[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim ruby-activerecord-session-store
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 47df9443 by Abhijith PA at 2021-04-07T10:36:50+05:30 data/dla-needed.txt: Claim ruby-activerecord-session-store - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -99,7 +99,7 @@ ruby-actionpack-page-caching NOTE: 20200819: uses the path without normalising any "../" etc., simply NOTE: 20200819: URI.parser.unescap-ing it. Requires more investigation. (lamby) -- -ruby-activerecord-session-store +ruby-activerecord-session-store (Abhijith PA) -- ruby-carrierwave NOTE: 20210320: Will be difficult to backport as code in LTS version appears View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47df94432b073f5b53ccdc7809a94df722084d88 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47df94432b073f5b53ccdc7809a94df722084d88 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f125eb44 by Salvatore Bonaccorso at 2021-04-06T22:27:35+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -299,9 +299,9 @@ CVE-2021-30048 CVE-2021-30047 RESERVED CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmentation f ...) - TODO: check + NOT-FOR-US: VIGRA Computer Vision Library CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: SerenityOS CVE-2021-30044 RESERVED CVE-2021-30043 @@ -1174,9 +1174,9 @@ CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11. tipc [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/0217ed2848e8538bcf9172d97ed2eeb4a26041bb CVE-2020-36285 (Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Impro ...) - TODO: check + NOT-FOR-US: Union Pay CVE-2020-36284 (Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper ...) - TODO: check + NOT-FOR-US: Union Pay CVE-2021-3480 RESERVED CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in versions bef ...) @@ -2886,7 +2886,7 @@ CVE-2021-28876 CVE-2021-28875 RESERVED CVE-2021-28874 (SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contai ...) - TODO: check + NOT-FOR-US: SerenityOS CVE-2021-28873 RESERVED CVE-2021-28872 @@ -4404,11 +4404,11 @@ CVE-2021-28175 (The Radius configuration function in ASUS BMCs firmware W CVE-2021-28174 RESERVED CVE-2021-28173 (The file upload function of Vangene deltaFlow E-platform does not perf ...) - TODO: check + NOT-FOR-US: Vangene deltaFlow E-platform CVE-2021-28172 (There is a Path Traversal vulnerability in the file download function ...) - TODO: check + NOT-FOR-US: Vangene deltaFlow E-platform CVE-2021-28171 (The Vangene deltaFlow E-platform does not take properly protective mea ...) - TODO: check + NOT-FOR-US: Vangene deltaFlow E-platform CVE-2021-28170 RESERVED CVE-2021-28169 @@ -4527,7 +4527,7 @@ CVE-2021-28144 (prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows re CVE-2021-28143 (/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated ...) NOT-FOR-US: D-Link CVE-2021-28142 (CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete." ...) - TODO: check + NOT-FOR-US: CITSmart CVE-2021-28141 (** DISPUTED ** An issue was discovered in Progress Telerik UI for ASP. ...) NOT-FOR-US: Telerik CVE-2021-28140 @@ -4754,7 +4754,7 @@ CVE-2021-28077 CVE-2021-28076 RESERVED CVE-2021-28075 (iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulner ...) - TODO: check + NOT-FOR-US: iKuaiOS CVE-2021-28074 RESERVED CVE-2021-28073 @@ -5624,9 +5624,9 @@ CVE-2021-27700 CVE-2021-27699 RESERVED CVE-2021-27698 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/g ...) - TODO: check + NOT-FOR-US: RIOT RIOT-OS CVE-2021-27697 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gn ...) - TODO: check + NOT-FOR-US: RIOT RIOT-OS CVE-2021-27696 RESERVED CVE-2021-27695 (Multiple stored cross-site scripting (XSS) vulnerabilities in openMAIN ...) @@ -6376,7 +6376,7 @@ CVE-2021-27359 CVE-2021-27358 (The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unaut ...) - grafana CVE-2021-27357 (RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/g ...) - TODO: check + NOT-FOR-US: RIOT RIOT-OS CVE-2021-27356 RESERVED CVE-2021-27355 @@ -6409,7 +6409,7 @@ CVE-2021-27345 CVE-2021-27344 RESERVED CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: ...) - TODO: check + NOT-FOR-US: SerenityOS CVE-2021-27342 RESERVED CVE-2021-27341 @@ -7599,7 +7599,7 @@ CVE-2021-26835 CVE-2021-26834 RESERVED CVE-2021-26833 (Code Execution vulnerability in Profile Picture upload in TimelyBills ...) - TODO: check + NOT-FOR-US: TimelyBills App Budget, Expense tracker & Bills CVE-2021-26832 RESERVED CVE-2021-26831 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f125eb4485f836e54b78e05ddb5ed5885ec2e8bd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f125eb4485f836e54b78e05ddb5ed5885ec2e8bd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-30130/phpseclib
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f5c5845a by Salvatore Bonaccorso at 2021-04-06T22:26:45+02:00 Add CVE-2021-30130/phpseclib - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -130,7 +130,8 @@ CVE-2021-30132 CVE-2021-30131 RESERVED CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...) - TODO: check + - phpseclib + NOTE: https://github.com/phpseclib/phpseclib/pull/1635 CVE-2021-30129 RESERVED CVE-2021-30128 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5c5845a7e160ef067971b0142cb57b9e9c61198 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5c5845a7e160ef067971b0142cb57b9e9c61198 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new redmine issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2aec5129 by Salvatore Bonaccorso at 2021-04-06T22:22:23+02:00 Add new redmine issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,9 +29,11 @@ CVE-2021-30166 CVE-2021-30165 RESERVED CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...) - TODO: check + - redmine + TODO: check fixing commit, fixed in 4.0.8 CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...) - TODO: check + - redmine + TODO: check fixing commit, fixed in 4.0.8 CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 4.4 throu ...) NOT-FOR-US: LG mobile devices CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...) @@ -55,13 +57,17 @@ CVE-2021-23158 CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...) TODO: check CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discov ...) - TODO: check + - redmine 4.0.7-1 + TODO: check fixing commit, fixed in 4.0.7 CVE-2020-36307 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile ...) - TODO: check + - redmine 4.0.7-1 + TODO: check fixing commit, fixed in 4.0.7 CVE-2020-36306 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url f ...) - TODO: check + - redmine 4.0.7-1 + TODO: check fixing commit, fixed in 4.0.7 CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data duri ...) - TODO: check + - redmine 4.0.6-1 + TODO: check fixing commit, fixed in 4.0.6 CVE-2021-30160 RESERVED CVE-2021-30159 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2aec51292b89493873214092d0c056ec874a391c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2aec51292b89493873214092d0c056ec874a391c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 453bf7d0 by Salvatore Bonaccorso at 2021-04-06T22:18:40+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33,9 +33,9 @@ CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...) TODO: check CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 4.4 throu ...) - TODO: check + NOT-FOR-US: LG mobile devices CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...) - TODO: check + NOT-FOR-US: LG mobile devices CVE-2021-26948 RESERVED CVE-2021-26259 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/453bf7d04400728acdeef059a2765d4f9a5696b1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/453bf7d04400728acdeef059a2765d4f9a5696b1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fa58a1cf by security tracker role at 2021-04-06T20:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,67 @@ +CVE-2021-3484 + RESERVED +CVE-2021-3483 + RESERVED +CVE-2021-30177 + RESERVED +CVE-2021-30176 + RESERVED +CVE-2021-30175 + RESERVED +CVE-2021-30174 + RESERVED +CVE-2021-30173 + RESERVED +CVE-2021-30172 + RESERVED +CVE-2021-30171 + RESERVED +CVE-2021-30170 + RESERVED +CVE-2021-30169 + RESERVED +CVE-2021-30168 + RESERVED +CVE-2021-30167 + RESERVED +CVE-2021-30166 + RESERVED +CVE-2021-30165 + RESERVED +CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...) + TODO: check +CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...) + TODO: check +CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 4.4 throu ...) + TODO: check +CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...) + TODO: check +CVE-2021-26948 + RESERVED +CVE-2021-26259 + RESERVED +CVE-2021-26252 + RESERVED +CVE-2021-23206 + RESERVED +CVE-2021-23191 + RESERVED +CVE-2021-23180 + RESERVED +CVE-2021-23165 + RESERVED +CVE-2021-23158 + RESERVED +CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...) + TODO: check +CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discov ...) + TODO: check +CVE-2020-36307 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile ...) + TODO: check +CVE-2020-36306 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url f ...) + TODO: check +CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data duri ...) + TODO: check CVE-2021-30160 RESERVED CVE-2021-30159 @@ -27,8 +91,8 @@ CVE-2021-30148 RESERVED CVE-2021-30147 RESERVED -CVE-2021-30146 - RESERVED +CVE-2021-30146 (Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library f ...) + TODO: check CVE-2021-30145 RESERVED CVE-2021-30144 (The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileg ...) @@ -39,8 +103,8 @@ CVE-2021-30142 RESERVED CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica through 202 ...) NOT-FOR-US: Friendica -CVE-2021-30140 - RESERVED +CVE-2021-30140 (LiquidFiles 3.4.15 has stored XSS through the "send email" functionali ...) + TODO: check CVE-2021-30139 RESERVED CVE-2021-30138 @@ -59,8 +123,8 @@ CVE-2021-30132 RESERVED CVE-2021-30131 RESERVED -CVE-2021-30130 - RESERVED +CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...) + TODO: check CVE-2021-30129 RESERVED CVE-2021-30128 @@ -227,10 +291,10 @@ CVE-2021-30048 RESERVED CVE-2021-30047 RESERVED -CVE-2021-30046 - RESERVED -CVE-2021-30045 - RESERVED +CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmentation f ...) + TODO: check +CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the ...) + TODO: check CVE-2021-30044 RESERVED CVE-2021-30043 @@ -1102,10 +1166,10 @@ CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11. tipc [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/0217ed2848e8538bcf9172d97ed2eeb4a26041bb -CVE-2020-36285 - RESERVED -CVE-2020-36284 - RESERVED +CVE-2020-36285 (Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Impro ...) + TODO: check +CVE-2020-36284 (Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper ...) + TODO: check CVE-2021-3480 RESERVED CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in versions bef ...) @@ -2234,8 +2298,7 @@ CVE-2021-29138 RESERVED CVE-2021-29137 RESERVED -CVE-2021-29136 - RESERVED +CVE-2021-29136 (Open Container Initiative umoci before 0.4.7 allows attackers to overw ...) - umoci 0.4.7+ds-1 NOTE: https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v NOTE: https://github.com/opencontainers/umoci/commit/d9efc31daf2206f7d3fdb839863cf7a576a2eb57 (v0.4.7) @@ -2815,8 +2878,8 @@ CVE-2021-28876 RESERVED CVE-2021-28875 RESERVED -CVE-2021-28874 - RESERVED +CVE-2021-28874 (SerenityOS fixed as of
[Git][security-tracker-team/security-tracker][master] CVE-2021-29136: directly reference the fixing commit
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ef6f2afb by Salvatore Bonaccorso at 2021-04-06T22:08:42+02:00 CVE-2021-29136: directly reference the fixing commit - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2238,7 +2238,7 @@ CVE-2021-29136 RESERVED - umoci 0.4.7+ds-1 NOTE: https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v - NOTE: https://github.com/opencontainers/umoci/commit/9b9c3cae049b1c79974ad54f1822a8a58d77ad32 + NOTE: https://github.com/opencontainers/umoci/commit/d9efc31daf2206f7d3fdb839863cf7a576a2eb57 (v0.4.7) CVE-2021-29135 RESERVED CVE-2020-36283 (HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef6f2afb00050b77ef6ebe5dcec0a6cd3b7a8275 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef6f2afb00050b77ef6ebe5dcec0a6cd3b7a8275 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add GHSA reference for CVE-2021-29136
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ee8b16d by Salvatore Bonaccorso at 2021-04-06T22:07:22+02:00 Add GHSA reference for CVE-2021-29136 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2237,6 +2237,7 @@ CVE-2021-29137 CVE-2021-29136 RESERVED - umoci 0.4.7+ds-1 + NOTE: https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v NOTE: https://github.com/opencontainers/umoci/commit/9b9c3cae049b1c79974ad54f1822a8a58d77ad32 CVE-2021-29135 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ee8b16d3fa5e66f93bf740ab44813630bb757ae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ee8b16d3fa5e66f93bf740ab44813630bb757ae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-28851/golang-golang-x-text
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 317856f8 by Salvatore Bonaccorso at 2021-04-06T20:52:05+02:00 Add CVE-2020-28851/golang-golang-x-text - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29485,7 +29485,7 @@ CVE-2020-28852 (In x/text in Go before v0.3.5, a "slice bounds out of range" pan NOTE: https://github.com/golang/go/issues/42536 NOTE: https://github.com/golang/text/commit/4482a914f52311356f6f4b7a695d4075ca22c0c6 (v0.3.5) CVE-2020-28851 (In x/text in Go 1.15.4, an "index out of range" panic occurs in langua ...) - - golang-golang-x-text (bug #980001) + - golang-golang-x-text 0.3.6-1 (bug #980001) - golang-x-text NOTE: https://github.com/golang/go/issues/42535 CVE-2020-28850 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/317856f840b441f3f2d58a11d8d8b80bef6bfef4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/317856f840b441f3f2d58a11d8d8b80bef6bfef4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Associate umoci issue to CVE-2021-29136
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1e722aa7 by Salvatore Bonaccorso at 2021-04-06T20:41:48+02:00 Associate umoci issue to CVE-2021-29136 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2236,10 +2236,10 @@ CVE-2021-29137 RESERVED CVE-2021-29136 RESERVED -CVE-2021-29135 - RESERVED - umoci 0.4.7+ds-1 NOTE: https://github.com/opencontainers/umoci/commit/9b9c3cae049b1c79974ad54f1822a8a58d77ad32 +CVE-2021-29135 + RESERVED CVE-2020-36283 (HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when ...) NOT-FOR-US: HID OMNIKEY 5427 and OMNIKEY 5127 readers CVE-2021-3464 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e722aa74bffaf682c043a231f2c7e31b566 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e722aa74bffaf682c043a231f2c7e31b566 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new umoci issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c5e95178 by Moritz Muehlenhoff at 2021-04-06T19:33:23+02:00 new umoci issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2238,6 +2238,8 @@ CVE-2021-29136 RESERVED CVE-2021-29135 RESERVED + - umoci 0.4.7+ds-1 + NOTE: https://github.com/opencontainers/umoci/commit/9b9c3cae049b1c79974ad54f1822a8a58d77ad32 CVE-2020-36283 (HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when ...) NOT-FOR-US: HID OMNIKEY 5427 and OMNIKEY 5127 readers CVE-2021-3464 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5e951781c0a01c2fee4951dc25c8abffdaecc44 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5e951781c0a01c2fee4951dc25c8abffdaecc44 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] buster triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cfb4f210 by Moritz Muehlenhoff at 2021-04-06T19:31:23+02:00
buster triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=
data/CVE/list
=
@@ -439,6 +439,7 @@ CVE-2021-30002 (An issue was discovered in the Linux kernel
before 5.11.3 when a
CVE-2021-3482 [heap-based buffer overflow in Jp2Image::readMetadata() in
jp2image.cpp]
RESERVED
- exiv2
+ [buster] - exiv2 (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/1522
CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted
svg file]
RESERVED
@@ -1962,6 +1963,7 @@ CVE-2021-3469
CVE-2021-3468 [Local DoS by event-busy-loop from writing long lines to
/run/avahi-daemon/socket]
RESERVED
- avahi (bug #984938)
+ [buster] - avahi (Minor issue)
NOTE: https://github.com/lathiat/avahi/pull/330
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3
CVE-2021-29262
@@ -15661,6 +15663,7 @@ CVE-2021-23336 (The package python/cpython from 0 and
before 3.6.13, from 3.7.0
- python3.5
- python2.7
[bullseye] - python2.7 (Python 2.7 in Bullseye not covered by
security support)
+ [buster] - python2.7 (Minor issue)
- pypy3 7.3.3+dfsg-3
[buster] - pypy3 (Minor issue)
NOTE: https://github.com/python/cpython/pull/24297
@@ -20130,6 +20133,7 @@ CVE-2020-35922 (An issue was discovered in the mio
crate before 0.7.6 for Rust.
TODO: check
CVE-2020-35920 (An issue was discovered in the socket2 crate before 0.3.16 for
Rust. I ...)
- rust-socket2 0.3.19-1
+ [buster] - rust-socket2 (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0079.html
NOTE: https://github.com/rust-lang/socket2-rs/issues/119
CVE-2020-35918 (An issue was discovered in the branca crate before 0.10.0 for
Rust. De ...)
@@ -23649,8 +23653,9 @@ CVE-2021-20310
CVE-2021-20309
RESERVED
CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow
attackers ...)
- - htmldoc
+ - htmldoc (unimportant)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/423
+ NOTE: Crash in CLI tool, no security impact
CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in
libpano1 ...)
- libpano13 2.9.20~rc3+dfsg-1 (bug #985249)
[buster] - libpano13 2.9.19+dfsg-3+deb10u1
@@ -23659,6 +23664,7 @@ CVE-2021-20306
RESERVED
CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where
several Net ...)
- nettle 3.7.2-1 (bug #985652)
+ [buster] - nettle (Minor issue)
NOTE:
https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html
NOTE: New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical:
NOTE:
https://git.lysator.liu.se/nettle/nettle/-/commit/a63893791280d441c713293491da97c79c0950fe
@@ -23932,11 +23938,12 @@ CVE-2021-20244 (A flaw was found in ImageMagick in
MagickCore/visual-effects.c.
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d
NOTE: In IM6 the code seems to be in magick/fx.c
CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An
attacker wh ...)
- - imagemagick
+ - imagemagick
+ [bullseye] - imagemagick (Minor issue)
[buster] - imagemagick (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/3193
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/9751bd619872c8e58609fbed56c4827afa083b40
- TODO: check
+ NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745
(resize.c hunk)
CVE-2021-20242
REJECTED
CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker
who submi ...)
@@ -40200,6 +40207,7 @@ CVE-2020-25694 (A flaw was found in PostgreSQL versions
before 13.1, before 12.5
CVE-2020-25693 (A flaw was found in CImg in versions prior to 2.9.3. Integer
overflows ...)
{DLA-2462-1}
- cimg 2.9.4+dfsg-2 (bug #973770)
+ [buster] - cimg (Minor issue)
NOTE: https://github.com/dtschump/CImg/pull/295
NOTE: https://bugs.launchpad.net/ubuntu/+source/cimg/+bug/1900983
NOTE: Fixed by:
https://github.com/dtschump/CImg/commit/4f184f89f9ab6785a6c90fd238dbaa6d901d3505
@@ -70559,6 +70567,7 @@ CVE-2020-12365 (Untrusted pointer dereference in some
Intel(R) Graphics Drivers
CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for
Windows* ...)
- linux
- firmware-nonfree 20210208-1
+ [buster] - firmware-nonfree (Non-free not supported)
NOTE: Short of details:
[Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b42e575 by Michael Gilbert at 2021-04-06T13:34:50+00:00
chromium dsa
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[06 Apr 2021] DSA-4886-1 chromium - security update
+ {CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162
CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168
CVE-2021-21169 CVE-2021-21170 CVE-2021-21171 CVE-2021-21172 CVE-2021-21173
CVE-2021-21174 CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178
CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183
CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187 CVE-2021-21188
CVE-2021-21189 CVE-2021-21190 CVE-2021-21191 CVE-2021-21192 CVE-2021-21193
CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198
CVE-2021-21199}
+ [buster] - chromium 89.0.4389.114-1~deb10u1
[05 Apr 2021] DSA-4885-1 netty - security update
{CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 CVE-2020-11612
CVE-2021-21290 CVE-2021-21295 CVE-2021-21409}
[buster] - netty 1:4.1.33-1+deb10u2
=
data/dsa-needed.txt
=
@@ -14,9 +14,6 @@ If needed, specify the release by adding a slash after the
name of the source pa
--
condor
--
-chromium
- Package was prepared by Michel Le Bihan (already uploaded), needd review for
DSA release
---
knot-resolver
Santiago Ruano Rincón proposed a debdiff for review
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b42e575970ab2a544933c78d7d86670865dda0b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b42e575970ab2a544933c78d7d86670865dda0b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2620-1 for python-bleach
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c590998f by Chris Lamb at 2021-04-06T13:20:03+01:00
Reserve DLA-2620-1 for python-bleach
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[06 Apr 2021] DLA-2620-1 python-bleach - security update
+ {CVE-2021-23980}
+ [stretch] - python-bleach 2.0-1+deb9u1
[05 Apr 2021] DLA-2619-1 python3.5 - security update
{CVE-2021-3177 CVE-2021-3426 CVE-2021-23336}
[stretch] - python3.5 3.5.3-1+deb9u4
=
data/dla-needed.txt
=
@@ -85,8 +85,6 @@ opendmarc
--
php-pear (Sylvain Beucler)
--
-python-bleach (Chris Lamb)
---
python2.7 (Anton Gladky)
NOTE: 20210316: Same issue as python3.5 immediately below; suggest handled
by same maintainer. (lamby)
NOTE: 20210320: https://salsa.debian.org/lts-team/packages/python2.7 (gladk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c590998fb9e348ebe6ebf6f84a24478b60b429aa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c590998fb9e348ebe6ebf6f84a24478b60b429aa
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-28658/python-django via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2cb0b9dc by Salvatore Bonaccorso at 2021-04-06T13:24:45+02:00 Track fixed version for CVE-2021-28658/python-django via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3276,7 +3276,7 @@ CVE-2021-28659 RESERVED CVE-2021-28658 RESERVED - - python-django (bug #986447) + - python-django 2:2.2.20-1 (bug #986447) NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/ NOTE: https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd (main) NOTE: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 (2.2.20) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2cb0b9dc21047efc9bf2865e40104a3a9d648b56 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2cb0b9dc21047efc9bf2865e40104a3a9d648b56 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference commits for CVE-2021-28658/python-django
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ea600e14 by Salvatore Bonaccorso at 2021-04-06T10:51:28+02:00 Reference commits for CVE-2021-28658/python-django - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3278,6 +3278,8 @@ CVE-2021-28658 RESERVED - python-django (bug #986447) NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/ + NOTE: https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd (main) + NOTE: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 (2.2.20) CVE-2021-28657 (A carefully crafted or corrupt file may trigger an infinite loop in Ti ...) - tika NOTE: https://www.openwall.com/lists/oss-security/2021/03/30/3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea600e1456f431ed5ead4d7fa6598ad9d70ad031 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea600e1456f431ed5ead4d7fa6598ad9d70ad031 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-28658/python-django
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 47b54d26 by Salvatore Bonaccorso at 2021-04-06T10:49:02+02:00 Add CVE-2021-28658/python-django - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3276,6 +3276,8 @@ CVE-2021-28659 RESERVED CVE-2021-28658 RESERVED + - python-django (bug #986447) + NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/ CVE-2021-28657 (A carefully crafted or corrupt file may trigger an infinite loop in Ti ...) - tika NOTE: https://www.openwall.com/lists/oss-security/2021/03/30/3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47b54d261fb66019880ecdf7ccdb27028fab2d20 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47b54d261fb66019880ecdf7ccdb27028fab2d20 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 77f779d4 by Salvatore Bonaccorso at 2021-04-06T10:20:48+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -38,7 +38,7 @@ CVE-2021-30143 CVE-2021-30142 RESERVED CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica through 202 ...) - TODO: check + NOT-FOR-US: Friendica CVE-2021-30140 RESERVED CVE-2021-30139 @@ -4255,75 +4255,75 @@ CVE-2021-28210 [unlimited FV recursion, round 2] NOTE: https://github.com/tianocore/edk2/pull/1137 NOTE: https://github.com/tianocore/edk2/commit/47343af30435302c087027177613412a1a83e919 CVE-2021-28209 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28208 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28207 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28206 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28205 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28204 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28203 (The Web Set Media Image function in ASUS BMCs firmware Web mana ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28202 (The Service configuration-2 function in ASUS BMCs firmware Web ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28201 (The Service configuration-1 function in ASUS BMCs firmware Web ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28200 (The CD media configuration function in ASUS BMCs firmware Web m ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28199 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28198 (The Firmware protocol configuration function in ASUS BMCs firmw ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28197 (The Active Directory configuration function in ASUS BMCs firmwa ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28196 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28195 (The Radius configuration function in ASUS BMCs firmware Web man ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28194 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28193 (The SMTP configuration function in ASUS BMCs firmware Web manag ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28192 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28191 (The Firmware update function in ASUS BMCs firmware Web manageme ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28190 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28189 (The SMTP configuration function in ASUS BMCs firmware Web manag ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28188 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28187 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28186 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28185 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28184 (The Active Directory configuration function in ASUS BMCs firmwa ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28183 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28182 (The Web Service configuration function in ASUS BMCs firmware We ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28181 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28180 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28179 (The specific function in ASUS BMCs firmware Web management page ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-28178 (The UEFI configuration function in ASUS BMCs firmware Web manag ...) -
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-30151/ruby-sidekiq
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e7160347 by Salvatore Bonaccorso at 2021-04-06T10:17:24+02:00 Add CVE-2021-30151/ruby-sidekiq - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,7 +17,8 @@ CVE-2021-30153 CVE-2021-30152 RESERVED CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...) - TODO: check + - ruby-sidekiq + NOTE: https://github.com/mperham/sidekiq/issues/4852 CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script. ...) TODO: check CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e71603472cb286b327dbf5d86947f572f8833e99 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e71603472cb286b327dbf5d86947f572f8833e99 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ddbe70f8 by security tracker role at 2021-04-06T08:10:31+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,65 @@ +CVE-2021-30160 + RESERVED +CVE-2021-30159 + RESERVED +CVE-2021-30158 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + TODO: check +CVE-2021-30157 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + TODO: check +CVE-2021-30156 + RESERVED +CVE-2021-30155 + RESERVED +CVE-2021-30154 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + TODO: check +CVE-2021-30153 + RESERVED +CVE-2021-30152 + RESERVED +CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...) + TODO: check +CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script. ...) + TODO: check +CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files. ...) + TODO: check +CVE-2021-30148 + RESERVED +CVE-2021-30147 + RESERVED +CVE-2021-30146 + RESERVED +CVE-2021-30145 + RESERVED +CVE-2021-30144 (The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileg ...) + TODO: check +CVE-2021-30143 + RESERVED +CVE-2021-30142 + RESERVED +CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica through 202 ...) + TODO: check +CVE-2021-30140 + RESERVED +CVE-2021-30139 + RESERVED +CVE-2021-30138 + RESERVED +CVE-2021-30137 + RESERVED +CVE-2021-30136 + RESERVED +CVE-2021-30135 + RESERVED +CVE-2021-30134 + RESERVED +CVE-2021-30133 + RESERVED +CVE-2021-30132 + RESERVED +CVE-2021-30131 + RESERVED +CVE-2021-30130 + RESERVED CVE-2021-30129 RESERVED CVE-2021-30128 @@ -374,6 +436,7 @@ CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899 CVE-2021-3482 [heap-based buffer overflow in Jp2Image::readMetadata() in jp2image.cpp] + RESERVED - exiv2 NOTE: https://github.com/Exiv2/exiv2/issues/1522 CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file] @@ -4190,76 +4253,76 @@ CVE-2021-28210 [unlimited FV recursion, round 2] NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1743 NOTE: https://github.com/tianocore/edk2/pull/1137 NOTE: https://github.com/tianocore/edk2/commit/47343af30435302c087027177613412a1a83e919 -CVE-2021-28209 - RESERVED -CVE-2021-28208 - RESERVED -CVE-2021-28207 - RESERVED -CVE-2021-28206 - RESERVED -CVE-2021-28205 - RESERVED -CVE-2021-28204 - RESERVED -CVE-2021-28203 - RESERVED -CVE-2021-28202 - RESERVED -CVE-2021-28201 - RESERVED -CVE-2021-28200 - RESERVED -CVE-2021-28199 - RESERVED -CVE-2021-28198 - RESERVED -CVE-2021-28197 - RESERVED -CVE-2021-28196 - RESERVED -CVE-2021-28195 - RESERVED -CVE-2021-28194 - RESERVED -CVE-2021-28193 - RESERVED -CVE-2021-28192 - RESERVED -CVE-2021-28191 - RESERVED -CVE-2021-28190 - RESERVED -CVE-2021-28189 - RESERVED -CVE-2021-28188 - RESERVED -CVE-2021-28187 - RESERVED -CVE-2021-28186 - RESERVED -CVE-2021-28185 - RESERVED -CVE-2021-28184 - RESERVED -CVE-2021-28183 - RESERVED -CVE-2021-28182 - RESERVED -CVE-2021-28181 - RESERVED -CVE-2021-28180 - RESERVED -CVE-2021-28179 - RESERVED -CVE-2021-28178 - RESERVED -CVE-2021-28177 - RESERVED -CVE-2021-28176 - RESERVED -CVE-2021-28175 - RESERVED +CVE-2021-28209 (The specific function in ASUS BMCs firmware Web management page ...) + TODO: check +CVE-2021-28208 (The specific function in ASUS BMCs firmware Web management page ...) + TODO: check +CVE-2021-28207 (The specific function in ASUS BMCs firmware Web management page ...) + TODO: check +CVE-2021-28206 (The specific function in ASUS BMCs firmware Web management page ...) + TODO: check +CVE-2021-28205 (The specific function in ASUS BMCs firmware Web management page ...) + TODO: check +CVE-2021-28204 (The specific function in ASUS BMCs firmware Web management page ...) + TODO: check +CVE-2021-28203 (The Web Set Media Image function in ASUS BMCs firmware Web mana ...) + TODO: check +CVE-2021-28202 (The Service configuration-2 function in ASUS BMCs firmware Web ...) + TODO: check +CVE-2021-28201 (The Service configuration-1 function in ASUS BMCs firmware Web ...) + TODO: check +CVE-2021-28200 (The CD media configuration function in ASUS BMCs
[Git][security-tracker-team/security-tracker][master] CVE-2021-29662: Add reference to blogpost
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e13204d by Salvatore Bonaccorso at 2021-04-06T09:34:30+02:00 CVE-2021-29662: Add reference to blogpost - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1526,6 +1526,7 @@ CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafte CVE-2021-29662 (The Data::Validate::IP module through 0.29 for Perl does not properly ...) - libdata-validate-ip-perl NOTE: Documentation update: https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e + NOTE: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ CVE-2021-29424 (The Net::Netmask module before 2. for Perl does not properly consi ...) - libnet-netmask-perl (bug #986135) [buster] - libnet-netmask-perl (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e13204db6b20fcd03e8b8013fe2c1cdd48c24a7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e13204db6b20fcd03e8b8013fe2c1cdd48c24a7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-20307/libpano13
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d0a112b by Salvatore Bonaccorso at 2021-04-06T09:01:52+02:00 Add CVE-2021-20307/libpano13 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23585,6 +23585,9 @@ CVE-2021-20308 NOTE: https://github.com/michaelrsweet/htmldoc/issues/423 CVE-2021-20307 RESERVED + - libpano13 2.9.20~rc3+dfsg-1 (bug #985249) + [buster] - libpano13 2.9.19+dfsg-3+deb10u1 + NOTE: https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/ CVE-2021-20306 RESERVED CVE-2021-20305 [Out of Bound memory access in signature verification] View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d0a112b1918764943071e1b6dadecaa9c1243ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d0a112b1918764943071e1b6dadecaa9c1243ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-20308/htmldoc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 23489423 by Salvatore Bonaccorso at 2021-04-06T08:58:46+02:00 Add CVE-2021-20308/htmldoc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23581,6 +23581,8 @@ CVE-2021-20309 RESERVED CVE-2021-20308 RESERVED + - htmldoc + NOTE: https://github.com/michaelrsweet/htmldoc/issues/423 CVE-2021-20307 RESERVED CVE-2021-20306 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/234894238680a2b8d07b366fde18f207b75a4879 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/234894238680a2b8d07b366fde18f207b75a4879 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-21416/python-django-registration
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ed868b3 by Salvatore Bonaccorso at 2021-04-06T08:54:00+02:00 Add CVE-2021-21416/python-django-registration - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20916,7 +20916,8 @@ CVE-2021-21418 (ps_emailsubscription is a newsletter subscription module for the CVE-2021-21417 RESERVED CVE-2021-21416 (django-registration is a user registration package for Django. The dja ...) - TODO: check + - python-django-registration + NOTE: https://github.com/ubernostrum/django-registration/security/advisories/GHSA-58c7-px5v-82hh CVE-2021-21415 RESERVED CVE-2021-21414 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ed868b3bb8e5e24e2ebdb72c601a651d9c58d26 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ed868b3bb8e5e24e2ebdb72c601a651d9c58d26 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-22135/elasticsearch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b0ceb0d by Salvatore Bonaccorso at 2021-04-06T08:52:12+02:00 Add CVE-2021-22135/elasticsearch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18198,6 +18198,7 @@ CVE-2021-22136 - kibana (bug #700337) CVE-2021-22135 RESERVED + - elasticsearch CVE-2021-22134 (A document disclosure flaw was found in Elasticsearch versions after 7 ...) - elasticsearch CVE-2021-22133 (The Elastic APM agent for Go versions before 1.11.0 can leak sensitive ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b0ceb0d6cd9ce68dca3416241144cfac86f2092 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b0ceb0d6cd9ce68dca3416241144cfac86f2092 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-22136/kibana, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e8eaa027 by Salvatore Bonaccorso at 2021-04-06T08:50:13+02:00 Add CVE-2021-22136/kibana, itped - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18195,6 +18195,7 @@ CVE-2021-22137 - elasticsearch CVE-2021-22136 RESERVED + - kibana (bug #700337) CVE-2021-22135 RESERVED CVE-2021-22134 (A document disclosure flaw was found in Elasticsearch versions after 7 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8eaa027ae8d922f61eb89767dee8d8fa522a6d6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8eaa027ae8d922f61eb89767dee8d8fa522a6d6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-22137/elasticsearch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 52959b47 by Salvatore Bonaccorso at 2021-04-06T08:49:23+02:00 Add CVE-2021-22137/elasticsearch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18192,6 +18192,7 @@ CVE-2021-22138 RESERVED CVE-2021-22137 RESERVED + - elasticsearch CVE-2021-22136 RESERVED CVE-2021-22135 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52959b47892d427ff371536a57c822961fb00ce5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52959b47892d427ff371536a57c822961fb00ce5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-28163/jetty9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: caf6337a by Salvatore Bonaccorso at 2021-04-06T08:48:36+02:00 Add CVE-2021-28163/jetty9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4284,7 +4284,8 @@ CVE-2021-28164 (In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the defau - jetty9 NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5 CVE-2021-28163 (In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0. ...) - TODO: check + - jetty9 + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq CVE-2021-28162 (In Eclipse Theia versions up to and including 0.16.0, in the notificat ...) NOT-FOR-US: Eclipse Theia CVE-2021-28161 (In Eclipse Theia versions up to and including 1.8.0, in the debug cons ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caf6337a74082518afb6e1c30609f0f46bcbc116 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caf6337a74082518afb6e1c30609f0f46bcbc116 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-28164/jetty9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 67daf3d9 by Salvatore Bonaccorso at 2021-04-06T08:47:01+02:00 Add CVE-2021-28164/jetty9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4281,7 +4281,8 @@ CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 1 - jetty9 NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w CVE-2021-28164 (In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default com ...) - TODO: check + - jetty9 + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5 CVE-2021-28163 (In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0. ...) TODO: check CVE-2021-28162 (In Eclipse Theia versions up to and including 0.16.0, in the notificat ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67daf3d92de74e77af8d8d3dfb6b2c4804ff8d58 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67daf3d92de74e77af8d8d3dfb6b2c4804ff8d58 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-28165/jetty9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 49dd96a0 by Salvatore Bonaccorso at 2021-04-06T08:45:19+02:00 Add CVE-2021-28165/jetty9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4278,7 +4278,8 @@ CVE-2021-28167 CVE-2021-28166 RESERVED CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0. ...) - TODO: check + - jetty9 + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w CVE-2021-28164 (In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default com ...) TODO: check CVE-2021-28163 (In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49dd96a04072c4a55f80c7d9ad4b284bf030b1c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49dd96a04072c4a55f80c7d9ad4b284bf030b1c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3482/exiv2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aa07d711 by Salvatore Bonaccorso at 2021-04-06T08:43:40+02:00 Add CVE-2021-3482/exiv2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -373,6 +373,9 @@ CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899 +CVE-2021-3482 [heap-based buffer overflow in Jp2Image::readMetadata() in jp2image.cpp] + - exiv2 + NOTE: https://github.com/Exiv2/exiv2/issues/1522 CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file] RESERVED - qtsvg-opensource-src View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa07d7114d53cdf5de7ef73776c6c353fc227bf4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa07d7114d53cdf5de7ef73776c6c353fc227bf4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8970efd9 by Salvatore Bonaccorso at 2021-04-06T08:42:20+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -91102,7 +91102,7 @@ CVE-2020-4999 CVE-2020-4998 RESERVED CVE-2020-4997 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4996 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...) NOT-FOR-US: IBM CVE-2020-4995 (IBM Security Identity Governance and Intelligence 5.2.6 does not inval ...) @@ -91512,7 +91512,7 @@ CVE-2020-4794 (IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Bu CVE-2020-4793 RESERVED CVE-2020-4792 (IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4791 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...) NOT-FOR-US: IBM CVE-2020-4790 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8970efd93b66ae4c1efb91492706f56e41452e27 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8970efd93b66ae4c1efb91492706f56e41452e27 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f69ab45d by Moritz Muehlenhoff at 2021-04-06T08:39:59+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -109,7 +109,7 @@ CVE-2021-30076
CVE-2021-30075
RESERVED
CVE-2021-30074 (docsify 4.12.1 is affected by Cross Site Scripting (XSS)
because the s ...)
- TODO: check
+ NOT-FOR-US: docsify
CVE-2021-30073
RESERVED
CVE-2021-30072 (An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08
devices. ...)
@@ -264,7 +264,7 @@ CVE-2021-29998
CVE-2021-29997
RESERVED
CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command
execution. ...)
- TODO: check
+ NOT-FOR-US: marktext
CVE-2021-29995
RESERVED
CVE-2021-29994
@@ -393,30 +393,30 @@ CVE-2021-29942 (An issue was discovered in the reorder
crate through 2021-02-24
CVE-2021-29941 (An issue was discovered in the reorder crate through
2021-02-24 for Ru ...)
NOT-FOR-US: reorder crate
CVE-2021-29940 (An issue was discovered in the through crate through
2021-02-18 for Ru ...)
- TODO: check
+ NOT-FOR-US: Rust crate through
CVE-2021-29939 (An issue was discovered in the stackvector crate through
2021-02-19 fo ...)
- rust-stackvector
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0048.html
CVE-2021-29938 (An issue was discovered in the slice-deque crate through
2021-02-19 fo ...)
- TODO: check
+ NOT-FOR-US: Rust crate slice-deque
CVE-2021-29937 (An issue was discovered in the telemetry crate through
2021-02-17 for ...)
- TODO: check
+ NOT-FOR-US: Rust crate telemetry
CVE-2021-29936 (An issue was discovered in the adtensor crate through
2021-01-11 for R ...)
- TODO: check
+ NOT-FOR-US: Rust crate adtensor
CVE-2021-29935 (An issue was discovered in the rocket crate before 0.4.7 for
Rust. uri ...)
- TODO: check
+ NOT-FOR-US: Rust crate rocket
CVE-2021-29934 (An issue was discovered in PartialReader in the uu_od crate
before 0.0 ...)
- TODO: check
+ NOT-FOR-US: Rust crate uu_od
CVE-2021-29933 (An issue was discovered in the insert_many crate through
2021-01-26 fo ...)
- TODO: check
+ NOT-FOR-US: Rust crate insert_many
CVE-2021-29932 (An issue was discovered in the parse_duration crate through
2021-03-18 ...)
- TODO: check
+ NOT-FOR-US: Rust crate parse_duration
CVE-2021-29931 (An issue was discovered in the arenavec crate through
2021-01-12 for R ...)
- TODO: check
+ NOT-FOR-US: Rust crate arenavec
CVE-2021-29930 (An issue was discovered in the arenavec crate through
2021-01-12 for R ...)
- TODO: check
+ NOT-FOR-US: Rust crate arenavec
CVE-2021-29929 (An issue was discovered in the endian_trait crate through
2021-01-04 f ...)
- TODO: check
+ NOT-FOR-US: Rust crate endian_trait
CVE-2021-29928
RESERVED
CVE-2021-29927
@@ -1551,7 +1551,7 @@ CVE-2021-29420
CVE-2021-29419
RESERVED
CVE-2021-29418 (The netmask package before 2.0.1 for Node.js mishandles
certain unexpe ...)
- TODO: check
+ NOT-FOR-US: Node netmask
CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute
arbitrary co ...)
NOT-FOR-US: gitjacker
CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before
2021.2. Durin ...)
@@ -2829,7 +2829,7 @@ CVE-2021-28834 (Kramdown before 2.3.1 does not restrict
Rouge formatters to the
CVE-2021-28833
RESERVED
CVE-2021-28832 (VSCodeVim before 1.19.0 allows attackers to execute arbitrary
code via ...)
- TODO: check
+ NOT-FOR-US: VSCodeVim
CVE-2021-28831 (decompress_gunzip.c in BusyBox through 1.32.1 mishandles the
error bit ...)
{DLA-2614-1}
- busybox (bug #985674)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f69ab45d28b90637e4672b4e1c79ab64951107d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f69ab45d28b90637e4672b4e1c79ab64951107d8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
