[Git][security-tracker-team/security-tracker][master] Reserve DSA-5028-1 for spip
Sebastien Delafond pushed to branch master at Debian Security Tracker / security-tracker Commits: 9aa1dc6c by Sébastien Delafond at 2021-12-22T08:39:22+01:00 Reserve DSA-5028-1 for spip - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[22 Dec 2021] DSA-5028-1 spip - security update + [buster] - spip 3.2.4-1+deb10u5 + [bullseye] - spip 3.2.11-3+deb11u1 [21 Dec 2021] DSA-5027-1 xorg-server - security update {CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011} [buster] - xorg-server 2:1.20.4-1+deb10u4 = data/dsa-needed.txt = @@ -54,9 +54,6 @@ runc sogo (jmm) Maintainer preparing updates -- -spip (seb) - Maintainer proposed updates --- thunderbird (jmm) Rust toolchain updates needed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aa1dc6c568deb4515941d9afd28172e7b974b21 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aa1dc6c568deb4515941d9afd28172e7b974b21 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-4147/libvirt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 94169470 by Salvatore Bonaccorso at 2021-12-22T08:01:29+01:00 Add CVE-2021-4147/libvirt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -191,8 +191,19 @@ CVE-2021-4148 [Improper implementation of block_invalidatepage() allows users to - linux NOTE: https://lkml.org/lkml/2021/9/17/1037 NOTE: https://lkml.org/lkml/2021/9/12/323 -CVE-2021-4147 +CVE-2021-4147 [deadlock and crash in libxl driver] RESERVED + - libvirt + [bullseye] - libvirt (Minor issue) + [buster] - libvirt (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034195 + NOTE: https://listman.redhat.com/archives/libvir-list/2021-November/msg00908.html + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8 + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a4e6fba069c0809b8b5dde5e9db62d2efd91b4a0 + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/e4f7589a3ec285489618ca04c8c0230cc31f3d99 + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5 + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340 CVE-2021-4146 RESERVED CVE-2021-4145 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94169470ce775e2b90b3100cd0d04697333680ce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94169470ce775e2b90b3100cd0d04697333680ce You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-4148/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 429be959 by Salvatore Bonaccorso at 2021-12-22T07:57:43+01:00 Add CVE-2021-4148/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -186,8 +186,11 @@ CVE-2021-4149 [Improper lock operation in btrfs] RESERVED - linux 5.14.16-1 NOTE: https://git.kernel.org/linus/19ea40dddf1833db868533958ca066f368862211 (5.15-rc6) -CVE-2021-4148 +CVE-2021-4148 [Improper implementation of block_invalidatepage() allows users to crash the kernel] RESERVED + - linux + NOTE: https://lkml.org/lkml/2021/9/17/1037 + NOTE: https://lkml.org/lkml/2021/9/12/323 CVE-2021-4147 RESERVED CVE-2021-4146 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/429be959fad59c3d40187fc0cb22cd7344f8a9f7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/429be959fad59c3d40187fc0cb22cd7344f8a9f7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-4149/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eef8ee88 by Salvatore Bonaccorso at 2021-12-22T07:52:57+01:00 Add CVE-2021-4149/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -182,8 +182,10 @@ CVE-2021-4150 [Block subsystem mishandles reference counts] RESERVED - linux 5.15.3-1 NOTE: https://git.kernel.org/linus/9fbfabfda25d8774c5a08634fdd2da000a924890 (5.15-rc7) -CVE-2021-4149 +CVE-2021-4149 [Improper lock operation in btrfs] RESERVED + - linux 5.14.16-1 + NOTE: https://git.kernel.org/linus/19ea40dddf1833db868533958ca066f368862211 (5.15-rc6) CVE-2021-4148 RESERVED CVE-2021-4147 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eef8ee88111393dee9003168adb4287e3cefb403 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eef8ee88111393dee9003168adb4287e3cefb403 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-4150/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ea2f7aa1 by Salvatore Bonaccorso at 2021-12-22T07:48:30+01:00 Add CVE-2021-4150/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -178,8 +178,10 @@ CVE-2021-45453 RESERVED CVE-2021-45452 RESERVED -CVE-2021-4150 +CVE-2021-4150 [Block subsystem mishandles reference counts] RESERVED + - linux 5.15.3-1 + NOTE: https://git.kernel.org/linus/9fbfabfda25d8774c5a08634fdd2da000a924890 (5.15-rc7) CVE-2021-4149 RESERVED CVE-2021-4148 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea2f7aa1d24a9373bf03fb02f81a4543a6a49842 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea2f7aa1d24a9373bf03fb02f81a4543a6a49842 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] webkit: Update DSA-4975-1, DSA-4976-1, DSA-4995-1 and DSA-4996-1
Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker Commits: 8ed85330 by Alberto Garcia at 2021-12-21T23:19:59+01:00 webkit: Update DSA-4975-1, DSA-4976-1, DSA-4995-1 and DSA-4996-1 Include fixes from https://webkitgtk.org/security/WSA-2021-0007.html Skip CVE-2021-30897 since it has been withdrawn - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -103,10 +103,10 @@ {CVE-2020-19143} [buster] - tiff 4.1.0+git191117-2~deb10u3 [29 Oct 2021] DSA-4996-1 wpewebkit - security update - {CVE-2021-30846 CVE-2021-30851 CVE-2021-42762} + {CVE-2021-30818 CVE-2021-30823 CVE-2021-30846 CVE-2021-30851 CVE-2021-30884 CVE-2021-30888 CVE-2021-30889 CVE-2021-42762} [bullseye] - wpewebkit 2.34.1-1~deb11u1 [29 Oct 2021] DSA-4995-1 webkit2gtk - security update - {CVE-2021-30846 CVE-2021-30851 CVE-2021-42762} + {CVE-2021-30818 CVE-2021-30823 CVE-2021-30846 CVE-2021-30851 CVE-2021-30884 CVE-2021-30888 CVE-2021-30889 CVE-2021-42762} [buster] - webkit2gtk 2.34.1-1~deb10u1 [bullseye] - webkit2gtk 2.34.1-1~deb11u1 [28 Oct 2021] DSA-4994-1 bind9 - security update @@ -173,10 +173,10 @@ {CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 CVE-2021-28701} [bullseye] - xen 4.14.3-1~deb11u1 [20 Sep 2021] DSA-4976-1 wpewebkit - security update - {CVE-2021-30848 CVE-2021-30849 CVE-2021-30858} + {CVE-2021-30809 CVE-2021-30836 CVE-2021-30848 CVE-2021-30849 CVE-2021-30858} [bullseye] - wpewebkit 2.32.4-1~deb11u1 [20 Sep 2021] DSA-4975-1 webkit2gtk - security update - {CVE-2021-30848 CVE-2021-30849 CVE-2021-30858} + {CVE-2021-30809 CVE-2021-30836 CVE-2021-30848 CVE-2021-30849 CVE-2021-30858} [buster] - webkit2gtk 2.32.4-1~deb10u1 [bullseye] - webkit2gtk 2.32.4-1~deb11u1 [19 Sep 2021] DSA-4974-1 nextcloud-desktop - security update View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ed85330d5b5eae5b18bc7681f7a7b8d33572775 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ed85330d5b5eae5b18bc7681f7a7b8d33572775 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eb60dfd1 by Salvatore Bonaccorso at 2021-12-21T22:49:08+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -615,13 +615,13 @@ CVE-2021-45257 CVE-2021-45256 RESERVED CVE-2021-45255 (The email parameter from ajax.php of Video Sharing Website 1.0 appears ...) - TODO: check + NOT-FOR-US: Video Sharing Website CVE-2021-45254 RESERVED CVE-2021-45253 (The id parameter in view_storage.php from Simple Cold Storage Manageme ...) - TODO: check + NOT-FOR-US: Simple Cold Storage Management System CVE-2021-45252 (Multiple SQL injection vulnerabilities are found on Simple Forum-Discu ...) - TODO: check + NOT-FOR-US: Simple Forum-Discussion System CVE-2021-45251 RESERVED CVE-2021-45250 @@ -665,7 +665,7 @@ CVE-2021-4141 CVE-2021-4140 RESERVED CVE-2021-4139 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) - TODO: check + NOT-FOR-US: Pimcore CVE-2021-4138 RESERVED CVE-2022-22053 @@ -1247,11 +1247,11 @@ CVE-2021-45093 CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachab ...) NOT-FOR-US: Thinfinity VirtualUI CVE-2021-45091 (Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access ...) - TODO: check + NOT-FOR-US: Stormshield Endpoint Security CVE-2021-45090 (Stormshield Endpoint Security before 2.1.2 allows remote code executio ...) - TODO: check + NOT-FOR-US: Stormshield Endpoint Security CVE-2021-45089 (Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Co ...) - TODO: check + NOT-FOR-US: Stormshield Endpoint Security CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) - epiphany-browser 41.2-1 NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 @@ -1964,13 +1964,13 @@ CVE-2021-44879 CVE-2021-44878 RESERVED CVE-2021-44877 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect A ...) - TODO: check + NOT-FOR-US: Dalmark Systems Systeam CVE-2021-44876 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...) - TODO: check + NOT-FOR-US: Dalmark Systems Systeam CVE-2021-44875 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...) - TODO: check + NOT-FOR-US: Dalmark Systems Systeam CVE-2021-44874 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure de ...) - TODO: check + NOT-FOR-US: Dalmark Systems Systeam CVE-2021-44873 RESERVED CVE-2021-44872 @@ -1998,9 +1998,9 @@ CVE-2021-44862 CVE-2021-44861 RESERVED CVE-2021-44860 (An out-of-bounds read vulnerability exists when reading a TIF file usi ...) - TODO: check + NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-44859 (An out-of-bounds read vulnerability exists when reading a TGA file usi ...) - TODO: check + NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-44858 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) {DSA-5021-1 DLA-2847-1} - mediawiki 1:1.35.5-1 @@ -3341,9 +3341,9 @@ CVE-2021-44425 CVE-2021-44424 RESERVED CVE-2021-44423 (An out-of-bounds read vulnerability exists when reading a BMP file usi ...) - TODO: check + NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer CVE-2021-44422 (An Improper Input Validation Vulnerability exists when reading a BMP f ...) - TODO: check + NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-44421 RESERVED CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...) @@ -3964,7 +3964,7 @@ CVE-2021-44209 CVE-2021-44208 RESERVED CVE-2021-44207 (Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. ...) - TODO: check + NOT-FOR-US: Acclaim USAHERDS CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: snipe-it CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) @@ -6478,7 +6478,7 @@ CVE-2021-43589 CVE-2021-43588 RESERVED CVE-2021-43587 (Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-43586 RESERVED CVE-2021-43585 @@ -6992,7 +6992,7 @@ CVE-2021-43439 (RCE in Add Review Function in iResturant 1.0 Allows remote attac CVE-2021-43438 (Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to ...) NOT-FOR-US: iResturant CVE-2021-43437 (In sourcecodetester Engineers Online Portal as of 10-21-21, an attacke ...) - TODO: check + NOT-FOR-US:
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-45288/gpac
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1bc8e285 by Salvatore Bonaccorso at 2021-12-21T22:38:39+01:00 Add CVE-2021-45288/gpac - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -547,7 +547,9 @@ CVE-2021-45289 (A vulnerability exists in GPAC 1.0.1 due to an omission of secur NOTE: https://github.com/gpac/gpac/issues/1972 NOTE: https://github.com/gpac/gpac/commit/5e1f084e0c6ad2736c9913715c4abb57c554209d CVE-2021-45288 (A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1956 + NOTE: https://github.com/gpac/gpac/commit/9bbce9634cba1128aa4b96d590be578ae3ce80b3 CVE-2021-45287 RESERVED CVE-2021-45286 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bc8e285efb8978bc6cbc9e0b3fd4bb832b8ba11 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bc8e285efb8978bc6cbc9e0b3fd4bb832b8ba11 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-45289/gpac
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1b9d109f by Salvatore Bonaccorso at 2021-12-21T22:37:22+01:00 Add CVE-2021-45289/gpac - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -543,7 +543,9 @@ CVE-2021-45290 (A Denial of Service vulnerability exits in Binaryen 103 due to a NOTE: https://github.com/WebAssembly/binaryen/commit/62d83d5fcad015ce52f0f3122eab9df1c629cafb (version_104) NOTE: Crash in CLI tool, no security impact CVE-2021-45289 (A vulnerability exists in GPAC 1.0.1 due to an omission of security-re ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1972 + NOTE: https://github.com/gpac/gpac/commit/5e1f084e0c6ad2736c9913715c4abb57c554209d CVE-2021-45288 (A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which ...) TODO: check CVE-2021-45287 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b9d109fc604fbf87e3bf7c7fba62bbc6bed4f09 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b9d109fc604fbf87e3bf7c7fba62bbc6bed4f09 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-45290/binaryen
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 48954c2d by Salvatore Bonaccorso at 2021-12-21T22:35:18+01:00 Add CVE-2021-45290/binaryen - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -537,7 +537,11 @@ CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users NOTE: https://github.com/gpac/gpac/issues/1955 NOTE: https://github.com/gpac/gpac/commit/a07c64979af592aad56bc175157b7397e43fa9cc CVE-2021-45290 (A Denial of Service vulnerability exits in Binaryen 103 due to an asse ...) - TODO: check + - binaryen 104-1 (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4383 + NOTE: https://github.com/WebAssembly/binaryen/pull/4389 + NOTE: https://github.com/WebAssembly/binaryen/commit/62d83d5fcad015ce52f0f3122eab9df1c629cafb (version_104) + NOTE: Crash in CLI tool, no security impact CVE-2021-45289 (A vulnerability exists in GPAC 1.0.1 due to an omission of security-re ...) TODO: check CVE-2021-45288 (A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48954c2dcb7e46b0ee07d8f88e2a6353a0976ed4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48954c2dcb7e46b0ee07d8f88e2a6353a0976ed4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-45291/gpac
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a3de2a36 by Salvatore Bonaccorso at 2021-12-21T22:33:06+01:00 Add CVE-2021-45291/gpac - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -533,7 +533,9 @@ CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attacker NOTE: https://github.com/gpac/gpac/issues/1958 NOTE: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6 CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1955 + NOTE: https://github.com/gpac/gpac/commit/a07c64979af592aad56bc175157b7397e43fa9cc CVE-2021-45290 (A Denial of Service vulnerability exits in Binaryen 103 due to an asse ...) TODO: check CVE-2021-45289 (A vulnerability exists in GPAC 1.0.1 due to an omission of security-re ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3de2a36f50764fb141528e81f637003a6628227 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3de2a36f50764fb141528e81f637003a6628227 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-45292/gpac
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 81e320bb by Salvatore Bonaccorso at 2021-12-21T22:30:04+01:00 Add CVE-2021-45292/gpac - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -529,7 +529,9 @@ CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to NOTE: https://github.com/WebAssembly/binaryen/commit/b1f6298ed8756bdc3336429c04b92ba58d000b49 (version_104) NOTE: Crash in CLI tool, no security impact CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1958 + NOTE: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6 CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...) TODO: check CVE-2021-45290 (A Denial of Service vulnerability exits in Binaryen 103 due to an asse ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81e320bb5a770afb76b0225425bc67fcf1248fec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81e320bb5a770afb76b0225425bc67fcf1248fec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-45293/binaryen
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b4d0b895 by Salvatore Bonaccorso at 2021-12-21T22:25:07+01:00 Add CVE-2021-45293/binaryen - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -523,7 +523,11 @@ CVE-2021-45295 CVE-2021-45294 RESERVED CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to an Inv ...) - TODO: check + - binaryen 104-1 (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4384 + NOTE: https://github.com/WebAssembly/binaryen/pull/4388 + NOTE: https://github.com/WebAssembly/binaryen/commit/b1f6298ed8756bdc3336429c04b92ba58d000b49 (version_104) + NOTE: Crash in CLI tool, no security impact CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...) TODO: check CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4d0b89529c7afc5563992c2e3a9bc7a11cdd92c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4d0b89529c7afc5563992c2e3a9bc7a11cdd92c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-45297/gpac
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 34b419f7 by Salvatore Bonaccorso at 2021-12-21T22:20:43+01:00 Add CVE-2021-45297/gpac - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -513,7 +513,9 @@ CVE-2021-45299 CVE-2021-45298 RESERVED CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/1973 + NOTE: https://github.com/gpac/gpac/commit/fb13af36286b9d898e332e8762a286eb83bd1770 CVE-2021-45296 RESERVED CVE-2021-45295 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34b419f75327f31fc31b4d49de064b95d285d544 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34b419f75327f31fc31b4d49de064b95d285d544 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add two mbedtls issues (to be checked further)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c144164d by Salvatore Bonaccorso at 2021-12-21T22:12:05+01:00 Add two mbedtls issues (to be checked further) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -193,9 +193,11 @@ CVE-2021-4145 CVE-2021-4144 RESERVED CVE-2021-45451 (In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass ...) - TODO: check + - mbedtls + TODO: check, seems to only affect 3.x branch CVE-2021-45450 (In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv ...) - TODO: check + - mbedtls + TODO: check, seems to only affect 2.28.y and 3.x branches CVE-2021-45449 RESERVED CVE-2021-45448 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c144164d7269df57ee6e9bed5b7218fe286046de -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c144164d7269df57ee6e9bed5b7218fe286046de You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-44732/mbedtls
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 260c4625 by Salvatore Bonaccorso at 2021-12-21T22:06:55+01:00 Add CVE-2021-44732/mbedtls - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2456,7 +2456,8 @@ CVE-2021-44733 [use-after-free in the TEE subsystem] [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030747 CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain out-of-memory condi ...) - TODO: check + - mbedtls + NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12 CVE-2021-44731 RESERVED CVE-2021-44730 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/260c4625cb0674c95b83fa088b47c539102ec641 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/260c4625cb0674c95b83fa088b47c539102ec641 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 54d09be3 by Salvatore Bonaccorso at 2021-12-21T22:01:54+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26345,11 +26345,11 @@ CVE-2021-36320 (Dell Networking X-Series firmware versions prior to 3.0.1.8 cont CVE-2021-36319 (Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain ...) NOT-FOR-US: Dell CVE-2021-36318 (Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text ...) - TODO: check + NOT-FOR-US: EMC CVE-2021-36317 (Dell EMC Avamar Server version 19.4 contains a plain-text password sto ...) - TODO: check + NOT-FOR-US: EMC CVE-2021-36316 (Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 conta ...) - TODO: check + NOT-FOR-US: EMC CVE-2021-36315 (Dell EMC PowerScale Nodes contain a hardware design flaw. This may all ...) NOT-FOR-US: EMC CVE-2021-36314 (Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary Fil ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54d09be3f538d4a918045809edb5b040a04ef6ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54d09be3f538d4a918045809edb5b040a04ef6ff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 36475359 by security tracker role at 2021-12-21T20:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,197 @@ +CVE-2022-22136 + RESERVED +CVE-2022-22135 + RESERVED +CVE-2022-22134 + RESERVED +CVE-2022-22133 + RESERVED +CVE-2022-22132 + RESERVED +CVE-2022-22131 + RESERVED +CVE-2022-22130 + RESERVED +CVE-2022-22129 + RESERVED +CVE-2022-22128 + RESERVED +CVE-2022-22127 + RESERVED +CVE-2022-22126 + RESERVED +CVE-2022-22125 + RESERVED +CVE-2022-22124 + RESERVED +CVE-2022-22123 + RESERVED +CVE-2022-22122 + RESERVED +CVE-2022-22121 + RESERVED +CVE-2022-22120 + RESERVED +CVE-2022-22119 + RESERVED +CVE-2022-22118 + RESERVED +CVE-2022-22117 + RESERVED +CVE-2022-22116 + RESERVED +CVE-2022-22115 + RESERVED +CVE-2022-22114 + RESERVED +CVE-2022-22113 + RESERVED +CVE-2022-22112 + RESERVED +CVE-2022-22111 + RESERVED +CVE-2022-22110 + RESERVED +CVE-2022-22109 + RESERVED +CVE-2022-22108 + RESERVED +CVE-2022-22107 + RESERVED +CVE-2022-22106 + RESERVED +CVE-2022-22105 + RESERVED +CVE-2022-22104 + RESERVED +CVE-2022-22103 + RESERVED +CVE-2022-22102 + RESERVED +CVE-2022-22101 + RESERVED +CVE-2022-22100 + RESERVED +CVE-2022-22099 + RESERVED +CVE-2022-22098 + RESERVED +CVE-2022-22097 + RESERVED +CVE-2022-22096 + RESERVED +CVE-2022-22095 + RESERVED +CVE-2022-22094 + RESERVED +CVE-2022-22093 + RESERVED +CVE-2022-22092 + RESERVED +CVE-2022-22091 + RESERVED +CVE-2022-22090 + RESERVED +CVE-2022-22089 + RESERVED +CVE-2022-22088 + RESERVED +CVE-2022-22087 + RESERVED +CVE-2022-22086 + RESERVED +CVE-2022-22085 + RESERVED +CVE-2022-22084 + RESERVED +CVE-2022-22083 + RESERVED +CVE-2022-22082 + RESERVED +CVE-2022-22081 + RESERVED +CVE-2022-22080 + RESERVED +CVE-2022-22079 + RESERVED +CVE-2022-22078 + RESERVED +CVE-2022-22077 + RESERVED +CVE-2022-22076 + RESERVED +CVE-2022-22075 + RESERVED +CVE-2022-22074 + RESERVED +CVE-2022-22073 + RESERVED +CVE-2022-22072 + RESERVED +CVE-2022-22071 + RESERVED +CVE-2022-22070 + RESERVED +CVE-2022-22069 + RESERVED +CVE-2022-22068 + RESERVED +CVE-2022-22067 + RESERVED +CVE-2022-22066 + RESERVED +CVE-2022-22065 + RESERVED +CVE-2022-22064 + RESERVED +CVE-2022-22063 + RESERVED +CVE-2022-22062 + RESERVED +CVE-2022-22061 + RESERVED +CVE-2022-22060 + RESERVED +CVE-2022-22059 + RESERVED +CVE-2022-22058 + RESERVED +CVE-2022-22057 + RESERVED +CVE-2022-22056 + RESERVED +CVE-2022-22055 + RESERVED +CVE-2022-22054 + RESERVED +CVE-2021-45458 + RESERVED +CVE-2021-45457 + RESERVED +CVE-2021-45456 + RESERVED +CVE-2021-45455 + RESERVED +CVE-2021-45454 + RESERVED +CVE-2021-45453 + RESERVED +CVE-2021-45452 + RESERVED +CVE-2021-4150 + RESERVED +CVE-2021-4149 + RESERVED +CVE-2021-4148 + RESERVED +CVE-2021-4147 + RESERVED +CVE-2021-4146 + RESERVED +CVE-2021-4145 + RESERVED +CVE-2021-4144 + RESERVED CVE-2021-45451 (In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass ...) TODO: check CVE-2021-45450 (In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv ...) @@ -24,8 +218,7 @@ CVE-2017-20010 CVE-2017-20009 RESERVED NOT-FOR-US: MODX Revolution -CVE-2012-20001 - RESERVED +CVE-2012-20001 (PrestaShop before 1.5.2 allows XSS via the "object data='data:text ...) NOT-FOR-US: PrestaShop CVE-2021-45442 RESERVED @@ -317,26 +510,26 @@ CVE-2021-45299 RESERVED CVE-2021-45298 RESERVED -CVE-2021-45297 - RESERVED +CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...) + TODO: check CVE-2021-45296 RESERVED CVE-2021-45295 RESERVED CVE-2021-45294 RESERVED -CVE-2021-45293 - RESERVED -CVE-2021-45292 - RESERVED -CVE-2021-45291 - RESERVED -CVE-2021-45290 - RESERVED -CVE-2021-45289 - RESERVED -CVE-2021-45288 - RESERVED +CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to an Inv ...) + TODO: check +CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...) + TODO: check +CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...) + TODO: check +CVE-2021-45290 (A Denial of Service vulnerability exits in Binaryen 103 due to
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for xorg-server update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 13609210 by Salvatore Bonaccorso at 2021-12-21T20:49:41+01:00 Reserve DSA number for xorg-server update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[21 Dec 2021] DSA-5027-1 xorg-server - security update + {CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011} + [buster] - xorg-server 2:1.20.4-1+deb10u4 + [bullseye] - xorg-server 2:1.20.11-1+deb11u1 [19 Dec 2021] DSA-5026-1 firefox-esr - security update {CVE-2021-43546 CVE-2021-43545 CVE-2021-43543 CVE-2021-43542 CVE-2021-43541 CVE-2021-43539 CVE-2021-43538 CVE-2021-43537 CVE-2021-43536 CVE-2021-43535 CVE-2021-43534 CVE-2021-38509 CVE-2021-38508 CVE-2021-38507 CVE-2021-38506 CVE-2021-38504 CVE-2021-38503} [bullseye] - firefox-esr 91.4.1esr-1~deb11u1 = data/dsa-needed.txt = @@ -69,6 +69,3 @@ webkit2gtk -- wpewebkit/stable -- -xorg-server (carnil) - Maintainer preparing updates --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/136092106a7d7daffad1a4c1c1cb943dc09c94d4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/136092106a7d7daffad1a4c1c1cb943dc09c94d4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-11651/salt: fix link
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: e44c4e89 by Sylvain Beucler at 2021-12-21T16:08:26+01:00 CVE-2020-11651/salt: fix link - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -118237,7 +118237,7 @@ CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 30 NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7 (v3000.2) NOTE: Regression: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue NOTE: Regression fix: https://github.com/saltstack/salt/commit/cea28c850f7562fd3b869a1bbcc95050ab19e0f1 (v3000.3) - NOTE: See also https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/04/14/ + NOTE: See also https://gitlab.com/saltstack/open/salt-patches/-/tree/master/patches/2020/04/14/ CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before ...) NOT-FOR-US: FreeNAS CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Membe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e44c4e897548f9c1760488cc70598fd682ad5d1c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e44c4e897548f9c1760488cc70598fd682ad5d1c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-16846/salt: reference regression
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f006b17 by Sylvain Beucler at 2021-12-21T13:18:23+01:00 CVE-2020-16846/salt: reference regression - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -103372,8 +103372,8 @@ CVE-2020-16846 (An issue was discovered in SaltStack Salt through 3002. Sending {DSA-4837-1 DLA-2480-1} - salt 3002.1+dfsg1-1 NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ - NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2018.3.x.patch (2018.3.x) - NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2016.11.x.patch (2016.11.x) + NOTE: https://gitlab.com/saltstack/open/salt-patches/tree/master/patches/2020/09/02/ + NOTE: Regression: https://github.com/saltstack/salt/issues/58970 CVE-2020-16845 (Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loo ...) {DSA-4848-1 DLA-2460-1 DLA-2459-1} - golang-1.15 1.15~rc2-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f006b1732cefaedaced38b97206b2ef7087bddc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f006b1732cefaedaced38b97206b2ef7087bddc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new webkit issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 69c51299 by Moritz Muehlenhoff at 2021-12-21T13:11:57+01:00 new webkit issues - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -39511,19 +39511,34 @@ CVE-2021-30892 (An inherited permissions issue was addressed with additional res CVE-2021-30891 REJECTED CVE-2021-30890 (A logic issue was addressed with improved state management. This issue ...) - NOT-FOR-US: Apple + - webkit2gtk 2.34.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30889 (A buffer overflow issue was addressed with improved memory handling. T ...) - NOT-FOR-US: Apple + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30888 (An information leakage issue was addressed. This issue is fixed in iOS ...) - NOT-FOR-US: Apple + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30887 (A logic issue was addressed with improved restrictions. This issue is ...) - NOT-FOR-US: Apple + - webkit2gtk 2.34.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30886 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2021-30885 REJECTED CVE-2021-30884 (The issue was resolved with additional restrictions on CSS compositing ...) - NOT-FOR-US: Apple + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30883 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2021-30882 (A logic issue was addressed with improved validation. This issue is fi ...) @@ -39641,7 +39656,10 @@ CVE-2021-30838 (A memory corruption issue was addressed with improved memory han CVE-2021-30837 (A memory consumption issue was addressed with improved memory handling ...) NOT-FOR-US: Apple CVE-2021-30836 (An out-of-bounds read was addressed with improved input validation. Th ...) - NOT-FOR-US: Apple + - webkit2gtk 2.32.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.4-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30835 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30834 (A logic issue was addressed with improved state management. This issue ...) @@ -39667,7 +39685,10 @@ CVE-2021-30825 (This issue was addressed with improved checks. This issue is fix CVE-2021-30824 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30823 (A logic issue was addressed with improved restrictions. This issue is ...) - NOT-FOR-US: Apple + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30822 RESERVED CVE-2021-30821 (A memory corruption issue was addressed with improved memory handling. ...) @@ -39677,7 +39698,10 @@ CVE-2021-30820 (A logic issue was addressed with improved state management. This CVE-2021-30819 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-30818 (A type confusion issue was addressed with improved state handling. Thi ...) - NOT-FOR-US: Apple + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30817 (A permissions issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2021-30816 (The issue was addressed with improved permissions logic. This issue is ...) @@ -39695,7 +39719,10 @@ CVE-2021-30811 (This issue was addressed with improved checks. This issue is fix CVE-2021-30810 (An authorization issue was addressed with improved state management. T ...) NOT-FOR-US: Apple CVE-2021-30809 (A use after free issue was addressed with improved memory management. ...) -
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 6cb91b0f by Henri Salo at 2021-12-21T10:55:20+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20,10 +20,13 @@ CVE-2021-4143 RESERVED CVE-2017-20010 RESERVED + NOT-FOR-US: MODX Revolution CVE-2017-20009 RESERVED + NOT-FOR-US: MODX Revolution CVE-2012-20001 RESERVED + NOT-FOR-US: PrestaShop CVE-2021-45442 RESERVED CVE-2021-45441 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb91b0fb8002538d3faf91461a4270074665c71 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb91b0fb8002538d3faf91461a4270074665c71 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c90855d4 by Salvatore Bonaccorso at 2021-12-21T09:24:04+01:00 Process some more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4867,7 +4867,7 @@ CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets, weat CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block kit s ...) TODO: check CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and e ...) - TODO: check + NOT-FOR-US: Wiki.js CVE-2021-43841 RESERVED CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In ...) @@ -5857,7 +5857,7 @@ CVE-2021-43765 CVE-2021-43764 RESERVED CVE-2021-43763 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-43762 RESERVED CVE-2021-43761 @@ -5883,15 +5883,15 @@ CVE-2021-43752 CVE-2021-43751 RESERVED CVE-2021-43750 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-43749 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-43748 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-43747 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-43746 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: snipe-it CVE-2022-21216 @@ -6763,13 +6763,13 @@ CVE-2021-43443 CVE-2021-43442 RESERVED CVE-2021-43441 (An HTML Injection Vulnerability in iOrder 1.0 allows the remote attack ...) - TODO: check + NOT-FOR-US: iOrder CVE-2021-43440 (Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 a ...) NOT-FOR-US: iOrder CVE-2021-43439 (RCE in Add Review Function in iResturant 1.0 Allows remote attacker to ...) - TODO: check + NOT-FOR-US: iResturant CVE-2021-43438 (Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to ...) - TODO: check + NOT-FOR-US: iResturant CVE-2021-43437 (In sourcecodetester Engineers Online Portal as of 10-21-21, an attacke ...) TODO: check CVE-2021-43436 @@ -8775,25 +8775,25 @@ CVE-2021-43032 (In XenForo through 2.2.7, a threat actor with access to the admi CVE-2021-43031 RESERVED CVE-2021-43030 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-43029 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-43028 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-43027 RESERVED CVE-2021-43026 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-43025 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-43024 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-43023 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-43022 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-43021 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-43020 RESERVED CVE-2021-43019 (Adobe Creative Cloud version 5.5 (and earlier) are affected by a privi ...) @@ -9260,7 +9260,7 @@ CVE-2021-42810 CVE-2021-42809 (Improper Access Control of Dynamically-Managed Code Resources (DLL) in ...) TODO: check CVE-2021-42808 (Improper Access Control in Thales Sentinel Protection Installer could ...) - TODO: check + NOT-FOR-US: Thales Sentinel Protection Installer CVE-2021-42807 RESERVED CVE-2021-42806 @@ -12403,7 +12403,7 @@ CVE-2021-3862 CVE-2021-3861 RESERVED CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vul ...) - TODO: check + NOT-FOR-US: JFrog Artifactory CVE-2021-3859 RESERVED CVE-2021-42008 (The decode_data function in
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 64271ad0 by Salvatore Bonaccorso at 2021-12-21T09:18:42+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2349,11 +2349,11 @@ CVE-2021-44701 CVE-2021-44700 RESERVED CVE-2021-44699 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-44698 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-44697 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-44696 RESERVED CVE-2021-44695 @@ -3811,15 +3811,15 @@ CVE-2021-44185 (Adobe Bridge versions 11.1.1 (and earlier) are affected by an ou CVE-2021-44184 RESERVED CVE-2021-44183 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-44182 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-44181 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-44180 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-44179 (Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory c ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-44178 RESERVED CVE-2021-44177 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64271ad056fa09e54d55a9ca4625c3d84673536a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64271ad056fa09e54d55a9ca4625c3d84673536a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4871355d by security tracker role at 2021-12-21T08:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,29 @@ +CVE-2021-45451 (In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass ...) + TODO: check +CVE-2021-45450 (In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv ...) + TODO: check +CVE-2021-45449 + RESERVED +CVE-2021-45448 + RESERVED +CVE-2021-45447 + RESERVED +CVE-2021-45446 + RESERVED +CVE-2021-45445 + RESERVED +CVE-2021-45444 + RESERVED +CVE-2021-45443 + RESERVED +CVE-2021-4143 + RESERVED +CVE-2017-20010 + RESERVED +CVE-2017-20009 + RESERVED +CVE-2012-20001 + RESERVED CVE-2021-45442 RESERVED CVE-2021-45441 @@ -2322,12 +2348,12 @@ CVE-2021-44701 RESERVED CVE-2021-44700 RESERVED -CVE-2021-44699 - RESERVED -CVE-2021-44698 - RESERVED -CVE-2021-44697 - RESERVED +CVE-2021-44699 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...) + TODO: check +CVE-2021-44698 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...) + TODO: check +CVE-2021-44697 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...) + TODO: check CVE-2021-44696 RESERVED CVE-2021-44695 @@ -3784,16 +3810,16 @@ CVE-2021-44185 (Adobe Bridge versions 11.1.1 (and earlier) are affected by an ou NOT-FOR-US: Adobe CVE-2021-44184 RESERVED -CVE-2021-44183 - RESERVED -CVE-2021-44182 - RESERVED -CVE-2021-44181 - RESERVED -CVE-2021-44180 - RESERVED -CVE-2021-44179 - RESERVED +CVE-2021-44183 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) + TODO: check +CVE-2021-44182 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) + TODO: check +CVE-2021-44181 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) + TODO: check +CVE-2021-44180 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) + TODO: check +CVE-2021-44179 (Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory c ...) + TODO: check CVE-2021-44178 RESERVED CVE-2021-44177 @@ -4830,18 +4856,18 @@ CVE-2021-43849 RESERVED CVE-2021-43848 RESERVED -CVE-2021-43847 - RESERVED -CVE-2021-43846 - RESERVED +CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prior to H ...) + TODO: check +CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...) + TODO: check CVE-2021-43845 RESERVED -CVE-2021-43844 - RESERVED -CVE-2021-43843 - RESERVED -CVE-2021-43842 - RESERVED +CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets, weather, a ...) + TODO: check +CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block kit s ...) + TODO: check +CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and e ...) + TODO: check CVE-2021-43841 RESERVED CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In ...) @@ -5830,8 +5856,8 @@ CVE-2021-43765 RESERVED CVE-2021-43764 RESERVED -CVE-2021-43763 - RESERVED +CVE-2021-43763 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) + TODO: check CVE-2021-43762 RESERVED CVE-2021-43761 @@ -5856,16 +5882,16 @@ CVE-2021-43752 RESERVED CVE-2021-43751 RESERVED -CVE-2021-43750 - RESERVED -CVE-2021-43749 - RESERVED -CVE-2021-43748 - RESERVED -CVE-2021-43747 - RESERVED -CVE-2021-43746 - RESERVED +CVE-2021-43750 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...) + TODO: check +CVE-2021-43749 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...) + TODO: check +CVE-2021-43748 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...) + TODO: check +CVE-2021-43747 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + TODO: check +CVE-2021-43746 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an ...) + TODO: check CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: snipe-it CVE-2022-21216 @@ -6736,16 +6762,16 @@ CVE-2021-43443 RESERVED CVE-2021-43442 RESERVED -CVE-2021-43441 - RESERVED +CVE-2021-43441 (An HTML Injection Vulnerability in iOrder 1.0 allows the remote attack ...) + TODO: check CVE-2021-43440