[Git][security-tracker-team/security-tracker][master] Update information for CVE-2020-29050/sphinxsearch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 757df2cd by Salvatore Bonaccorso at 2021-12-21T08:54:21+01:00 Update information for CVE-2020-29050/sphinxsearch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -72525,6 +72525,8 @@ CVE-2020-29050 [arbitrary file reads by scattered file snippets] RESERVED - sphinxsearch 2.2.11-3 NOTE: Backported for sphinxsearch from: https://github.com/manticoresoftware/manticoresearch/commit/66b5761ad258c60b1866a8e1333f86e74f48035 + NOTE: and https://github.com/manticoresoftware/manticoresearch/commit/6e597ff61e1e910559f6ed541ff32520085af6aa + NOTE: Backported patch: https://salsa.debian.org/debian/sphinxsearch/-/blob/4d6fe40644130308604845db43d3588e715ec85d/debian/patches/06-CVE-2020-29050.patch CVE-2015-9551 (An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1 ...) NOT-FOR-US: TOTOLINK CVE-2015-9550 (An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/757df2cd90c42b458c92026c50b34dc51d062c73 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/757df2cd90c42b458c92026c50b34dc51d062c73 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-4133 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ff7674a2 by Salvatore Bonaccorso at 2021-12-21T07:42:58+01:00 Add CVE-2021-4133 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -885,6 +885,7 @@ CVE-2021-4134 RESERVED CVE-2021-4133 RESERVED + NOT-FOR-US: Keycloak CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) NOT-FOR-US: livehelperchat CVE-2021-4131 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff7674a2c374158775b5e4158f2d08e34f9bf2b3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff7674a2c374158775b5e4158f2d08e34f9bf2b3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-4135/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a51dca6a by Salvatore Bonaccorso at 2021-12-21T07:38:04+01:00 Add CVE-2021-4135/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -878,6 +878,9 @@ CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...) NOTE: https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264 (v8.2.3847) CVE-2021-4135 RESERVED + - linux + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 (5.16-rc6) CVE-2021-4134 RESERVED CVE-2021-4133 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a51dca6a9cee1a4c76c609281a9e8e5bc6469939 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a51dca6a9cee1a4c76c609281a9e8e5bc6469939 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-41496/numpy
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b8e04826 by Salvatore Bonaccorso at 2021-12-20T22:31:15+01:00 Add CVE-2021-41496/numpy - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13612,7 +13612,10 @@ CVE-2021-41498 (Buffer overflow in ajaxsoundstudio.com Pyo lt and 1.03 in t CVE-2021-41497 (Null pointer reference in CMS_Conservative_increment_obj in RaRe-Techn ...) TODO: check CVE-2021-41496 (Buffer overflow in the array_from_pyobj function of fortranobject.c in ...) - TODO: check + - numpy + NOTE: https://github.com/numpy/numpy/issues/19000 + NOTE: https://github.com/numpy/numpy/pull/20630 + NOTE: https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2 CVE-2021-41495 (Null Pointer Dereference vulnerability exists in numpy.sort in NumPy & ...) - numpy NOTE: https://github.com/numpy/numpy/issues/19038 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8e0482669f6cf324974a69e6ce4bf1dd3ce5914 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8e0482669f6cf324974a69e6ce4bf1dd3ce5914 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-4126{0,1,2}/galette
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: db73f27d by Salvatore Bonaccorso at 2021-12-20T21:50:50+01:00 Add CVE-2021-4126{0,1,2}/galette - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14151,11 +14151,11 @@ CVE-2021-41264 (OpenZeppelin Contracts is a library for smart contract developme CVE-2021-41263 (rails_multisite provides multi-db support for Rails applications. In a ...) NOT-FOR-US: rails_multisite CVE-2021-41262 (Galette is a membership management web application built for non profi ...) - TODO: check + - galette CVE-2021-41261 (Galette is a membership management web application built for non profi ...) - TODO: check + - galette CVE-2021-41260 (Galette is a membership management web application built for non profi ...) - TODO: check + - galette CVE-2021-41259 (Nim is a systems programming language with a focus on efficiency, expr ...) - nim [bullseye] - nim (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db73f27d678c517e134a67c28ce6e0cc8481c386 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db73f27d678c517e134a67c28ce6e0cc8481c386 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a7843e73 by Salvatore Bonaccorso at 2021-12-20T21:50:12+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3829,7 +3829,7 @@ CVE-2021-44161 CVE-2021-44160 RESERVED CVE-2021-44159 (4MOSAn GCB Doctors file upload function has improper user privi ...) - TODO: check + NOT-FOR-US: 4MOSAn GCB Doctor CVE-2021-44158 RESERVED CVE-2021-4011 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) @@ -3854,7 +3854,7 @@ CVE-2021-4008 (A flaw was found in xorg-x11-server in versions before 21.1.2 and NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60 CVE-2021-4007 (Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local ...) - TODO: check + NOT-FOR-US: Rapid7 Insight Agent CVE-2021-4006 RESERVED CVE-2021-4005 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) @@ -4861,7 +4861,7 @@ CVE-2021-43832 CVE-2021-43831 (Gradio is an open source framework for building interactive machine le ...) TODO: check CVE-2021-43830 (OpenProject is a web-based project management software. OpenProject ve ...) - TODO: check + NOT-FOR-US: OpenProject CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating Security ...) NOT-FOR-US: PatrOwl CVE-2021-43828 (PatrOwl is a free and open-source solution for orchestrating Security ...) @@ -4879,7 +4879,7 @@ CVE-2021-43823 (Sourcegraph is a code search and navigation engine. Sourcegraph CVE-2021-43822 (Jackalope Doctrine-DBAL is an implementation of the PHP Content Reposi ...) NOT-FOR-US: Jackalope Doctrine-DBAL CVE-2021-43821 (Opencast is an Open Source Lecture Capture Video Management for ...) - TODO: check + NOT-FOR-US: Opencast CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is used i ...) - seafile-server (bug #865830) NOTE: https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8 @@ -4914,7 +4914,7 @@ CVE-2021-43808 (Laravel is a web application framework. Laravel prior to version NOTE: https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw NOTE: https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b (v6.20.42) CVE-2021-43807 (Opencast is an Open Source Lecture Capture Video Management for ...) - TODO: check + NOT-FOR-US: Opencast CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceability of ...) NOT-FOR-US: Tuleap CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...) @@ -6735,7 +6735,7 @@ CVE-2021-43442 CVE-2021-43441 RESERVED CVE-2021-43440 (Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 a ...) - TODO: check + NOT-FOR-US: iOrder CVE-2021-43439 RESERVED CVE-2021-43438 @@ -9002,7 +9002,7 @@ CVE-2021-42915 CVE-2021-42914 RESERVED CVE-2021-42913 (The SyncThru Web Service on Samsung SCX-6x55X printers allows an attac ...) - TODO: check + NOT-FOR-US: SyncThru Web Service on Samsung SCX-6x55X printers CVE-2021-42912 (FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command inj ...) NOT-FOR-US: FiberHome ONU GPON AN5506-04-F RP2617 CVE-2021-42911 @@ -19263,7 +19263,7 @@ CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP services CVE-2021-39184 (Electron is a framework for writing cross-platform desktop application ...) - electron (bug #842420) CVE-2021-39183 (Owncast is an open source, self-hosted live video streaming and chat s ...) - TODO: check + NOT-FOR-US: Owncast CVE-2021-39182 (EnroCrypt is a Python module for encryption and hashing. Prior to vers ...) NOT-FOR-US: EnroCrypt CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). Prior to ver ...) @@ -127720,7 +127720,7 @@ CVE-2020-8107 CVE-2020-8106 REJECTED CVE-2020-8105 (OS Command Injection vulnerability in the wirelessConnect handler of A ...) - TODO: check + NOT-FOR-US: Abode iota All-In-One Security Kit CVE-2020-8104 RESERVED CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in Bitdefen ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7843e73d56da2bce06b18b9676935066b0af9f9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7843e73d56da2bce06b18b9676935066b0af9f9 You're receiving this email because of your account on
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b6afe7e by Salvatore Bonaccorso at 2021-12-20T21:20:13+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1640,7 +1640,7 @@ CVE-2021-44918 CVE-2021-44917 RESERVED CVE-2021-44916 (Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a ...) - TODO: check + NOT-FOR-US: Open-AudIT CVE-2021-44915 RESERVED CVE-2021-44914 @@ -2384,9 +2384,9 @@ CVE-2021-44678 (An issue (2 of 6) was discovered in Veritas Enterprise Vault thr CVE-2021-44677 (An issue (1 of 6) was discovered in Veritas Enterprise Vault through 1 ...) NOT-FOR-US: Veritas CVE-2021-44676 (Zoho ManageEngine Access Manager Plus before 4203 allows anyone to vie ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2021-44675 (Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vuln ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2021-4075 (snipe-it is vulnerable to Server-Side Request Forgery (SSRF) ...) NOT-FOR-US: snipe-it CVE-2021-4074 @@ -2638,7 +2638,7 @@ CVE-2021-44556 (National Library of the Netherlands digger 6697d1269d981e35 CVE-2021-44555 RESERVED CVE-2021-44554 (Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate ...) - TODO: check + NOT-FOR-US: Thinfinity VirtualUI CVE-2021-44553 RESERVED CVE-2021-44552 @@ -2810,7 +2810,7 @@ CVE-2021-44527 (A vulnerability found in UniFi Switch firmware Version 5.43.35 a CVE-2021-44526 RESERVED CVE-2021-44525 (Zoho ManageEngine PAM360 before build 5303 allows attackers to modify ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2021-44524 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...) NOT-FOR-US: SiPass CVE-2021-44523 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...) @@ -3427,7 +3427,7 @@ CVE-2021-44265 CVE-2021-44264 RESERVED CVE-2021-44263 (Gurock TestRail before 7.2.4 mishandles HTML escaping. ...) - TODO: check + NOT-FOR-US: Gurock TestRail CVE-2021-44262 RESERVED CVE-2021-44261 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b6afe7e9861794d095ceb091fbc394de97f2690 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b6afe7e9861794d095ceb091fbc394de97f2690 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d2de03ed by security tracker role at 2021-12-20T20:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,431 @@ +CVE-2021-45442 + RESERVED +CVE-2021-45441 + RESERVED +CVE-2021-45440 + RESERVED +CVE-2021-45439 + RESERVED +CVE-2021-45438 + RESERVED +CVE-2021-45437 + RESERVED +CVE-2021-45436 + RESERVED +CVE-2021-45435 + RESERVED +CVE-2021-45434 + RESERVED +CVE-2021-45433 + RESERVED +CVE-2021-45432 + RESERVED +CVE-2021-45431 + RESERVED +CVE-2021-45430 + RESERVED +CVE-2021-45429 + RESERVED +CVE-2021-45428 + RESERVED +CVE-2021-45427 + RESERVED +CVE-2021-45426 + RESERVED +CVE-2021-45425 + RESERVED +CVE-2021-45424 + RESERVED +CVE-2021-45423 + RESERVED +CVE-2021-45422 + RESERVED +CVE-2021-45421 + RESERVED +CVE-2021-45420 + RESERVED +CVE-2021-45419 + RESERVED +CVE-2021-45418 + RESERVED +CVE-2021-45417 + RESERVED +CVE-2021-45416 + RESERVED +CVE-2021-45415 + RESERVED +CVE-2021-45414 + RESERVED +CVE-2021-45413 + RESERVED +CVE-2021-45412 + RESERVED +CVE-2021-45411 + RESERVED +CVE-2021-45410 + RESERVED +CVE-2021-45409 + RESERVED +CVE-2021-45408 + RESERVED +CVE-2021-45407 + RESERVED +CVE-2021-45406 + RESERVED +CVE-2021-45405 + RESERVED +CVE-2021-45404 + RESERVED +CVE-2021-45403 + RESERVED +CVE-2021-45402 + RESERVED +CVE-2021-45401 + RESERVED +CVE-2021-45400 + RESERVED +CVE-2021-45399 + RESERVED +CVE-2021-45398 + RESERVED +CVE-2021-45397 + RESERVED +CVE-2021-45396 + RESERVED +CVE-2021-45395 + RESERVED +CVE-2021-45394 + RESERVED +CVE-2021-45393 + RESERVED +CVE-2021-45392 + RESERVED +CVE-2021-45391 + RESERVED +CVE-2021-45390 + RESERVED +CVE-2021-45389 + RESERVED +CVE-2021-45388 + RESERVED +CVE-2021-45387 + RESERVED +CVE-2021-45386 + RESERVED +CVE-2021-45385 + RESERVED +CVE-2021-45384 + RESERVED +CVE-2021-45383 + RESERVED +CVE-2021-45382 + RESERVED +CVE-2021-45381 + RESERVED +CVE-2021-45380 + RESERVED +CVE-2021-45379 + RESERVED +CVE-2021-45378 + RESERVED +CVE-2021-45377 + RESERVED +CVE-2021-45376 + RESERVED +CVE-2021-45375 + RESERVED +CVE-2021-45374 + RESERVED +CVE-2021-45373 + RESERVED +CVE-2021-45372 + RESERVED +CVE-2021-45371 + RESERVED +CVE-2021-45370 + RESERVED +CVE-2021-45369 + RESERVED +CVE-2021-45368 + RESERVED +CVE-2021-45367 + RESERVED +CVE-2021-45366 + RESERVED +CVE-2021-45365 + RESERVED +CVE-2021-45364 + RESERVED +CVE-2021-45363 + RESERVED +CVE-2021-45362 + RESERVED +CVE-2021-45361 + RESERVED +CVE-2021-45360 + RESERVED +CVE-2021-45359 + RESERVED +CVE-2021-45358 + RESERVED +CVE-2021-45357 + RESERVED +CVE-2021-45356 + RESERVED +CVE-2021-45355 + RESERVED +CVE-2021-45354 + RESERVED +CVE-2021-45353 + RESERVED +CVE-2021-45352 + RESERVED +CVE-2021-45351 + RESERVED +CVE-2021-45350 + RESERVED +CVE-2021-45349 + RESERVED +CVE-2021-45348 + RESERVED +CVE-2021-45347 + RESERVED +CVE-2021-45346 + RESERVED +CVE-2021-45345 + RESERVED +CVE-2021-45344 + RESERVED +CVE-2021-45343 + RESERVED +CVE-2021-45342 + RESERVED +CVE-2021-45341 + RESERVED +CVE-2021-45340 + RESERVED +CVE-2021-45339 + RESERVED +CVE-2021-45338 + RESERVED +CVE-2021-45337 + RESERVED +CVE-2021-45336 + RESERVED +CVE-2021-45335 + RESERVED +CVE-2021-45334 + RESERVED +CVE-2021-45333 + RESERVED +CVE-2021-45332 + RESERVED +CVE-2021-45331 + RESERVED +CVE-2021-45330 + RESERVED +CVE-2021-45329 + RESERVED +CVE-2021-45328 + RESERVED +CVE-2021-45327 + RESERVED +CVE-2021-45326 + RESERVED +CVE-2021-45325 + RESERVED +CVE-2021-45324 + RESERVED +CVE-2021-45323 + RESERVED +CVE-2021-45322 + RESERVED +CVE-2021-45321 + RESERVED +CVE-2021-45320 + RESERVED +CVE-2021-45319 + RESERVED +CVE-2021-45318 + RESERVED +CVE-2021-45317 + RESERVED +CVE-2021-45316 + RESERVED +CVE-2021-45315 + RESERVED +CVE-2021-45314 + RESERVED +CVE-2021-45313 + RESERVED +CVE-2021-45312 + RESERVED +CVE-2021-45311 + RESERVED +CVE-2021-45310 + RESERVED +CVE-2021-45309 + RESERVED +CVE-2021-45308 + RESERVED +CVE-2021-45307 + RESERVED +CVE-2021-45306 + RESERVED +CVE-2021-45305 + RESERVED +CVE-2021-45304 + RESERVED +CVE-2021-45303 + RESERVED +CVE-2021-45302 +
[Git][security-tracker-team/security-tracker][master] Add apache2 to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f87c54c5 by Salvatore Bonaccorso at 2021-12-20T20:54:56+01:00 Add apache2 to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -11,6 +11,9 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. +-- +apache2 + Maintainer preparing updates -- asterisk/oldstable -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f87c54c5c92c896cef1a7a277e0dd4796f9e0a22 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f87c54c5c92c896cef1a7a277e0dd4796f9e0a22 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-11651/salt: clarify patches
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 90b0fb25 by Sylvain Beucler at 2021-12-20T19:23:43+01:00 CVE-2020-11651/salt: clarify patches - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -117745,12 +117745,10 @@ CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 30 {DSA-4676-2 DSA-4676-1 DLA-2223-1} - salt 3000.2+dfsg1-1 (bug #959684) NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst - NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7 - NOTE: Followup needed: https://github.com/saltstack/salt/commit/78172bf647473d5c1c2720e72fc12d6f2314d583 - NOTE: There is a typo in the whitelisted methods on AESFuncs: - NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue - NOTE: Regression bugreport: https://github.com/saltstack/salt/issues/57016 - NOTE: https://github.com/saltstack/salt/issues/57027 + NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7 (v3000.2) + NOTE: Regression: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue + NOTE: Regression fix: https://github.com/saltstack/salt/commit/cea28c850f7562fd3b869a1bbcc95050ab19e0f1 (v3000.3) + NOTE: See also https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/04/14/ CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before ...) NOT-FOR-US: FreeNAS CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Membe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90b0fb2594055d14db7a155643de87d36108ea08 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90b0fb2594055d14db7a155643de87d36108ea08 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] apache2 fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 36050892 by Moritz Muehlenhoff at 2021-12-20T19:09:48+01:00 apache2 fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1588,7 +1588,7 @@ CVE-2021-44791 RESERVED CVE-2021-44790 [Possible buffer overflow when parsing multipart content in mod_lua] RESERVED - - apache2 + - apache2 2.4.52-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790 NOTE: Fixed by: https://svn.apache.org/r1896039 CVE-2021-4095 @@ -3235,7 +3235,7 @@ CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficien NOTE: https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d CVE-2021-44224 [Possible NULL dereference or SSRF in forward proxy configurations] RESERVED - - apache2 + - apache2 2.4.52-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44224 NOTE: Fixed by: https://svn.apache.org/r1895955 NOTE: Fixed by: https://svn.apache.org/r1896044 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/360508920aaf50aef47edbf1fb0fa92b58011b2b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/360508920aaf50aef47edbf1fb0fa92b58011b2b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: take condor
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 28ce8bc3 by Anton Gladky at 2021-12-20T18:13:47+01:00 LTS: take condor - - - - - 8f1cc67c by Anton Gladky at 2021-12-20T18:14:00+01:00 LTS: wip on vim - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -20,7 +20,7 @@ ansible -- apache-log4j2 (Markus Koschany) -- -condor +condor (Anton) NOTE: 20211216: full details embargoed -- debian-archive-keyring @@ -100,6 +100,7 @@ vim (Anton) NOTE: 20211203: adding here as it's in the ela-needed as well NOTE: 20211203: so worth fixing in stretch, too. Co-ordinate w/ NOTE: 20211203: Emilio since he's working on it for jessie. (utkarsh) + NOTE: 20211220: WIP (Anton) -- wireshark (Adrian Bunk) NOTE: 2029: Check https://salsa.debian.org/security-tracker-team/security-tracker/commit/d55b7eff90db8487e20106c2c09e61293a477e89 (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a1bf9d55bd1fe0e2bae08c074f3050bce12c0fa3...8f1cc67ce3573c044b8799585890e0fdea677309 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a1bf9d55bd1fe0e2bae08c074f3050bce12c0fa3...8f1cc67ce3573c044b8799585890e0fdea677309 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: update note
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: a1bf9d55 by Adrian Bunk at 2021-12-20T18:47:01+02:00 dla: update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -104,6 +104,7 @@ vim (Anton) wireshark (Adrian Bunk) NOTE: 2029: Check https://salsa.debian.org/security-tracker-team/security-tracker/commit/d55b7eff90db8487e20106c2c09e61293a477e89 (lamby) NOTE: 20211206: DLA coming soon (bunk) + NOTE: 20211220: DLA coming today (bunk) -- xorg-server (Thorsten Alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1bf9d55bd1fe0e2bae08c074f3050bce12c0fa3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1bf9d55bd1fe0e2bae08c074f3050bce12c0fa3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Adjust CVE reference for mfsa2021-55/thunderbird
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fa61ada3 by Salvatore Bonaccorso at 2021-12-20T17:29:52+01:00 Adjust CVE reference for mfsa2021-55/thunderbird - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2347,7 +2347,7 @@ CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7 [buster] - olm (Vulnerable code introduced later) - node-matrix-js-sdk - thunderbird 1:91.4.1-1 - NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-44538 NOTE: https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk/ NOTE: Introduced by: https://gitlab.matrix.org/matrix-org/olm/-/commit/39a1ee0b18f0fced6d7bc293cc9a46ea70ec9e96 (3.1.4) NOTE: Fixed by: https://gitlab.matrix.org/matrix-org/olm/-/commit/c23ce70fc66c26db5839ddb5a3b46d4c3d3abed6 (3.2.8) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa61ada3e73c4eff2dccc68d74dba49e0ba87d00 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa61ada3e73c4eff2dccc68d74dba49e0ba87d00 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new thunderbird issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 74aea47a by Moritz Muehlenhoff at 2021-12-20T17:18:44+01:00 new thunderbird issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -468,6 +468,8 @@ CVE-2021-4127 RESERVED CVE-2021-4126 RESERVED + - thunderbird 1:91.4.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126 CVE-2021-26264 RESERVED CVE-2021-23173 @@ -2344,6 +2346,8 @@ CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7 - olm 3.2.8~dfsg-1 (bug #1001664) [buster] - olm (Vulnerable code introduced later) - node-matrix-js-sdk + - thunderbird 1:91.4.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126 NOTE: https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk/ NOTE: Introduced by: https://gitlab.matrix.org/matrix-org/olm/-/commit/39a1ee0b18f0fced6d7bc293cc9a46ea70ec9e96 (3.1.4) NOTE: Fixed by: https://gitlab.matrix.org/matrix-org/olm/-/commit/c23ce70fc66c26db5839ddb5a3b46d4c3d3abed6 (3.2.8) @@ -8129,7 +8133,7 @@ CVE-2021-3916 (bookstack is vulnerable to Improper Limitation of a Pathname to a CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...) NOT-FOR-US: WordPress plugin CVE-2021-43083 (Apache PLC4X - PLC4C (Only the C language implementation was effected) ...) - NOT-FOR-US: Apche PLC4X + NOT-FOR-US: Apache PLC4X CVE-2021-43082 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) - trafficserver 9.1.1+ds-1 [bullseye] - trafficserver (Vulnerable code not present, introduced in 9.x) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74aea47a0e4cefcc558f29332e64e23b4bbb6335 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74aea47a0e4cefcc558f29332e64e23b4bbb6335 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 916252c4 by Moritz Muehlenhoff at 2021-12-20T17:16:14+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8129,7 +8129,7 @@ CVE-2021-3916 (bookstack is vulnerable to Improper Limitation of a Pathname to a CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...) NOT-FOR-US: WordPress plugin CVE-2021-43083 (Apache PLC4X - PLC4C (Only the C language implementation was effected) ...) - TODO: check + NOT-FOR-US: Apche PLC4X CVE-2021-43082 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) - trafficserver 9.1.1+ds-1 [bullseye] - trafficserver (Vulnerable code not present, introduced in 9.x) @@ -13028,6 +13028,7 @@ CVE-2021-41562 (A vulnerability in Snow Snow Agent for Windows allows a non-admi NOT-FOR-US: Snow Snow Agent for Windows CVE-2021-41561 RESERVED + NOT-FOR-US: Apache Parquet CVE-2021-3825 (On 2.1.15 version and below of Lider module in LiderAhenk software is ...) NOT-FOR-US: LiderAhenk CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/916252c42bbff5339ea84089c48b63aadd54966f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/916252c42bbff5339ea84089c48b63aadd54966f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add usptream revision for CVE-2021-44790/apache2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5270211d by Salvatore Bonaccorso at 2021-12-20T14:37:04+01:00 Add usptream revision for CVE-2021-44790/apache2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1588,6 +1588,7 @@ CVE-2021-44790 [Possible buffer overflow when parsing multipart content in mod_l RESERVED - apache2 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790 + NOTE: Fixed by: https://svn.apache.org/r1896039 CVE-2021-4095 RESERVED - linux View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5270211df28d0d7fc83be10eb14f5502bf62d300 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5270211df28d0d7fc83be10eb14f5502bf62d300 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add upstream revisions for CVE-2021-44224/apache2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 713e6ef2 by Salvatore Bonaccorso at 2021-12-20T14:35:58+01:00 Add upstream revisions for CVE-2021-44224/apache2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3232,6 +3232,8 @@ CVE-2021-44224 [Possible NULL dereference or SSRF in forward proxy configuration RESERVED - apache2 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44224 + NOTE: Fixed by: https://svn.apache.org/r1895955 + NOTE: Fixed by: https://svn.apache.org/r1896044 CVE-2021-44223 (WordPress before 5.8 lacks support for the Update URI plugin header. T ...) - wordpress 5.8.1+dfsg1-1 [bullseye] - wordpress (Minor issue; workarounds/mitigation for older versions can be implemented) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/713e6ef28f016f0e69c3b6a5b1999c4700f061ae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/713e6ef28f016f0e69c3b6a5b1999c4700f061ae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-44790/apache2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 70b44674 by Salvatore Bonaccorso at 2021-12-20T14:34:24+01:00 Add CVE-2021-44790/apache2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1584,8 +1584,10 @@ CVE-2021-44792 RESERVED CVE-2021-44791 RESERVED -CVE-2021-44790 +CVE-2021-44790 [Possible buffer overflow when parsing multipart content in mod_lua] RESERVED + - apache2 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790 CVE-2021-4095 RESERVED - linux View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70b446747af7261a04b1f814b7f554044d54e40d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70b446747af7261a04b1f814b7f554044d54e40d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-44224/apache2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b8cfceb by Salvatore Bonaccorso at 2021-12-20T14:32:19+01:00 Add CVE-2021-44224/apache2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3226,8 +3226,10 @@ CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficien [stretch] - keepalived (Minor issue) NOTE: https://github.com/acassen/keepalived/pull/2063 NOTE: https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d -CVE-2021-44224 +CVE-2021-44224 [Possible NULL dereference or SSRF in forward proxy configurations] RESERVED + - apache2 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44224 CVE-2021-44223 (WordPress before 5.8 lacks support for the Update URI plugin header. T ...) - wordpress 5.8.1+dfsg1-1 [bullseye] - wordpress (Minor issue; workarounds/mitigation for older versions can be implemented) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b8cfceb7d05f6e63c9926023ee3440175282740 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b8cfceb7d05f6e63c9926023ee3440175282740 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVEs for XSA-391 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 81e49e07 by Salvatore Bonaccorso at 2021-12-20T13:44:21+01:00 Add CVEs for XSA-391 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -44781,10 +44781,16 @@ CVE-2021-28714 NOTE: https://xenbits.xen.org/xsa/advisory-392.html CVE-2021-28713 RESERVED + - linux + NOTE: https://xenbits.xen.org/xsa/advisory-391.html CVE-2021-28712 RESERVED + - linux + NOTE: https://xenbits.xen.org/xsa/advisory-391.html CVE-2021-28711 RESERVED + - linux + NOTE: https://xenbits.xen.org/xsa/advisory-391.html CVE-2021-28710 (certain VT-d IOMMUs may not work in shared page table mode For efficie ...) - xen (Only affects 4.15 series) NOTE: https://www.openwall.com/lists/oss-security/2021/11/19/9 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81e49e0722fc450bcf6a736f5e95cc50c309819e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81e49e0722fc450bcf6a736f5e95cc50c309819e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-2871{4,5}/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a0eb104 by Salvatore Bonaccorso at 2021-12-20T13:36:23+01:00 Add CVE-2021-2871{4,5}/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -44773,8 +44773,12 @@ CVE-2021-28716 RESERVED CVE-2021-28715 RESERVED + - linux + NOTE: https://xenbits.xen.org/xsa/advisory-392.html CVE-2021-28714 RESERVED + - linux + NOTE: https://xenbits.xen.org/xsa/advisory-392.html CVE-2021-28713 RESERVED CVE-2021-28712 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a0eb10401b62b16f40c9d3b2ab9cfd2898e7313 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a0eb10401b62b16f40c9d3b2ab9cfd2898e7313 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-33430/numpy which was fixed as well in 1.21.0
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3fb38c39 by Salvatore Bonaccorso at 2021-12-20T11:11:57+01:00 Track fixed version for CVE-2021-33430/numpy which was fixed as well in 1.21.0 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -32542,7 +32542,7 @@ CVE-2021-33432 CVE-2021-33431 RESERVED CVE-2021-33430 (A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_N ...) - - numpy + - numpy 1:1.21.4-2 NOTE: https://github.com/numpy/numpy/issues/18939 NOTE: https://github.com/numpy/numpy/pull/18989 NOTE: https://github.com/numpy/numpy/commit/16f7824b4d935b6aee98298ca4123d57174a6f2e (v1.22.0.dev0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fb38c39fcfcc40c74050e39051501b6e9702243 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fb38c39fcfcc40c74050e39051501b6e9702243 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-33430/numpy
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 82524261 by Salvatore Bonaccorso at 2021-12-20T11:07:34+01:00 Add CVE-2021-33430/numpy - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -32542,7 +32542,10 @@ CVE-2021-33432 CVE-2021-33431 RESERVED CVE-2021-33430 (A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_N ...) - TODO: check + - numpy + NOTE: https://github.com/numpy/numpy/issues/18939 + NOTE: https://github.com/numpy/numpy/pull/18989 + NOTE: https://github.com/numpy/numpy/commit/16f7824b4d935b6aee98298ca4123d57174a6f2e (v1.22.0.dev0) CVE-2021-33429 RESERVED CVE-2021-33428 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82524261609e14c28031517f814889bcfae23ed8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82524261609e14c28031517f814889bcfae23ed8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-34141/numpy
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5838e7a3 by Salvatore Bonaccorso at 2021-12-20T11:04:39+01:00 Add CVE-2021-34141/numpy - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -30805,6 +30805,9 @@ CVE-2021-34143 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C CVE-2021-34142 RESERVED CVE-2021-34141 (Incomplete string comparison in the numpy.core component in NumPy1.9.x ...) + - numpy + NOTE: https://github.com/numpy/numpy/issues/18993 + NOTE: https://github.com/numpy/numpy/commit/eeef9d4646103c3b1afd3085f1393f2b3f9575b2 (v1.23.0.dev0) TODO: check CVE-2021-34140 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5838e7a382f1645921a9d7a821421065900468b0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5838e7a382f1645921a9d7a821421065900468b0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-41495/numpy
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2c48bcfc by Salvatore Bonaccorso at 2021-12-20T10:58:09+01:00 Add CVE-2021-41495/numpy Looks like we can move this straight to unimportant but leaving rather for now better a TODO to double-check again. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13178,7 +13178,9 @@ CVE-2021-41497 (Null pointer reference in CMS_Conservative_increment_obj in RaRe CVE-2021-41496 (Buffer overflow in the array_from_pyobj function of fortranobject.c in ...) TODO: check CVE-2021-41495 (Null Pointer Dereference vulnerability exists in numpy.sort in NumPy & ...) - TODO: check + - numpy + NOTE: https://github.com/numpy/numpy/issues/19038 + TODO: check for classification/severity CVE-2021-41494 RESERVED CVE-2021-41493 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c48bcfc164c537cf96f15926167ae93b3463ae8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c48bcfc164c537cf96f15926167ae93b3463ae8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 01e3dfa0 by Salvatore Bonaccorso at 2021-12-20T10:29:34+01:00 Process some more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3383,11 +3383,11 @@ CVE-2021-44166 CVE-2021-44165 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) NOT-FOR-US: Siemens CVE-2021-44164 (Chain Sea ai chatbot systems file upload function has insuffici ...) - TODO: check + NOT-FOR-US: Chain Sea CVE-2021-44163 (Chain Sea ai chatbot backend has improper filtering of special charact ...) - TODO: check + NOT-FOR-US: Chain Sea CVE-2021-44162 (Chain Sea ai chatbot systems specific file download function ha ...) - TODO: check + NOT-FOR-US: Chain Sea CVE-2021-44161 RESERVED CVE-2021-44160 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01e3dfa08bc847dc9a7a8e5697dd9c0d842e9c42 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01e3dfa08bc847dc9a7a8e5697dd9c0d842e9c42 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: update notes
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 17267169 by Emilio Pozuelo Monfort at 2021-12-20T10:16:42+01:00 lts: update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -35,6 +35,7 @@ debian-archive-keyring firefox-esr (Emilio) NOTE: 20211122: blocked on toolchain backports (pochu) NOTE: 20211206: progressing on the toolchain front (pochu) + NOTE: 20211220: backport in progress, making it build with python3.5 (pochu) -- firmware-nonfree (Markus Koschany) NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree @@ -93,6 +94,7 @@ spip thunderbird (Emilio) NOTE: 20211122: blocked on toolchain backports (pochu) NOTE: 20211206: progressing on the toolchain front (pochu) + NOTE: 20211220: backport in progress, making it build with python3.5 (pochu) -- vim (Anton) NOTE: 20211203: adding here as it's in the ela-needed as well View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/172671699d725012911300f21b10a070d4859c29 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/172671699d725012911300f21b10a070d4859c29 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0928505e by Salvatore Bonaccorso at 2021-12-20T09:36:44+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -455,11 +455,11 @@ CVE-2021-4134 CVE-2021-4133 RESERVED CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) - TODO: check + NOT-FOR-US: livehelperchat CVE-2021-4131 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...) - TODO: check + NOT-FOR-US: livehelperchat CVE-2021-4130 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...) - TODO: check + NOT-FOR-US: snipe-it CVE-2021-4129 RESERVED CVE-2021-4128 @@ -551,7 +551,7 @@ CVE-2021-45101 (An issue was discovered in HTCondor before 8.8.15, 9.0.x before - condor NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/ CVE-2021-45099 (** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistan ...) - TODO: check + NOT-FOR-US: Home Assistant Community Add-on: SSH & Web Terminal CVE-2021-45098 (An issue was discovered in Suricata before 6.0.4. It is possible to by ...) - suricata 1:6.0.4-1 [bullseye] - suricata (Minor issue) @@ -942,9 +942,9 @@ CVE-2022-21833 CVE-2021-45043 (HD-Network Real-time Monitoring System 2.0 allows ../ directory traver ...) NOT-FOR-US: HD-Network Real-time Monitoring System CVE-2021-45042 (In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8 ...) - TODO: check + NOT-FOR-US: HashiCorp Vault CVE-2021-45041 (SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL i ...) - TODO: check + NOT-FOR-US: SuiteCRM CVE-2021-4110 (mruby is vulnerable to NULL Pointer Dereference ...) - mruby (bug #1001768) [stretch] - mruby (revisit when/if fix is complete) @@ -2886,11 +2886,11 @@ CVE-2021-44319 CVE-2021-44318 RESERVED CVE-2021-44317 (In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us ...) - TODO: check + NOT-FOR-US: Bus Pass Management System CVE-2021-44316 RESERVED CVE-2021-44315 (In Bus Pass Management System v1.0, Directory Listing/Browsing is enab ...) - TODO: check + NOT-FOR-US: Bus Pass Management System CVE-2021-44314 RESERVED CVE-2021-44313 @@ -3743,7 +3743,7 @@ CVE-2021-44037 (Team Password Manager (aka TeamPasswordManager) before 10.135.23 CVE-2021-44036 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 has ...) NOT-FOR-US: Team Password Manager (aka TeamPasswordManager) CVE-2021-44035 (Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads ...) - TODO: check + NOT-FOR-US: Wolters Kluwer TeamMate AM CVE-2021-3982 [Distributions using CAP_SYS_NICE in gnome-shell may be exposed to privilege escalation] RESERVED - gnome-shell (Debian packaging does not set cap_sys_nice+ep on gnome-shell binary) @@ -5589,7 +5589,7 @@ CVE-2021-43680 CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\e ...) NOT-FOR-US: ecshop CVE-2021-43678 (Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vul ...) - TODO: check + NOT-FOR-US: Wechat-php-sdk CVE-2021-43677 RESERVED CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation vulnerabil ...) @@ -8568,7 +8568,7 @@ CVE-2021-42914 CVE-2021-42913 RESERVED CVE-2021-42912 (FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command inj ...) - TODO: check + NOT-FOR-US: FiberHome ONU GPON AN5506-04-F RP2617 CVE-2021-42911 RESERVED CVE-2021-42910 @@ -9311,7 +9311,7 @@ CVE-2021-42586 CVE-2021-42585 RESERVED CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before ...) - TODO: check + NOT-FOR-US: Convos-Chat CVE-2021-42583 RESERVED CVE-2021-42582 @@ -11417,7 +11417,7 @@ CVE-2021-42218 CVE-2021-42217 RESERVED CVE-2021-42216 (A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via ...) - TODO: check + NOT-FOR-US: AnonAddy CVE-2021-42215 RESERVED CVE-2021-42214 @@ -12061,7 +12061,7 @@ CVE-2021-41964 CVE-2021-41963 RESERVED CVE-2021-41962 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehi ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-41961 RESERVED CVE-2021-41960 @@ -12317,7 +12317,7 @@ CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify Secret CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate and sanit ...) NOT-FOR-US: Crocoblock JetEngine CVE-2021-41843 (An
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-4136/vim
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 96043a2c by Salvatore Bonaccorso at 2021-12-20T09:30:27+01:00 Add CVE-2021-4136/vim - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -445,7 +445,9 @@ CVE-2021-44462 CVE-2021-4137 RESERVED CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...) - TODO: check + - vim + NOTE: https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938 + NOTE: https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264 (v8.2.3847) CVE-2021-4135 RESERVED CVE-2021-4134 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96043a2cc8522a23c9b110cbef8707526021ed17 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96043a2cc8522a23c9b110cbef8707526021ed17 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 05be548b by Salvatore Bonaccorso at 2021-12-20T09:28:51+01:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19478,7 +19478,7 @@ CVE-2021-38885 CVE-2021-38884 RESERVED CVE-2021-38883 (IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Bus ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-38882 (IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admi ...) NOT-FOR-US: IBM CVE-2021-38881 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05be548b0fd6508b3aae5607886f839b21b1b05c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05be548b0fd6508b3aae5607886f839b21b1b05c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a4b37e7 by security tracker role at 2021-12-20T08:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,479 @@ +CVE-2022-22053 + RESERVED +CVE-2022-22052 + RESERVED +CVE-2022-22051 + RESERVED +CVE-2022-22050 + RESERVED +CVE-2022-22049 + RESERVED +CVE-2022-22048 + RESERVED +CVE-2022-22047 + RESERVED +CVE-2022-22046 + RESERVED +CVE-2022-22045 + RESERVED +CVE-2022-22044 + RESERVED +CVE-2022-22043 + RESERVED +CVE-2022-22042 + RESERVED +CVE-2022-22041 + RESERVED +CVE-2022-22040 + RESERVED +CVE-2022-22039 + RESERVED +CVE-2022-22038 + RESERVED +CVE-2022-22037 + RESERVED +CVE-2022-22036 + RESERVED +CVE-2022-22035 + RESERVED +CVE-2022-22034 + RESERVED +CVE-2022-22033 + RESERVED +CVE-2022-22032 + RESERVED +CVE-2022-22031 + RESERVED +CVE-2022-22030 + RESERVED +CVE-2022-22029 + RESERVED +CVE-2022-22028 + RESERVED +CVE-2022-22027 + RESERVED +CVE-2022-22026 + RESERVED +CVE-2022-22025 + RESERVED +CVE-2022-22024 + RESERVED +CVE-2022-22023 + RESERVED +CVE-2022-22022 + RESERVED +CVE-2022-22021 + RESERVED +CVE-2022-22020 + RESERVED +CVE-2022-22019 + RESERVED +CVE-2022-22018 + RESERVED +CVE-2022-22017 + RESERVED +CVE-2022-22016 + RESERVED +CVE-2022-22015 + RESERVED +CVE-2022-22014 + RESERVED +CVE-2022-22013 + RESERVED +CVE-2022-22012 + RESERVED +CVE-2022-22011 + RESERVED +CVE-2022-22010 + RESERVED +CVE-2022-22009 + RESERVED +CVE-2022-22008 + RESERVED +CVE-2022-22007 + RESERVED +CVE-2022-22006 + RESERVED +CVE-2022-22005 + RESERVED +CVE-2022-22004 + RESERVED +CVE-2022-22003 + RESERVED +CVE-2022-22002 + RESERVED +CVE-2022-22001 + RESERVED +CVE-2022-22000 + RESERVED +CVE-2022-21999 + RESERVED +CVE-2022-21998 + RESERVED +CVE-2022-21997 + RESERVED +CVE-2022-21996 + RESERVED +CVE-2022-21995 + RESERVED +CVE-2022-21994 + RESERVED +CVE-2022-21993 + RESERVED +CVE-2022-21992 + RESERVED +CVE-2022-21991 + RESERVED +CVE-2022-21990 + RESERVED +CVE-2022-21989 + RESERVED +CVE-2022-21988 + RESERVED +CVE-2022-21987 + RESERVED +CVE-2022-21986 + RESERVED +CVE-2022-21985 + RESERVED +CVE-2022-21984 + RESERVED +CVE-2022-21983 + RESERVED +CVE-2022-21982 + RESERVED +CVE-2022-21981 + RESERVED +CVE-2022-21980 + RESERVED +CVE-2022-21979 + RESERVED +CVE-2022-21978 + RESERVED +CVE-2022-21977 + RESERVED +CVE-2022-21976 + RESERVED +CVE-2022-21975 + RESERVED +CVE-2022-21974 + RESERVED +CVE-2022-21973 + RESERVED +CVE-2022-21972 + RESERVED +CVE-2022-21971 + RESERVED +CVE-2022-21970 + RESERVED +CVE-2022-21969 + RESERVED +CVE-2022-21968 + RESERVED +CVE-2022-21967 + RESERVED +CVE-2022-21966 + RESERVED +CVE-2022-21965 + RESERVED +CVE-2022-21964 + RESERVED +CVE-2022-21963 + RESERVED +CVE-2022-21962 + RESERVED +CVE-2022-21961 + RESERVED +CVE-2022-21960 + RESERVED +CVE-2022-21959 + RESERVED +CVE-2022-21958 + RESERVED +CVE-2022-21957 + RESERVED +CVE-2022-21956 + RESERVED +CVE-2022-21955 + RESERVED +CVE-2022-21954 + RESERVED +CVE-2021-45233 + RESERVED +CVE-2021-45232 + RESERVED +CVE-2021-45231 + RESERVED +CVE-2021-45230 + RESERVED +CVE-2021-45229 + RESERVED +CVE-2021-45228 + RESERVED +CVE-2021-45227 + RESERVED +CVE-2021-45226 + RESERVED +CVE-2021-45225 + RESERVED +CVE-2021-45224 + RESERVED +CVE-2021-45223 + RESERVED +CVE-2021-45222 + RESERVED +CVE-2021-45221 + RESERVED +CVE-2021-45220 + RESERVED +CVE-2021-45219 + RESERVED +CVE-2021-45218 + RESERVED +CVE-2021-45217 + RESERVED +CVE-2021-45216 + RESERVED +CVE-2021-45215 + RESERVED +CVE-2021-45214 + RESERVED +CVE-2021-45213 + RESERVED +CVE-2021-45212 + RESERVED +CVE-2021-45211 + RESERVED +CVE-2021-45210 + RESERVED +CVE-2021-45209 + RESERVED +CVE-2021-45208 + RESERVED +CVE-2021-45207 + RESERVED +CVE-2021-45206 + RESERVED +CVE-2021-45205 + RESERVED +CVE-2021-45204 + RESERVED +CVE-2021-45203 + RESERVED +CVE-2021-45202 + RESERVED +CVE-2021-45201 + RESERVED +CVE-2021-45200 + RESERVED +CVE-2021-45199 + RESERVED +CVE-2021-45198 + RESERVED +CVE-2021-45197 + RESERVED +CVE-2021-45196 + RESERVED +CVE-2021-45195 + RESERVED +CVE-2021-45194 + RESERVED +CVE-2021-45193 +