[Git][security-tracker-team/security-tracker][master] LTS: Add CVE-2021-38171 to be announced in DLA-2818-1
Anton Gladky pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
443b0985 by Anton Gladky at 2021-11-13T22:06:41+01:00
LTS: Add CVE-2021-38171 to be announced in DLA-2818-1
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=
data/CVE/list
=
@@ -15267,7 +15267,6 @@ CVE-2021-38172
CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4
does not ...)
{DSA-4998-1 DSA-4990-1}
- ffmpeg 7:4.4.1-1
- [stretch] - ffmpeg (Wait to be fixed in buster first)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
CVE-2021-38170
RESERVED
=
data/DLA/list
=
@@ -1,5 +1,5 @@
[13 Nov 2021] DLA-2818-1 ffmpeg - security update
- {CVE-2020-20445 CVE-2020-20446 CVE-2020-20451 CVE-2020-20453
CVE-2020-22037 CVE-2020-22041 CVE-2020-22044 CVE-2020-22046 CVE-2020-22048
CVE-2020-22049 CVE-2020-22054 CVE-2021-38291}
+ {CVE-2020-20445 CVE-2020-20446 CVE-2020-20451 CVE-2020-20453
CVE-2020-22037 CVE-2020-22041 CVE-2020-22044 CVE-2020-22046 CVE-2020-22048
CVE-2020-22049 CVE-2020-22054 CVE-2021-38171 CVE-2021-38291}
[stretch] - ffmpeg 7:3.2.16-1+deb9u1
[12 Nov 2021] DLA-2817-1 postgresql-9.6 - security update
{CVE-2021-23214 CVE-2021-23222}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/443b0985410fa18819fa69e8353857e355291b2f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/443b0985410fa18819fa69e8353857e355291b2f
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5dd0b8b2 by Salvatore Bonaccorso at 2021-11-13T21:20:05+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -277,7 +277,7 @@ CVE-2021-43522
CVE-2021-3939
RESERVED
CVE-2021-3938 (snipe-it is vulnerable to Improper Neutralization of Input
During Web ...)
- TODO: check
+ NOT-FOR-US: snipe-it
CVE-2021-3937
RESERVED
CVE-2021-3936
@@ -544,7 +544,7 @@ CVE-2021-43402
CVE-2021-43401
RESERVED
CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- TODO: check
+ NOT-FOR-US: snipe-it
CVE-2021-3930 [off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c]
RESERVED
- qemu
@@ -1997,7 +1997,7 @@ CVE-2021-43205
CVE-2021-43204
RESERVED
CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
...)
- TODO: check
+ NOT-FOR-US: firefly-iii
CVE-2021-3920
RESERVED
CVE-2021-3919
@@ -2265,7 +2265,7 @@ CVE-2021-43082 (Buffer Copy without Checking Size of
Input ('Classic Buffer Over
NOTE: CVE description is wrong, this doesn't affect 8.1, only
9.x/master:
NOTE: Introduced with
https://github.com/apache/trafficserver/commit/5e2385b666b4176be0f64fbadfbfae42094db396
(9.1.0-rc0)
CVE-2021-3915 (bookstack is vulnerable to Unrestricted Upload of File with
Dangerous ...)
- TODO: check
+ NOT-FOR-US: bookstack
CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is
lacking ...)
NOT-FOR-US: WordPress plugin
CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have
CSRF check ...)
@@ -6870,7 +6870,7 @@ CVE-2021-41655
CVE-2021-41654
RESERVED
CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with
firmware ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2021-41652
RESERVED
CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG /
Ahmed H ...)
@@ -9498,9 +9498,9 @@ CVE-2021-40526 (Incorrect calculation of buffer size
vulnerability in Peleton TT
CVE-2021-40525
RESERVED
CVE-2021-3776 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- TODO: check
+ NOT-FOR-US: showdoc
CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- TODO: check
+ NOT-FOR-US: showdoc
CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3
version a ...)
NOT-FOR-US: Meross Smart Wi-Fi 2 Way Wall Switch
CVE-2021-3773
@@ -15423,7 +15423,7 @@ CVE-2021-3685
CVE-2021-3684
RESERVED
CVE-2021-3683 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- TODO: check
+ NOT-FOR-US: showdoc
CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka
e2openplugin-OpenWebif) t ...)
NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif)
CVE-2021-38112 (In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on
Windows, a ...)
@@ -87680,7 +87680,7 @@ CVE-2020-21143
CVE-2020-21142 (Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the
IPfire ...)
NOT-FOR-US: IPFire
CVE-2020-21141 (iCMS v7.0.15 was discovered to contain a Cross-Site Request
Forgery (C ...)
- TODO: check
+ NOT-FOR-US: iCMS
CVE-2020-21140
RESERVED
CVE-2020-21139 (EC Cloud E-Commerce System v1.3 was discovered to contain a
Cross-Site ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dd0b8b211eecc2c4fa51ad500919f60c81fccc0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dd0b8b211eecc2c4fa51ad500919f60c81fccc0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-43616/npm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f4c16fa7 by Salvatore Bonaccorso at 2021-11-13T21:16:45+01:00 Add CVE-2021-43616/npm - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,6 @@ CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ...) - TODO: check + - npm + NOTE: https://github.com/npm/cli/issues/2701 CVE-2021-43615 RESERVED CVE-2021-43614 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4c16fa7d8dc9401f37a0932a11948cd8ced960a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4c16fa7d8dc9401f37a0932a11948cd8ced960a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2898dc82 by security tracker role at 2021-11-13T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds
with an i ...)
+ TODO: check
CVE-2021-43615
RESERVED
CVE-2021-43614
@@ -141,8 +143,8 @@ CVE-2021-3947 [NVME: Arbitrary Memory Read]
NOTE:
https://lore.kernel.org/qemu-devel/2021153125.2258176-1-phi...@redhat.com/
CVE-2021-3946
RESERVED
-CVE-2021-3945
- RESERVED
+CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of
Input Duri ...)
+ TODO: check
CVE-2002-20001 (The Diffie-Hellman Key Agreement Protocol allows remote
attackers (fro ...)
TODO: check
CVE-2021-3944
@@ -273,8 +275,8 @@ CVE-2021-43522
RESERVED
CVE-2021-3939
RESERVED
-CVE-2021-3938
- RESERVED
+CVE-2021-3938 (snipe-it is vulnerable to Improper Neutralization of Input
During Web ...)
+ TODO: check
CVE-2021-3937
RESERVED
CVE-2021-3936
@@ -520,8 +522,8 @@ CVE-2021-43411 (An issue was discovered in GNU Hurd before
0.9 20210404-9. When
- hurd 1:0.9.git20210404-9
CVE-2021-43410
RESERVED
-CVE-2021-3932
- RESERVED
+CVE-2021-3932 (twill is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2021-43409
RESERVED
CVE-2021-43408
@@ -540,8 +542,8 @@ CVE-2021-43402
RESERVED
CVE-2021-43401
RESERVED
-CVE-2021-3931
- RESERVED
+CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2021-3930 [off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c]
RESERVED
- qemu
@@ -1993,8 +1995,8 @@ CVE-2021-43205
RESERVED
CVE-2021-43204
RESERVED
-CVE-2021-3921
- RESERVED
+CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
...)
+ TODO: check
CVE-2021-3920
RESERVED
CVE-2021-3919
@@ -2057,8 +2059,8 @@ CVE-2021-43176
RESERVED
CVE-2021-43175
RESERVED
-CVE-2021-3918
- RESERVED
+CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification
of Obj ...)
+ TODO: check
CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including
0.10.1, suppo ...)
- routinator (bug #929024)
NOTE:
https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
@@ -2261,8 +2263,8 @@ CVE-2021-43082 (Buffer Copy without Checking Size of
Input ('Classic Buffer Over
NOTE:
https://github.com/apache/trafficserver/commit/02b17dbe3cff71ffd31577d872e077531124d207
(master)
NOTE: CVE description is wrong, this doesn't affect 8.1, only
9.x/master:
NOTE: Introduced with
https://github.com/apache/trafficserver/commit/5e2385b666b4176be0f64fbadfbfae42094db396
(9.1.0-rc0)
-CVE-2021-3915
- RESERVED
+CVE-2021-3915 (bookstack is vulnerable to Unrestricted Upload of File with
Dangerous ...)
+ TODO: check
CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is
lacking ...)
NOT-FOR-US: WordPress plugin
CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have
CSRF check ...)
@@ -6866,8 +6868,8 @@ CVE-2021-41655
RESERVED
CVE-2021-41654
RESERVED
-CVE-2021-41653
- RESERVED
+CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with
firmware ...)
+ TODO: check
CVE-2021-41652
RESERVED
CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG /
Ahmed H ...)
@@ -9494,10 +9496,10 @@ CVE-2021-40526 (Incorrect calculation of buffer size
vulnerability in Peleton TT
NOT-FOR-US: Peleton
CVE-2021-40525
RESERVED
-CVE-2021-3776
- RESERVED
-CVE-2021-3775
- RESERVED
+CVE-2021-3776 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
+CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3
version a ...)
NOT-FOR-US: Meross Smart Wi-Fi 2 Way Wall Switch
CVE-2021-3773
@@ -14878,7 +14880,7 @@ CVE-2021-38293
CVE-2021-38292
RESERVED
CVE-2021-38291 (FFmpeg version (git commit
de8e6e67e7523e48bb27ac224a0b446df05e1640) s ...)
- {DSA-4998-1 DSA-4990-1}
+ {DSA-4998-1 DSA-4990-1 DLA-2818-1}
- ffmpeg 7:4.4.1-1 (unimportant)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e01d306c647b5827102260b885faa223b646d2d1
NOTE: https://trac.ffmpeg.org/ticket/9312
@@ -15419,8 +15421,8 @@ CVE-2021-3685
RESERVED
CVE-2021-3684
RESERVED
-CVE-2021-3683
- RESERVED
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-43612/lldpd and track fixed version via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 771d4842 by Salvatore Bonaccorso at 2021-11-13T21:08:27+01:00 Add CVE-2021-43612/lldpd and track fixed version via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4,8 +4,12 @@ CVE-2021-43614 RESERVED CVE-2021-43613 RESERVED -CVE-2021-43612 +CVE-2021-43612 [crash in SONMP decoder] RESERVED + - lldpd 1.0.13-1 + [bullseye] - lldpd (Minor issue) + [buster] - lldpd (Minor issue) + NOTE: https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7 (1.0.13) CVE-2021-43611 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...) NOT-FOR-US: Belledonne Belle-sip CVE-2021-43610 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/771d4842226a3299be68ff4b6dca7688975ef81c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/771d4842226a3299be68ff4b6dca7688975ef81c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-3828/nltk via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2d8645f6 by Salvatore Bonaccorso at 2021-11-13T21:05:34+01:00 Track fixed version for CVE-2021-3828/nltk via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7013,7 +7013,7 @@ CVE-2021-41587 (In Gradle Enterprise before 2021.1.3, an attacker with the abili CVE-2021-41586 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...) NOT-FOR-US: Gradle Enterprise CVE-2021-3828 (nltk is vulnerable to Inefficient Regular Expression Complexity ...) - - nltk (bug #995226) + - nltk 3.6.5-1 (bug #995226) [bullseye] - nltk (Minor issue) [buster] - nltk (Minor issue) [stretch] - nltk (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d8645f655d789c7a41dd3800d8364c37d9955e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d8645f655d789c7a41dd3800d8364c37d9955e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2818-1 for ffmpeg
Anton Gladky pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
11708225 by Anton Gladky at 2021-11-13T20:45:40+01:00
Reserve DLA-2818-1 for ffmpeg
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[13 Nov 2021] DLA-2818-1 ffmpeg - security update
+ {CVE-2020-20445 CVE-2020-20446 CVE-2020-20451 CVE-2020-20453
CVE-2020-22037 CVE-2020-22041 CVE-2020-22044 CVE-2020-22046 CVE-2020-22048
CVE-2020-22049 CVE-2020-22054 CVE-2021-38291}
+ [stretch] - ffmpeg 7:3.2.16-1+deb9u1
[12 Nov 2021] DLA-2817-1 postgresql-9.6 - security update
{CVE-2021-23214 CVE-2021-23222}
[stretch] - postgresql-9.6 9.6.24-0+deb9u1
=
data/dla-needed.txt
=
@@ -36,12 +36,6 @@ debian-archive-keyring
exiv2 (Thorsten Alteholz)
NOTE: 20211109: testing package
--
-ffmpeg (Anton Gladky)
- NOTE: probably wait until stuff is fixed in Buster
- NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/ffmpeg
- NOTE: ffmpeg 3.2.16 has been released
- NOTE: 20211101: preparing an update (gladk)
---
firefox-esr (Emilio)
--
firmware-nonfree
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1170822547df23d3426fd6813e07aa2ac83af5a0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1170822547df23d3426fd6813e07aa2ac83af5a0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: update busybox status
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 59745d2b by Sylvain Beucler at 2021-11-13T12:16:31+01:00 dla: update busybox status - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -22,6 +22,7 @@ busybox (Sylvain Beucler) NOTE: 2021: dos issues are low impact and could be ignored, awk issues seem NOTE: 2021: only serious if executing untrusted code, so perhaps postpone, NOTE: 2021: but double-check (pochu) + NOTE: 2023: waiting for further maintainer feedback & commit info (Beuc) -- debian-archive-keyring NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59745d2b812a600895af49099415b8be5a631dd3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59745d2b812a600895af49099415b8be5a631dd3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-42374/busybox: precise impact
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 42249245 by Sylvain Beucler at 2021-11-13T12:10:11+01:00 CVE-2021-42374/busybox: precise impact - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4925,7 +4925,7 @@ CVE-2021-42374 - busybox (unimportant; bug #999567) [stretch] - busybox (Vulnerable code introduced later) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ - NOTE: Crash in CLI tool, no security impact + NOTE: Crash in CLI tool with information leak NOTE: Introduced by https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0 (1_27_0) NOTE: https://git.busybox.net/busybox/commit/?id=04f052c56ded5ab6a904e3a264a73dc0412b2e78 CVE-2021-42373 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42249245aebf3254147cb2ee45ab00c82e1157f2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42249245aebf3254147cb2ee45ab00c82e1157f2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-41229/bluez
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e8263af2 by Salvatore Bonaccorso at 2021-11-13T11:02:46+01:00 Add CVE-2021-41229/bluez - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7831,7 +7831,10 @@ CVE-2021-41231 CVE-2021-41230 (Pomerium is an open source identity-aware access proxy. In affected ve ...) NOT-FOR-US: Pomerium CVE-2021-41229 (BlueZ is a Bluetooth protocol stack for Linux. In affected versions a ...) - TODO: check + - bluez + [bullseye] - bluez (Minor issue) + [buster] - bluez (Minor issue) + NOTE: https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq CVE-2021-41228 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41227 (TensorFlow is an open source platform for machine learning. In affecte ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8263af2a93a3a983be3b854d464a53bd3ef5896 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8263af2a93a3a983be3b854d464a53bd3ef5896 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-4333{1,2}/mailman
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9f3e3e08 by Salvatore Bonaccorso at 2021-11-13T09:46:50+01:00
Add CVE-2021-4333{1,2}/mailman
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -701,9 +701,15 @@ CVE-2021-43334
CVE-2021-4
RESERVED
CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the
Cgi/admindb.py ad ...)
- TODO: check
+ - mailman
+ [buster] - mailman (Minor issue)
+ NOTE:
https://mail.python.org/archives/list/mailman-annou...@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
+ NOTE: https://bugs.launchpad.net/mailman/+bug/1949403
CVE-2021-43331 (In GNU Mailman before 2.1.36, a crafted URL to the
Cgi/options.py user ...)
- TODO: check
+ - mailman
+ [buster] - mailman (Minor issue)
+ NOTE:
https://mail.python.org/archives/list/mailman-annou...@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
+ NOTE: https://bugs.launchpad.net/mailman/+bug/1949401
CVE-2021-43330
RESERVED
CVE-2021-43329
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f3e3e08af130a27252a38f9e84fe1b6a6bdfb07
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f3e3e08af130a27252a38f9e84fe1b6a6bdfb07
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2761e697 by Salvatore Bonaccorso at 2021-11-13T09:28:18+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,9 +7,9 @@ CVE-2021-43613 CVE-2021-43612 RESERVED CVE-2021-43611 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...) - TODO: check + NOT-FOR-US: Belledonne Belle-sip CVE-2021-43610 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...) - TODO: check + NOT-FOR-US: Belledonne Belle-sip CVE-2021-43609 RESERVED CVE-2021-43608 @@ -3451,7 +3451,7 @@ CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. . CVE-2021-42564 RESERVED CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) ...) - TODO: check + NOT-FOR-US: NI Service Locator CVE-2021-3893 RESERVED CVE-2021-42562 @@ -6433,7 +6433,7 @@ CVE-2021-41830 (It is possible for an attacker to manipulate signed documents an CVE-2021-3844 RESERVED CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM in some ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2021-3842 RESERVED CVE-2021-3841 @@ -6538,7 +6538,7 @@ CVE-2021-41789 CVE-2021-41788 RESERVED CVE-2021-3840 (A dependency confusion vulnerability was reported in the Antilles open ...) - TODO: check + NOT-FOR-US: Antilles CVE-2021-41787 RESERVED CVE-2021-41786 @@ -8792,21 +8792,21 @@ CVE-2021-40820 CVE-2021-40819 RESERVED CVE-2021-3793 (An improper access control vulnerability was reported in some Motorola ...) - TODO: check + NOT-FOR-US: Binatone CVE-2021-3792 (Some device communications in some Motorola-branded Binatone Hubble Ca ...) - TODO: check + NOT-FOR-US: Binatone CVE-2021-3791 (An information disclosure vulnerability was reported in some Motorola- ...) - TODO: check + NOT-FOR-US: Binatone CVE-2021-3790 (A buffer overflow was reported in the local web server of some Motorol ...) - TODO: check + NOT-FOR-US: Binatone CVE-2021-3789 (An information disclosure vulnerability was reported in some Motorola- ...) - TODO: check + NOT-FOR-US: Binatone CVE-2021-3788 (An exposed debug interface was reported in some Motorola-branded Binat ...) - TODO: check + NOT-FOR-US: Binatone CVE-2021-3787 (A vulnerability was reported in some Motorola-branded Binatone Hubble ...) - TODO: check + NOT-FOR-US: Binatone CVE-2021-3786 (A potential vulnerability in the SMI callback function used in CSME co ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2021-3785 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...) NOT-FOR-US: yourls CVE-2021-3784 @@ -12384,11 +12384,11 @@ CVE-2021-3722 CVE-2021-3721 RESERVED CVE-2021-3720 (An information disclosure vulnerability was reported in the Time Weath ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2021-3719 (A potential vulnerability in the SMI callback function that saves and ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2021-3718 (A denial of service vulnerability was reported in some ThinkPad models ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2021-39291 (Certain NetModule devices allow credentials via GET parameters to CLI- ...) NOT-FOR-US: NetModule devices CVE-2021-39290 (Certain NetModule devices allow Limited Session Fixation via PHPSESSID ...) @@ -13849,7 +13849,7 @@ CVE-2021-38686 CVE-2021-38685 RESERVED CVE-2021-38684 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-38683 RESERVED CVE-2021-38682 @@ -19575,11 +19575,11 @@ CVE-2021-36327 CVE-2021-36326 RESERVED CVE-2021-36325 (Dell BIOS contains an improper input validation vulnerability. A local ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36324 (Dell BIOS contains an improper input validation vulnerability. A local ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36323 (Dell BIOS contains an improper input validation vulnerability. A local ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36322 RESERVED CVE-2021-36321 @@ -19615,7 +19615,7 @@ CVE-2021-36307 CVE-2021-36306 RESERVED CVE-2021-36305 (Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36304 RESERVED CVE-2021-36303 @@ -23470,7 +23470,7 @@ CVE-2021-3600 NOTE: https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 NOTE: https://www.openwall.com/lists/oss-security/2021/06/23/1
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 88a4ed1d by Salvatore Bonaccorso at 2021-11-13T09:17:04+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12378,7 +12378,7 @@ CVE-2021-39293 CVE-2021-39292 RESERVED CVE-2021-3723 (A command injection vulnerability was reported in the Integrated Manag ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-3722 RESERVED CVE-2021-3721 @@ -19595,7 +19595,7 @@ CVE-2021-36317 CVE-2021-36316 RESERVED CVE-2021-36315 (Dell EMC PowerScale Nodes contain a hardware design flaw. This may all ...) - TODO: check + NOT-FOR-US: EMC CVE-2021-36314 RESERVED CVE-2021-36313 @@ -55920,7 +55920,7 @@ CVE-2021-21530 (Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.3 CVE-2021-21529 (Dell System Update (DSU) 1.9 and earlier versions contain a denial of ...) NOT-FOR-US: Dell System Update (DSU) CVE-2021-21528 (Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an ...) - TODO: check + NOT-FOR-US: EMC CVE-2021-21527 (Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization o ...) NOT-FOR-US: Dell CVE-2021-21526 (Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88a4ed1d6f9ff5dba9d1635322f4127b7621de65 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88a4ed1d6f9ff5dba9d1635322f4127b7621de65 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cf217137 by security tracker role at 2021-11-13T08:10:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,81 @@ +CVE-2021-43615 + RESERVED +CVE-2021-43614 + RESERVED +CVE-2021-43613 + RESERVED +CVE-2021-43612 + RESERVED +CVE-2021-43611 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...) + TODO: check +CVE-2021-43610 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...) + TODO: check +CVE-2021-43609 + RESERVED +CVE-2021-43608 + RESERVED +CVE-2021-43607 + RESERVED +CVE-2021-43606 + RESERVED +CVE-2021-43605 + RESERVED +CVE-2021-43604 + RESERVED +CVE-2021-43603 + RESERVED +CVE-2021-43602 + RESERVED +CVE-2021-43601 + RESERVED +CVE-2021-43600 + RESERVED +CVE-2021-43599 + RESERVED +CVE-2021-43598 + RESERVED +CVE-2021-43597 + RESERVED +CVE-2021-43596 + RESERVED +CVE-2021-43595 + RESERVED +CVE-2021-43594 + RESERVED +CVE-2021-43593 + RESERVED +CVE-2021-43592 + RESERVED +CVE-2021-43591 + RESERVED +CVE-2021-43590 + RESERVED +CVE-2021-43589 + RESERVED +CVE-2021-43588 + RESERVED +CVE-2021-43587 + RESERVED +CVE-2021-43586 + RESERVED +CVE-2021-43585 + RESERVED +CVE-2021-43584 + RESERVED +CVE-2021-43583 + RESERVED +CVE-2021-3956 + RESERVED +CVE-2021-3955 + RESERVED +CVE-2021-3954 + RESERVED +CVE-2021-3953 + RESERVED +CVE-2021-3952 + RESERVED +CVE-2021-3951 + RESERVED CVE-2021-43582 RESERVED CVE-2021-43581 @@ -622,10 +700,10 @@ CVE-2021-43334 RESERVED CVE-2021-4 RESERVED -CVE-2021-43332 - RESERVED -CVE-2021-43331 - RESERVED +CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...) + TODO: check +CVE-2021-43331 (In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user ...) + TODO: check CVE-2021-43330 RESERVED CVE-2021-43329 @@ -3372,8 +3450,8 @@ CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. . NOT-FOR-US: myfactory.FMS CVE-2021-42564 RESERVED -CVE-2021-42563 - RESERVED +CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) ...) + TODO: check CVE-2021-3893 RESERVED CVE-2021-42562 @@ -6354,8 +6432,8 @@ CVE-2021-41830 (It is possible for an attacker to manipulate signed documents an NOT-FOR-US: Apache OpenOffice CVE-2021-3844 RESERVED -CVE-2021-3843 - RESERVED +CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM in some ...) + TODO: check CVE-2021-3842 RESERVED CVE-2021-3841 @@ -6459,8 +6537,8 @@ CVE-2021-41789 RESERVED CVE-2021-41788 RESERVED -CVE-2021-3840 - RESERVED +CVE-2021-3840 (A dependency confusion vulnerability was reported in the Antilles open ...) + TODO: check CVE-2021-41787 RESERVED CVE-2021-41786 @@ -7746,8 +7824,8 @@ CVE-2021-41231 RESERVED CVE-2021-41230 (Pomerium is an open source identity-aware access proxy. In affected ve ...) NOT-FOR-US: Pomerium -CVE-2021-41229 - RESERVED +CVE-2021-41229 (BlueZ is a Bluetooth protocol stack for Linux. In affected versions a ...) + TODO: check CVE-2021-41228 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41227 (TensorFlow is an open source platform for machine learning. In affecte ...) @@ -8713,22 +8791,22 @@ CVE-2021-40820 RESERVED CVE-2021-40819 RESERVED -CVE-2021-3793 - RESERVED -CVE-2021-3792 - RESERVED -CVE-2021-3791 - RESERVED -CVE-2021-3790 - RESERVED -CVE-2021-3789 - RESERVED -CVE-2021-3788 - RESERVED -CVE-2021-3787 - RESERVED -CVE-2021-3786 - RESERVED +CVE-2021-3793 (An improper access control vulnerability was reported in some Motorola ...) + TODO: check +CVE-2021-3792 (Some device communications in some Motorola-branded Binatone Hubble Ca ...) + TODO: check +CVE-2021-3791 (An information disclosure vulnerability was reported in some Motorola- ...) + TODO: check +CVE-2021-3790 (A buffer overflow was reported in the local web server of some Motorol ...) + TODO: check +CVE-2021-3789 (An information disclosure vulnerability was reported in some Motorola- ...) + TODO: check +CVE-2021-3788 (An exposed debug interface was reported in some Motorola-branded Binat ...) + TODO: check +CVE-2021-3787 (A vulnerability was reported in some Motorola-branded Binatone Hubble ...) + TODO: check +CVE-2021-3786 (A potential
