CVE-2021-21295 CVE-2021-21409} [buster] - netty 1:4.1.33-1+deb10u2 = data/dsa-needed.txt = @@ -14,9 +14,6 @@ If needed, specify the release by adding a slash after the name of the source pa -- condor -- -chromium - Package was prepared by Michel Le Bihan (already uploaded), needd review for DSA release --- knot-resolver Santiago Ruano Rincón proposed a debdiff for review -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b42e575970ab2a544933c78d7d86670865dda0b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b42e575970ab2a544933c78d7d86670865dda0b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2620-1 for python-bleach
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: c590998f by Chris Lamb at 2021-04-06T13:20:03+01:00 Reserve DLA-2620-1 for python-bleach - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[06 Apr 2021] DLA-2620-1 python-bleach - security update + {CVE-2021-23980} + [stretch] - python-bleach 2.0-1+deb9u1 [05 Apr 2021] DLA-2619-1 python3.5 - security update {CVE-2021-3177 CVE-2021-3426 CVE-2021-23336} [stretch] - python3.5 3.5.3-1+deb9u4 = data/dla-needed.txt = @@ -85,8 +85,6 @@ opendmarc -- php-pear (Sylvain Beucler) -- -python-bleach (Chris Lamb) --- python2.7 (Anton Gladky) NOTE: 20210316: Same issue as python3.5 immediately below; suggest handled by same maintainer. (lamby) NOTE: 20210320: https://salsa.debian.org/lts-team/packages/python2.7 (gladk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c590998fb9e348ebe6ebf6f84a24478b60b429aa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c590998fb9e348ebe6ebf6f84a24478b60b429aa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-28658/python-django via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2cb0b9dc by Salvatore Bonaccorso at 2021-04-06T13:24:45+02:00 Track fixed version for CVE-2021-28658/python-django via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3276,7 +3276,7 @@ CVE-2021-28659 RESERVED CVE-2021-28658 RESERVED - - python-django (bug #986447) + - python-django 2:2.2.20-1 (bug #986447) NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/ NOTE: https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd (main) NOTE: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 (2.2.20) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2cb0b9dc21047efc9bf2865e40104a3a9d648b56 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2cb0b9dc21047efc9bf2865e40104a3a9d648b56 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference commits for CVE-2021-28658/python-django
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ea600e14 by Salvatore Bonaccorso at 2021-04-06T10:51:28+02:00 Reference commits for CVE-2021-28658/python-django - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3278,6 +3278,8 @@ CVE-2021-28658 RESERVED - python-django (bug #986447) NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/ + NOTE: https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd (main) + NOTE: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 (2.2.20) CVE-2021-28657 (A carefully crafted or corrupt file may trigger an infinite loop in Ti ...) - tika NOTE: https://www.openwall.com/lists/oss-security/2021/03/30/3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea600e1456f431ed5ead4d7fa6598ad9d70ad031 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea600e1456f431ed5ead4d7fa6598ad9d70ad031 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-28658/python-django
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 47b54d26 by Salvatore Bonaccorso at 2021-04-06T10:49:02+02:00 Add CVE-2021-28658/python-django - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3276,6 +3276,8 @@ CVE-2021-28659 RESERVED CVE-2021-28658 RESERVED + - python-django (bug #986447) + NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/ CVE-2021-28657 (A carefully crafted or corrupt file may trigger an infinite loop in Ti ...) - tika NOTE: https://www.openwall.com/lists/oss-security/2021/03/30/3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47b54d261fb66019880ecdf7ccdb27028fab2d20 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47b54d261fb66019880ecdf7ccdb27028fab2d20 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 77f779d4 by Salvatore Bonaccorso at 2021-04-06T10:20:48+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -38,7 +38,7 @@ CVE-2021-30143 CVE-2021-30142 RESERVED CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica through 202 ...) - TODO: check + NOT-FOR-US: Friendica CVE-2021-30140 RESERVED CVE-2021-30139 @@ -4255,75 +4255,75 @@ CVE-2021-28210 [unlimited FV recursion, round 2] NOTE: https://github.com/tianocore/edk2/pull/1137 NOTE: https://github.com/tianocore/edk2/commit/47343af30435302c087027177613412a1a83e919 CVE-2021-28209 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28208 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28207 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28206 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28205 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28204 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28203 (The Web Set Media Image function in ASUS BMCs firmware Web mana ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28202 (The Service configuration-2 function in ASUS BMCs firmware Web ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28201 (The Service configuration-1 function in ASUS BMCs firmware Web ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28200 (The CD media configuration function in ASUS BMCs firmware Web m ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28199 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28198 (The Firmware protocol configuration function in ASUS BMCs firmw ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28197 (The Active Directory configuration function in ASUS BMCs firmwa ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28196 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28195 (The Radius configuration function in ASUS BMCs firmware Web man ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28194 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28193 (The SMTP configuration function in ASUS BMCs firmware Web manag ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28192 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28191 (The Firmware update function in ASUS BMCs firmware Web manageme ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28190 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28189 (The SMTP configuration function in ASUS BMCs firmware Web manag ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28188 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28187 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28186 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28185 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28184 (The Active Directory configuration function in ASUS BMCs firmwa ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28183 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28182 (The Web Service configuration function in ASUS BMCs firmware We ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28181 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28180 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28179 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28178 (The UEFI configuration function in ASUS BMCs firmware Web manag ...) -
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-30151/ruby-sidekiq
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e7160347 by Salvatore Bonaccorso at 2021-04-06T10:17:24+02:00 Add CVE-2021-30151/ruby-sidekiq - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,7 +17,8 @@ CVE-2021-30153 CVE-2021-30152 RESERVED CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...) - TODO: check + - ruby-sidekiq + NOTE: https://github.com/mperham/sidekiq/issues/4852 CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script. ...) TODO: check CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e71603472cb286b327dbf5d86947f572f8833e99 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e71603472cb286b327dbf5d86947f572f8833e99 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ddbe70f8 by security tracker role at 2021-04-06T08:10:31+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,65 @@ +CVE-2021-30160 + RESERVED +CVE-2021-30159 + RESERVED +CVE-2021-30158 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + TODO: check +CVE-2021-30157 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + TODO: check +CVE-2021-30156 + RESERVED +CVE-2021-30155 + RESERVED +CVE-2021-30154 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + TODO: check +CVE-2021-30153 + RESERVED +CVE-2021-30152 + RESERVED +CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...) + TODO: check +CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script. ...) + TODO: check +CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files. ...) + TODO: check +CVE-2021-30148 + RESERVED +CVE-2021-30147 + RESERVED +CVE-2021-30146 + RESERVED +CVE-2021-30145 + RESERVED +CVE-2021-30144 (The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileg ...) + TODO: check +CVE-2021-30143 + RESERVED +CVE-2021-30142 + RESERVED +CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica through 202 ...) + TODO: check +CVE-2021-30140 + RESERVED +CVE-2021-30139 + RESERVED +CVE-2021-30138 + RESERVED +CVE-2021-30137 + RESERVED +CVE-2021-30136 + RESERVED +CVE-2021-30135 + RESERVED +CVE-2021-30134 + RESERVED +CVE-2021-30133 + RESERVED +CVE-2021-30132 + RESERVED +CVE-2021-30131 + RESERVED +CVE-2021-30130 + RESERVED CVE-2021-30129 RESERVED CVE-2021-30128 @@ -374,6 +436,7 @@ CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899 CVE-2021-3482 [heap-based buffer overflow in Jp2Image::readMetadata() in jp2image.cpp] + RESERVED - exiv2 NOTE: https://github.com/Exiv2/exiv2/issues/1522 CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file] @@ -4190,76 +4253,76 @@ CVE-2021-28210 [unlimited FV recursion, round 2] NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1743 NOTE: https://github.com/tianocore/edk2/pull/1137 NOTE: https://github.com/tianocore/edk2/commit/47343af30435302c087027177613412a1a83e919 -CVE-2021-28209 - RESERVED -CVE-2021-28208 - RESERVED -CVE-2021-28207 - RESERVED -CVE-2021-28206 - RESERVED -CVE-2021-28205 - RESERVED -CVE-2021-28204 - RESERVED -CVE-2021-28203 - RESERVED -CVE-2021-28202 - RESERVED -CVE-2021-28201 - RESERVED -CVE-2021-28200 - RESERVED -CVE-2021-28199 - RESERVED -CVE-2021-28198 - RESERVED -CVE-2021-28197 - RESERVED -CVE-2021-28196 - RESERVED -CVE-2021-28195 - RESERVED -CVE-2021-28194 - RESERVED -CVE-2021-28193 - RESERVED -CVE-2021-28192 - RESERVED -CVE-2021-28191 - RESERVED -CVE-2021-28190 - RESERVED -CVE-2021-28189 - RESERVED -CVE-2021-28188 - RESERVED -CVE-2021-28187 - RESERVED -CVE-2021-28186 - RESERVED -CVE-2021-28185 - RESERVED -CVE-2021-28184 - RESERVED -CVE-2021-28183 - RESERVED -CVE-2021-28182 - RESERVED -CVE-2021-28181 - RESERVED -CVE-2021-28180 - RESERVED -CVE-2021-28179 - RESERVED -CVE-2021-28178 - RESERVED -CVE-2021-28177 - RESERVED -CVE-2021-28176 - RESERVED -CVE-2021-28175 - RESERVED +CVE-2021-28209 (The specific function in ASUS BMCs firmware Web management page ...) + TODO: check +CVE-2021-28208 (The specific function in ASUS BMCs firmware Web management page ...) + TODO: check +CVE-2021-28207 (The specific function in ASUS BMCs firmware Web management page ...) + TODO: check +CVE-2021-28206 (The specific function in ASUS BMCs firmware Web management page ...) + TODO: check +CVE-2021-28205 (The specific function in ASUS BMCs firmware Web management page ...) + TODO: check +CVE-2021-28204 (The specific function in ASUS BMCs firmware Web management page ...) + TODO: check +CVE-2021-28203 (The Web Set Media Image function in ASUS BMCs firmware Web mana ...) + TODO: check +CVE-2021-28202 (The Service configuration-2 function in ASUS BMCs firmware Web ...) + TODO: check +CVE-2021-28201 (The Service configuration-1 function in ASUS BMCs firmware Web ...) + TODO: check +CVE-2021-28200 (The CD media configuration function in ASUS BMCs
[Git][security-tracker-team/security-tracker][master] CVE-2021-29662: Add reference to blogpost
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e13204d by Salvatore Bonaccorso at 2021-04-06T09:34:30+02:00 CVE-2021-29662: Add reference to blogpost - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1526,6 +1526,7 @@ CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafte CVE-2021-29662 (The Data::Validate::IP module through 0.29 for Perl does not properly ...) - libdata-validate-ip-perl NOTE: Documentation update: https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e + NOTE: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ CVE-2021-29424 (The Net::Netmask module before 2. for Perl does not properly consi ...) - libnet-netmask-perl (bug #986135) [buster] - libnet-netmask-perl (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e13204db6b20fcd03e8b8013fe2c1cdd48c24a7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e13204db6b20fcd03e8b8013fe2c1cdd48c24a7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-20307/libpano13
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d0a112b by Salvatore Bonaccorso at 2021-04-06T09:01:52+02:00 Add CVE-2021-20307/libpano13 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23585,6 +23585,9 @@ CVE-2021-20308 NOTE: https://github.com/michaelrsweet/htmldoc/issues/423 CVE-2021-20307 RESERVED + - libpano13 2.9.20~rc3+dfsg-1 (bug #985249) + [buster] - libpano13 2.9.19+dfsg-3+deb10u1 + NOTE: https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/ CVE-2021-20306 RESERVED CVE-2021-20305 [Out of Bound memory access in signature verification] View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d0a112b1918764943071e1b6dadecaa9c1243ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d0a112b1918764943071e1b6dadecaa9c1243ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-20308/htmldoc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 23489423 by Salvatore Bonaccorso at 2021-04-06T08:58:46+02:00 Add CVE-2021-20308/htmldoc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23581,6 +23581,8 @@ CVE-2021-20309 RESERVED CVE-2021-20308 RESERVED + - htmldoc + NOTE: https://github.com/michaelrsweet/htmldoc/issues/423 CVE-2021-20307 RESERVED CVE-2021-20306 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/234894238680a2b8d07b366fde18f207b75a4879 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/234894238680a2b8d07b366fde18f207b75a4879 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-21416/python-django-registration
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ed868b3 by Salvatore Bonaccorso at 2021-04-06T08:54:00+02:00 Add CVE-2021-21416/python-django-registration - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20916,7 +20916,8 @@ CVE-2021-21418 (ps_emailsubscription is a newsletter subscription module for the CVE-2021-21417 RESERVED CVE-2021-21416 (django-registration is a user registration package for Django. The dja ...) - TODO: check + - python-django-registration + NOTE: https://github.com/ubernostrum/django-registration/security/advisories/GHSA-58c7-px5v-82hh CVE-2021-21415 RESERVED CVE-2021-21414 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ed868b3bb8e5e24e2ebdb72c601a651d9c58d26 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ed868b3bb8e5e24e2ebdb72c601a651d9c58d26 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-22135/elasticsearch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b0ceb0d by Salvatore Bonaccorso at 2021-04-06T08:52:12+02:00 Add CVE-2021-22135/elasticsearch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18198,6 +18198,7 @@ CVE-2021-22136 - kibana (bug #700337) CVE-2021-22135 RESERVED + - elasticsearch CVE-2021-22134 (A document disclosure flaw was found in Elasticsearch versions after 7 ...) - elasticsearch CVE-2021-22133 (The Elastic APM agent for Go versions before 1.11.0 can leak sensitive ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b0ceb0d6cd9ce68dca3416241144cfac86f2092 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b0ceb0d6cd9ce68dca3416241144cfac86f2092 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-22136/kibana, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e8eaa027 by Salvatore Bonaccorso at 2021-04-06T08:50:13+02:00 Add CVE-2021-22136/kibana, itped - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18195,6 +18195,7 @@ CVE-2021-22137 - elasticsearch CVE-2021-22136 RESERVED + - kibana (bug #700337) CVE-2021-22135 RESERVED CVE-2021-22134 (A document disclosure flaw was found in Elasticsearch versions after 7 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8eaa027ae8d922f61eb89767dee8d8fa522a6d6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8eaa027ae8d922f61eb89767dee8d8fa522a6d6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-22137/elasticsearch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 52959b47 by Salvatore Bonaccorso at 2021-04-06T08:49:23+02:00 Add CVE-2021-22137/elasticsearch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18192,6 +18192,7 @@ CVE-2021-22138 RESERVED CVE-2021-22137 RESERVED + - elasticsearch CVE-2021-22136 RESERVED CVE-2021-22135 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52959b47892d427ff371536a57c822961fb00ce5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52959b47892d427ff371536a57c822961fb00ce5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-28163/jetty9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: caf6337a by Salvatore Bonaccorso at 2021-04-06T08:48:36+02:00 Add CVE-2021-28163/jetty9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4284,7 +4284,8 @@ CVE-2021-28164 (In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the defau - jetty9 NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5 CVE-2021-28163 (In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0. ...) - TODO: check + - jetty9 + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq CVE-2021-28162 (In Eclipse Theia versions up to and including 0.16.0, in the notificat ...) NOT-FOR-US: Eclipse Theia CVE-2021-28161 (In Eclipse Theia versions up to and including 1.8.0, in the debug cons ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caf6337a74082518afb6e1c30609f0f46bcbc116 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caf6337a74082518afb6e1c30609f0f46bcbc116 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-28164/jetty9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 67daf3d9 by Salvatore Bonaccorso at 2021-04-06T08:47:01+02:00 Add CVE-2021-28164/jetty9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4281,7 +4281,8 @@ CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 1 - jetty9 NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w CVE-2021-28164 (In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default com ...) - TODO: check + - jetty9 + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5 CVE-2021-28163 (In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0. ...) TODO: check CVE-2021-28162 (In Eclipse Theia versions up to and including 0.16.0, in the notificat ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67daf3d92de74e77af8d8d3dfb6b2c4804ff8d58 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67daf3d92de74e77af8d8d3dfb6b2c4804ff8d58 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-28165/jetty9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 49dd96a0 by Salvatore Bonaccorso at 2021-04-06T08:45:19+02:00 Add CVE-2021-28165/jetty9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4278,7 +4278,8 @@ CVE-2021-28167 CVE-2021-28166 RESERVED CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0. ...) - TODO: check + - jetty9 + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w CVE-2021-28164 (In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default com ...) TODO: check CVE-2021-28163 (In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49dd96a04072c4a55f80c7d9ad4b284bf030b1c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49dd96a04072c4a55f80c7d9ad4b284bf030b1c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3482/exiv2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aa07d711 by Salvatore Bonaccorso at 2021-04-06T08:43:40+02:00 Add CVE-2021-3482/exiv2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -373,6 +373,9 @@ CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899 +CVE-2021-3482 [heap-based buffer overflow in Jp2Image::readMetadata() in jp2image.cpp] + - exiv2 + NOTE: https://github.com/Exiv2/exiv2/issues/1522 CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file] RESERVED - qtsvg-opensource-src View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa07d7114d53cdf5de7ef73776c6c353fc227bf4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa07d7114d53cdf5de7ef73776c6c353fc227bf4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8970efd9 by Salvatore Bonaccorso at 2021-04-06T08:42:20+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -91102,7 +91102,7 @@ CVE-2020-4999 CVE-2020-4998 RESERVED CVE-2020-4997 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4996 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...) NOT-FOR-US: IBM CVE-2020-4995 (IBM Security Identity Governance and Intelligence 5.2.6 does not inval ...) @@ -91512,7 +91512,7 @@ CVE-2020-4794 (IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Bu CVE-2020-4793 RESERVED CVE-2020-4792 (IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4791 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...) NOT-FOR-US: IBM CVE-2020-4790 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8970efd93b66ae4c1efb91492706f56e41452e27 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8970efd93b66ae4c1efb91492706f56e41452e27 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f69ab45d by Moritz Muehlenhoff at 2021-04-06T08:39:59+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -109,7 +109,7 @@ CVE-2021-30076 CVE-2021-30075 RESERVED CVE-2021-30074 (docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the s ...) - TODO: check + NOT-FOR-US: docsify CVE-2021-30073 RESERVED CVE-2021-30072 (An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. ...) @@ -264,7 +264,7 @@ CVE-2021-29998 CVE-2021-29997 RESERVED CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command execution. ...) - TODO: check + NOT-FOR-US: marktext CVE-2021-29995 RESERVED CVE-2021-29994 @@ -393,30 +393,30 @@ CVE-2021-29942 (An issue was discovered in the reorder crate through 2021-02-24 CVE-2021-29941 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...) NOT-FOR-US: reorder crate CVE-2021-29940 (An issue was discovered in the through crate through 2021-02-18 for Ru ...) - TODO: check + NOT-FOR-US: Rust crate through CVE-2021-29939 (An issue was discovered in the stackvector crate through 2021-02-19 fo ...) - rust-stackvector NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0048.html CVE-2021-29938 (An issue was discovered in the slice-deque crate through 2021-02-19 fo ...) - TODO: check + NOT-FOR-US: Rust crate slice-deque CVE-2021-29937 (An issue was discovered in the telemetry crate through 2021-02-17 for ...) - TODO: check + NOT-FOR-US: Rust crate telemetry CVE-2021-29936 (An issue was discovered in the adtensor crate through 2021-01-11 for R ...) - TODO: check + NOT-FOR-US: Rust crate adtensor CVE-2021-29935 (An issue was discovered in the rocket crate before 0.4.7 for Rust. uri ...) - TODO: check + NOT-FOR-US: Rust crate rocket CVE-2021-29934 (An issue was discovered in PartialReader in the uu_od crate before 0.0 ...) - TODO: check + NOT-FOR-US: Rust crate uu_od CVE-2021-29933 (An issue was discovered in the insert_many crate through 2021-01-26 fo ...) - TODO: check + NOT-FOR-US: Rust crate insert_many CVE-2021-29932 (An issue was discovered in the parse_duration crate through 2021-03-18 ...) - TODO: check + NOT-FOR-US: Rust crate parse_duration CVE-2021-29931 (An issue was discovered in the arenavec crate through 2021-01-12 for R ...) - TODO: check + NOT-FOR-US: Rust crate arenavec CVE-2021-29930 (An issue was discovered in the arenavec crate through 2021-01-12 for R ...) - TODO: check + NOT-FOR-US: Rust crate arenavec CVE-2021-29929 (An issue was discovered in the endian_trait crate through 2021-01-04 f ...) - TODO: check + NOT-FOR-US: Rust crate endian_trait CVE-2021-29928 RESERVED CVE-2021-29927 @@ -1551,7 +1551,7 @@ CVE-2021-29420 CVE-2021-29419 RESERVED CVE-2021-29418 (The netmask package before 2.0.1 for Node.js mishandles certain unexpe ...) - TODO: check + NOT-FOR-US: Node netmask CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: gitjacker CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...) @@ -2829,7 +2829,7 @@ CVE-2021-28834 (Kramdown before 2.3.1 does not restrict Rouge formatters to the CVE-2021-28833 RESERVED CVE-2021-28832 (VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via ...) - TODO: check + NOT-FOR-US: VSCodeVim CVE-2021-28831 (decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit ...) {DLA-2614-1} - busybox (bug #985674) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f69ab45d28b90637e4672b4e1c79ab64951107d8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f69ab45d28b90637e4672b4e1c79ab64951107d8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits