[Git][security-tracker-team/security-tracker][master] Fix typo in todo item
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f8e45188 by Salvatore Bonaccorso at 2021-08-15T00:07:18+02:00 Fix typo in todo item - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37651,7 +37651,7 @@ CVE-2021-22931 [cares upgrade - Improper handling of untypical characters in dom RESERVED - nodejs NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#cares-upgrade-improper-handling-of-untypical-characters-in-domain-names-high-cve-2021-22931 - TODO: check, nodejfs uses system c-ares which fixed CVE-2021-3672 and so this entry might be not-affected + TODO: check, nodejs uses system c-ares which fixed CVE-2021-3672 and so this entry might be not-affected CVE-2021-22930 [Use after free on close http2 on stream canceling] RESERVED - nodejs 12.22.4~dfsg-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8e45188ddcaa117d3819cf682682c6743866487 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8e45188ddcaa117d3819cf682682c6743866487 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-38597/wolfssl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b9e47d04 by Salvatore Bonaccorso at 2021-08-14T23:07:50+02:00 Add Debian bug reference for CVE-2021-38597/wolfssl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -202,7 +202,7 @@ CVE-2021-38599 (WAL-G before 1.1, when a non-libsodium build (e.g., one of the o CVE-2021-38598 RESERVED CVE-2021-38597 (wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain si ...) - - wolfssl + - wolfssl (bug #992174) NOTE: https://github.com/wolfSSL/wolfssl/commit/f93083be72a3b3d956b52a7ec13f307a27b6e093 CVE-2021-38596 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9e47d048a48d1431b538f140e3f8c0b2a12bd6c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9e47d048a48d1431b538f140e3f8c0b2a12bd6c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-38511/rust-tar
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 21d600b3 by Salvatore Bonaccorso at 2021-08-14T22:55:30+02:00 Add Debian bug reference for CVE-2021-38511/rust-tar - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -343,7 +343,7 @@ CVE-2021- [RUSTSEC-2021-0079] NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0079.html NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-5h46-h7hh-c6x9 CVE-2021-38511 (An issue was discovered in the tar crate before 0.4.36 for Rust. When ...) - - rust-tar + - rust-tar (bug #992173) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0080.html NOTE: https://github.com/alexcrichton/tar-rs/issues/238 CVE-2021-38540 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21d600b3f6f468c114da72bbeaf078708ad78414 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21d600b3f6f468c114da72bbeaf078708ad78414 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-38371/exim4
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ffe425d7 by Salvatore Bonaccorso at 2021-08-14T22:53:39+02:00 Add Debian bug reference for CVE-2021-38371/exim4 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -691,7 +691,7 @@ CVE-2021-38373 (In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is n CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle attackers can create new folders ...) - trojita (bug #795701) CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response injection ...) - - exim4 + - exim4 (bug #992172) NOTE: https://nostarttls.secvuln.info NOTE: https://www.exim.org/static/doc/security/CVE-2021-38371.txt CVE-2021-38370 (In Alpine through 2.24, untagged responses from an IMAP server are acc ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffe425d739bdd2efd89a5e08792790421d5d02ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffe425d739bdd2efd89a5e08792790421d5d02ec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-38370/alpine
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 43fb59dc by Salvatore Bonaccorso at 2021-08-14T22:41:24+02:00 Add Debian bug reference for CVE-2021-38370/alpine - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -695,7 +695,7 @@ CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response inje NOTE: https://nostarttls.secvuln.info NOTE: https://www.exim.org/static/doc/security/CVE-2021-38371.txt CVE-2021-38370 (In Alpine through 2.24, untagged responses from an IMAP server are acc ...) - - alpine + - alpine (bug #992171) NOTE: https://nostarttls.secvuln.info CVE-2021-38369 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43fb59dcd65a8e803a93ed1ad04133d6fa4b4f73 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43fb59dcd65a8e803a93ed1ad04133d6fa4b4f73 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2ee8df1d by security tracker role at 2021-08-14T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1357,6 +1357,7 @@ CVE-2021-38115 (read_header_tga in gd_tga.c in the GD
Graphics Library (aka LibG
NOTE: https://github.com/libgd/libgd/issues/697
NOTE:
https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032
CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return
value of ...)
+ {DLA-2742-1}
- ffmpeg
[bullseye] - ffmpeg (Wait for 4.3.3)
[buster] - ffmpeg (Wait for 4.1.7)
@@ -11637,6 +11638,7 @@ CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before
3.10.0 allows any user (able
NOTE: https://docs.inspircd.org/security/2021-01/
NOTE:
https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d
CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a
'read_prob ...)
+ {DLA-2742-1}
- ffmpeg 7:4.3-2
[buster] - ffmpeg (Wait for 4.1.7)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54ba793d7da99ea5157532
@@ -70315,6 +70317,7 @@ CVE-2020-22037 (A Denial of Service vulnerability
exists in FFmpeg 4.2 due to a
- ffmpeg (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8281
CVE-2020-22036 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 in fil ...)
+ {DLA-2742-1}
- ffmpeg 7:4.3-2
[buster] - ffmpeg (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8261
@@ -70339,11 +70342,13 @@ CVE-2020-22033 (A heap-based Buffer Overflow
Vulnerability exists FFmpeg 4.2 at
NOTE: https://trac.ffmpeg.org/ticket/8241
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02
CVE-2020-22032 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2
at libavf ...)
+ {DLA-2742-1}
- ffmpeg 7:4.3-2
[buster] - ffmpeg (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8275
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=de598f82f8c3f8000e1948548e8088148e2b1f44
CVE-2020-22031 (A Heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 at lib ...)
+ {DLA-2742-1}
- ffmpeg 7:4.3-2
[buster] - ffmpeg (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8243
@@ -70361,6 +70366,7 @@ CVE-2020-22029 (A heap-based Buffer Overflow
vulnerability exists in FFmpeg 4.2
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae
NOTE: https://trac.ffmpeg.org/ticket/8250
CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in
filter_verticall ...)
+ {DLA-2742-1}
- ffmpeg 7:4.3-2
[buster] - ffmpeg (Wait for 4.1.7)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f069a9c2a65bc20c3462127623127df6dfd06c5b
@@ -70372,11 +70378,13 @@ CVE-2020-22027 (A heap-based Buffer Overflow
vulnerability exits in FFmpeg 4.2 i
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c
NOTE: https://trac.ffmpeg.org/ticket/8242
CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the
config_input ...)
+ {DLA-2742-1}
- ffmpeg 7:4.3-2
[buster] - ffmpeg (Wait for 4.1.7)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144
NOTE: https://trac.ffmpeg.org/ticket/8317
CVE-2020-22025 (A heap-based Buffer Overflow vulnerability exists in
gaussian_blur at ...)
+ {DLA-2742-1}
- ffmpeg 7:4.3-2
[buster] - ffmpeg (Wait for 4.1.7)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8
@@ -70388,21 +70396,25 @@ CVE-2020-22024 (Buffer Overflow vulnerability in
FFmpeg 4.2 at the lagfun_frame1
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=723d69f99cd26db9687ed2d24d06afaff624daf3
NOTE: https://trac.ffmpeg.org/ticket/8310
CVE-2020-22023 (A heap-based Buffer Overflow vulnerabililty exists in FFmpeg
4.2 in fi ...)
+ {DLA-2742-1}
- ffmpeg 7:4.3-2
[buster] - ffmpeg (Wait for 4.1.7)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b567238741854b41f84f7457686b044eadfe29c
NOTE: https://trac.ffmpeg.org/ticket/8244
CVE-2020-22022 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 in fil ...)
+ {DLA-2742-1}
- ffmpeg 7:4.3-2
[buster] - ffmpeg (Wait for 4.1.7)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=07050d7bdc32d82e53ee5bb727f5882323d00dba
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2742-1 for ffmpeg
Anton Gladky pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9d91d5b6 by Anton Gladky at 2021-08-14T18:33:35+02:00
Reserve DLA-2742-1 for ffmpeg
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[14 Aug 2021] DLA-2742-1 ffmpeg - security update
+ {CVE-2020-21041 CVE-2020-22015 CVE-2020-22016 CVE-2020-22020
CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026
CVE-2020-22028 CVE-2020-22031 CVE-2020-22032 CVE-2020-22036 CVE-2021-3566
CVE-2021-38114}
+ [stretch] - ffmpeg 7:3.2.15-0+deb9u3
[12 Aug 2021] DLA-2741-1 commons-io - security update
{CVE-2021-29425}
[stretch] - commons-io 2.5-1+deb9u1
=
data/dla-needed.txt
=
@@ -24,19 +24,6 @@ ansible
exiv2 (Utkarsh Gupta)
NOTE: 20210801: check further; some no-dsa issues have piled up, too.
(utkarsh)
--
-ffmpeg (Anton Gladky)
- NOTE: 20210607: stretch was following the 3.2.x release line, but 3.2.15
- NOTE: 20210607: (released 2020-07-02) was the last on this branch. There are
- NOTE: 20210607: now 10+ ~new CVEs that nominally apply to the version in LTS,
- NOTE: 20210607: so some investigation and insight is required to see which
- NOTE: 20210607: apply and/or what we do with the version of ffmpeg in LTS
- NOTE: 20210607: going forward. There is a 3.4.x release branch, for example,
- NOTE: 20210607: but unclear on the compatibility as well as whether this one
- NOTE: 20210607: won't just be dropped too, etc. etc. (lamby)
- NOTE: 20210719:
https://salsa.debian.org/lts-team/packages/ffmpeg/-/blob/master/debian/changelog
- NOTE: 20210719: CVE-2020-22036 and CVE-2020-22032 are done. Many
false-positive. Investigating.
- NOTE: 20210730: CVE-2020-22031 and CVE-2020-22028 are done. Checking rest of
patches. Try to reproduce
---
firmware-nonfree (Anton Gladky)
NOTE: 20210731: WIP:
https://salsa.debian.org/lts-team/packages/firmware-nonfree
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d91d5b67ccdcd69d688c4c9579afe1bcc67970f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d91d5b67ccdcd69d688c4c9579afe1bcc67970f
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: unmark CVE-2020-22015 as ignored for stretch
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: e0658b8e by Anton Gladky at 2021-08-14T17:02:35+02:00 LTS: unmark CVE-2020-22015 as ignored for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -70430,7 +70430,6 @@ CVE-2020-22016 (A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at liba CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due ...) - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) [buster] - ffmpeg (Minor issue) - [stretch] - ffmpeg (Minor issue) NOTE: https://trac.ffmpeg.org/ticket/8190 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4c1afa292520329eecd1cc7631bc59a8cca95c46 CVE-2020-22014 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0658b8ebe2219bbca221891b76a36d2c5a12e8d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0658b8ebe2219bbca221891b76a36d2c5a12e8d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d4406311 by Salvatore Bonaccorso at 2021-08-14T14:51:51+02:00 Process some new NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -141,7 +141,7 @@ CVE-2021-38625 CVE-2021-38624 RESERVED CVE-2021-38623 (The deferred_image_processing (aka Deferred image processing) extensio ...) - TODO: check + NOT-FOR-US: deferred_image_processing (aka Deferred image processing) extension for TYPO3 CVE-2021-38622 RESERVED CVE-2021-38621 (The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index ...) @@ -2252,7 +2252,7 @@ CVE-2021-37707 CVE-2021-37706 RESERVED CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. S ...) - TODO: check + NOT-FOR-US: OneFuzz CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...) TODO: check CVE-2021-37703 (Discourse is an open-source platform for community discussion. In Disc ...) @@ -40206,9 +40206,9 @@ CVE-2021-21832 CVE-2021-21831 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2021-21830 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) - TODO: check + NOT-FOR-US: Xmill (AT Labs) CVE-2021-21829 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) - TODO: check + NOT-FOR-US: Xmill (AT Labs) CVE-2021-21828 RESERVED CVE-2021-21827 @@ -40236,13 +40236,13 @@ CVE-2021-21817 (An information disclosure vulnerability exists in the Zebra IP R CVE-2021-21816 (An information disclosure vulnerability exists in the Syslog functiona ...) NOT-FOR-US: D-LINK CVE-2021-21815 (A stack-based buffer overflow vulnerability exists in the command-line ...) - TODO: check + NOT-FOR-US: Xmill (AT Labs) CVE-2021-21814 (Within the function HandleFileArg the argument filepattern is under co ...) TODO: check CVE-2021-21813 (Within the function HandleFileArg the argument filepattern is under co ...) - TODO: check + NOT-FOR-US: Xmill (AT Labs) CVE-2021-21812 (A stack-based buffer overflow vulnerability exists in the command-line ...) - TODO: check + NOT-FOR-US: Xmill (AT Labs) CVE-2021-21811 RESERVED CVE-2021-21810 @@ -72370,11 +72370,11 @@ CVE-2020-21068 CVE-2020-21067 RESERVED CVE-2020-21066 (An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-ove ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2020-21065 RESERVED CVE-2020-21064 (A buffer-overflow vulnerability in the AP4_RtpAtom::AP4_RtpAtom functi ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2020-21063 RESERVED CVE-2020-21062 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d44063119e78c666b664521a4aeda66c8722e56f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d44063119e78c666b664521a4aeda66c8722e56f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
67bd2972 by security tracker role at 2021-08-14T12:45:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,45 @@
+CVE-2021-38693
+ RESERVED
+CVE-2021-38692
+ RESERVED
+CVE-2021-38691
+ RESERVED
+CVE-2021-38690
+ RESERVED
+CVE-2021-38689
+ RESERVED
+CVE-2021-38688
+ RESERVED
+CVE-2021-38687
+ RESERVED
+CVE-2021-38686
+ RESERVED
+CVE-2021-38685
+ RESERVED
+CVE-2021-38684
+ RESERVED
+CVE-2021-38683
+ RESERVED
+CVE-2021-38682
+ RESERVED
+CVE-2021-38681
+ RESERVED
+CVE-2021-38680
+ RESERVED
+CVE-2021-38679
+ RESERVED
+CVE-2021-38678
+ RESERVED
+CVE-2021-38677
+ RESERVED
+CVE-2021-38676
+ RESERVED
+CVE-2021-38675
+ RESERVED
+CVE-2021-38674
+ RESERVED
+CVE-2021-3706
+ RESERVED
CVE-2021-38673
RESERVED
CVE-2021-38672
@@ -2209,8 +2251,8 @@ CVE-2021-37707
RESERVED
CVE-2021-37706
RESERVED
-CVE-2021-37705
- RESERVED
+CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service
platform. S ...)
+ TODO: check
CVE-2021-37704 (PhpFastCache is a high-performance backend cache system
(packagist pac ...)
TODO: check
CVE-2021-37703 (Discourse is an open-source platform for community discussion.
In Disc ...)
@@ -7291,6 +7333,7 @@ CVE-2021-3615
CVE-2021-3614 (A vulnerability was reported on some Lenovo Notebook systems
that coul ...)
NOT-FOR-US: Lenovo
CVE-2021-35474 (Stack-based Buffer Overflow vulnerability in cachekey plugin
of Apache ...)
+ {DSA-4957-1}
- trafficserver 8.1.1+ds-1.1 (bug #990303)
NOTE:
https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
@@ -14070,18 +14113,21 @@ CVE-2021-32569
CVE-2021-32568
RESERVED
CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache
Traffic Se ...)
+ {DSA-4957-1}
- trafficserver 8.1.1+ds-1.1 (bug #990303)
NOTE:
https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
NOTE:
https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed
(master)
NOTE:
https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277
(8.1.x)
CVE-2021-32566 (Improper Input Validation vulnerability in HTTP/2 of Apache
Traffic Se ...)
+ {DSA-4957-1}
- trafficserver 8.1.1+ds-1.1 (bug #990303)
NOTE:
https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
NOTE:
https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed
(master)
NOTE:
https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277
(8.1.x)
CVE-2021-32565 (Invalid values in the Content-Length header sent to Apache
Traffic Ser ...)
+ {DSA-4957-1}
- trafficserver 8.1.1+ds-1.1 (bug #990303)
NOTE:
https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
@@ -17335,6 +17381,7 @@ CVE-2021-31294
CVE-2021-31293
RESERVED
CVE-2021-31292 (An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3
allows att ...)
+ {DSA-4958-1}
- exiv2 (bug #991706)
[bullseye] - exiv2 0.27.3-3+deb11u1
NOTE: https://github.com/Exiv2/exiv2/issues/1530
@@ -20896,6 +20943,7 @@ CVE-2021-30002 (An issue was discovered in the Linux
kernel before 5.11.3 when a
[buster] - linux 4.19.181-1
NOTE:
https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899
CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including
0.27.4-RC1. ...)
+ {DSA-4958-1}
- exiv2 (bug #986888)
[bullseye] - exiv2 (Minor issue)
[stretch] - exiv2 (Minor issue; can be fixed in next update)
@@ -22026,6 +22074,7 @@ CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is
an open-source collaborat
CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source
collaborative ma ...)
NOT-FOR-US: HedgeDoc
CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read,
write, dele ...)
+ {DSA-4958-1}
- exiv2 (bug #987736)
[bullseye] - exiv2 (Minor issue)
[Git][security-tracker-team/security-tracker][master] Add missing CVE for DSA 4957-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9270f4e6 by Salvatore Bonaccorso at 2021-08-14T14:21:57+02:00
Add missing CVE for DSA 4957-1
Closes: #992159
- - - - -
1 changed file:
- data/DSA/list
Changes:
=
data/DSA/list
=
@@ -2,7 +2,7 @@
{CVE-2019-20421 CVE-2021-3482 CVE-2021-29457 CVE-2021-29473
CVE-2021-31292}
[buster] - exiv2 0.25-4+deb10u2
[13 Aug 2021] DSA-4957-1 trafficserver - security update
- {CVE-2021-27577 CVE-2021-32566 CVE-2021-32567 CVE-2021-35474}
+ {CVE-2021-27577 CVE-2021-32565 CVE-2021-32566 CVE-2021-32567
CVE-2021-35474}
[buster] - trafficserver 8.0.2+ds-1+deb10u5
[11 Aug 2021] DSA-4956-1 firefox-esr - security update
{CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986
CVE-2021-29988 CVE-2021-29989}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9270f4e67d190c53e8477b274794b25f5ac950ac
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9270f4e67d190c53e8477b274794b25f5ac950ac
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Unify product name
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 5a78f2b2 by Henri Salo at 2021-08-14T11:47:42+03:00 Unify product name - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77620,7 +77620,7 @@ CVE-2020-18465 CVE-2020-18464 (Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in vid ...) NOT-FOR-US: AikCms CVE-2020-18463 (Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in vi ...) - NOT-FOR-US: aikcms + NOT-FOR-US: AikCms CVE-2020-18462 (File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because t ...) NOT-FOR-US: AikCms CVE-2020-18461 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a78f2b293247d8b8d0f513a31a901d1464317c0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a78f2b293247d8b8d0f513a31a901d1464317c0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-22931/nodejs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a5f341c6 by Salvatore Bonaccorso at 2021-08-14T09:32:52+02:00 Add CVE-2021-22931/nodejs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37594,8 +37594,11 @@ CVE-2021-22933 RESERVED CVE-2021-22932 RESERVED -CVE-2021-22931 +CVE-2021-22931 [cares upgrade - Improper handling of untypical characters in domain names] RESERVED + - nodejs + NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#cares-upgrade-improper-handling-of-untypical-characters-in-domain-names-high-cve-2021-22931 + TODO: check, nodejfs uses system c-ares which fixed CVE-2021-3672 and so this entry might be not-affected CVE-2021-22930 [Use after free on close http2 on stream canceling] RESERVED - nodejs 12.22.4~dfsg-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5f341c630e89339606d8587ecee89e5913d00a1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5f341c630e89339606d8587ecee89e5913d00a1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
