Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: fae8ec95 by security tracker role at 2021-03-22T08:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -8,10 +8,10 @@ CVE-2021-28959 RESERVED CVE-2021-28958 RESERVED -CVE-2021-28956 - RESERVED -CVE-2021-28955 - RESERVED +CVE-2021-28956 (** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka S ...) + TODO: check +CVE-2021-28955 (git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will ...) + TODO: check CVE-2021-28954 (In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary ...) NOT-FOR-US: Chris Walz bit CVE-2021-28953 (The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual S ...) @@ -28,7 +28,7 @@ CVE-2021-3451 RESERVED CVE-2021-3450 RESERVED -CVE-2021-28957 (lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in h ...) +CVE-2021-28957 (lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.l ...) - lxml <unfixed> (bug #985643) NOTE: https://bugs.launchpad.net/lxml/+bug/1888153 NOTE: https://github.com/lxml/lxml/pull/316 @@ -661,7 +661,8 @@ CVE-2021-28652 RESERVED CVE-2021-28651 RESERVED -CVE-2021-28963 [shib service provide phishing] +CVE-2021-28963 (Shibboleth Service Provider before 3.2.1 allows content injection beca ...) + {DSA-4872-1 DLA-2599-1} - shibboleth-sp 3.2.1+dfsg1-1 (bug #985405) - shibboleth-sp2 <removed> NOTE: https://shibboleth.net/community/advisories/secadv_20210317.txt @@ -6732,10 +6733,10 @@ CVE-2021-26072 RESERVED CVE-2021-26071 RESERVED -CVE-2021-26070 - RESERVED -CVE-2021-26069 - RESERVED +CVE-2021-26070 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + TODO: check +CVE-2021-26069 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) + TODO: check CVE-2021-26068 (An endpoint in Atlassian Jira Server for Slack plugin from version 0.0 ...) NOT-FOR-US: Atlassian CVE-2021-26067 (Affected versions of Atlassian Bamboo allow an unauthenticated remote ...) @@ -21091,6 +21092,7 @@ CVE-2021-20247 (A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations [stretch] - isync <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/22/1 CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An attacker ...) + {DLA-2602-1} - imagemagick <unfixed> [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/3195 @@ -21104,6 +21106,7 @@ CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker wh NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/ffb683e62ddedc6436a1b88388eb690d7ca57bf2 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a78d92dc0f468e79c3d761aae9707042952cdaca CVE-2021-20244 (A flaw was found in ImageMagick in MagickCore/visual-effects.c. An att ...) + {DLA-2602-1} - imagemagick <unfixed> [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/pull/3194 @@ -21118,6 +21121,7 @@ CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An attac CVE-2021-20242 REJECTED CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker who submi ...) + {DLA-2602-1} - imagemagick <unfixed> [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/pull/3177 @@ -21458,6 +21462,7 @@ CVE-2021-20177 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=209823 NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/1 CVE-2021-20176 (A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 ...) + {DLA-2602-1} - imagemagick 8:6.9.11.57+dfsg-1 NOTE: https://github.com/ImageMagick/ImageMagick/issues/3077 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774 @@ -31983,12 +31988,14 @@ CVE-2020-27776 (A flaw was found in ImageMagick in MagickCore/statistic.c. An at NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/0c92913ec5705300943703f1795f34c0cc25164e NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3e21bc8a58b4ae38d24c7e283837cc279f35b6a5 CVE-2020-27775 (A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker w ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1737 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a2166bfb1049bac4c0f7b8b5d3ef86a1f48470b2 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/78d9987ae80a95865c9f139afde0dcf3fd832ddc CVE-2020-27774 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1743 @@ -32002,12 +32009,14 @@ CVE-2020-27773 (A flaw was found in ImageMagick in MagickCore/gem-private.h. An NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/3d71aa8265ffaaf686021a6fbd54c037f71ee3a2 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/be6ffd9f283c2681d74469db8b000701665cf034 CVE-2020-27772 (A flaw was found in ImageMagick in coders/bmp.c. An attacker who submi ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1749 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a1142af44f61c038ad3eccc099c5b9548b507846 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7f819ef8855608d9cb1ded5e4f30cdfff1da7c11 CVE-2020-27771 (In RestoreMSCWarning() of /coders/pdf.c there are several areas where ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1753 @@ -32015,6 +32024,7 @@ CVE-2020-27771 (In RestoreMSCWarning() of /coders/pdf.c there are several areas NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/9dd1c7e1f8f6c137bfd3293be2554f59456c7b62 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a07ecde4c1c3a3efaa628434adc903295f6bb2b3 CVE-2020-27770 (Due to a missing check for 0 value of `replace_extent`, it is possible ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1721 @@ -32022,24 +32032,28 @@ CVE-2020-27770 (Due to a missing check for 0 value of `replace_extent`, it is po NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c01495f91ac71c5205f52713430b68e80d851149 CVE-2020-27769 RESERVED + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1740 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/7b058696133c6d36e0b48a454e357482db71982e NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7661113a654c9c822c23a8fb8aa1b021fc7fbe9d CVE-2020-27768 (In ImageMagick, there is an outside the range of representable values ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1751 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/95d4e94e0353e503b71a53f5e6fad173c7c70c90 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/8c6e86f81968fab1710317d87b00c608108e6a2a CVE-2020-27767 (A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker w ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1741 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/564f2a35e523e2b6cce9485018157f03ec05a947 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c2f66e7fc9189a652f77a021bd047c4146d634d1 CVE-2020-27766 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1734 @@ -32054,6 +32068,7 @@ CVE-2020-27765 (A flaw was found in ImageMagick in MagickCore/segment.c. An atta NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a4c89f2a61069ad7637bc7749cc1a839de442526 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4321934be544bc2888c6799fd6b50d8188a3d832 CVE-2020-27764 (In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOp ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1735 @@ -32066,12 +32081,14 @@ CVE-2020-27763 (A flaw was found in ImageMagick in MagickCore/resize.c. An attac NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/43539e67a47d2f8de832d33a5b26dc2a7a12294f NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/cc0944d57f846c839905d573503ab055b34090e4 CVE-2020-27762 (A flaw was found in ImageMagick in coders/hdr.c. An attacker who submi ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1713 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/7db3fa20893d557259da6e99e111954de83d2495 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3e10f7c3c9f0394dfd6ebd372bc34a172dabc8ff CVE-2020-27761 (WritePALMImage() in /coders/palm.c used size_t casts in several areas ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1726 @@ -32085,18 +32102,21 @@ CVE-2020-27760 (In `GammaImage()` of /MagickCore/enhance.c, depending on the `ga NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/c5fcdea6a6ae27cf3db20c28b176e87b1a584e06 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/83cd04f580ccf4cc194813777c1fcfba78e602aa CVE-2020-27759 (In IntensityCompare() of /MagickCore/quantize.c, a double value was be ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1720 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/d44f8a35558951a21367d306a42e5a097f3a43fe NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/460dea07066e2001bc4671fcd8d53233f0fc29b3 CVE-2020-27758 (A flaw was found in ImageMagick in coders/txt.c. An attacker who submi ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1719 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f0a8d407b2801174fd8923941a9e7822f7f9a506 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/e5e15b4456c825f78554e2ef1cc6344fa1218448 CVE-2020-27757 (A floating point math calculation in ScaleAnyToQuantum() of /MagickCor ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1712 @@ -32116,6 +32136,7 @@ CVE-2020-27755 (in SetImageExtent() of /MagickCore/image.c, an incorrect image d NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f28e9e56e1b56d4e1f09d2a56d70892ae295d6a4 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f9191f9e388330c8e22661b42092cc78a29a5d6f CVE-2020-27754 (In IntensityCompare() of /magick/quantize.c, there are calls to PixelP ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1754 @@ -37385,11 +37406,13 @@ CVE-2020-25678 (A flaw was found in ceph in versions prior to 16.y.z where ceph CVE-2020-25677 (A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph ...) NOT-FOR-US: ceph Ansible module CVE-2020-25676 (In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), Inte ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 NOTE: https://github.com/ImageMagick/ImageMagick/issues/1732 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/406da3af9e09649cda152663c179902edf5ab3ac NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/94aeb3c40d25aee1051ba8eb3a31601558ef2506 CVE-2020-25675 (In the CropImage() and CropImageToTiles() routines of MagickCore/trans ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1731 @@ -37444,6 +37467,7 @@ CVE-2020-25667 (TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/986b5dff173413fa712db27eb677cdef15f0bab6 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/14ba3e46a66c4799d643c7b959792e185c6599c7 CVE-2020-25666 (There are 4 places in HistogramCompare() in MagickCore/histogram.c whe ...) + {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1750 @@ -63401,8 +63425,8 @@ CVE-2020-13967 RESERVED CVE-2020-13966 RESERVED -CVE-2020-13963 - RESERVED +CVE-2020-13963 (SOPlanning before 1.47 has Incorrect Access Control because certain se ...) + TODO: check CVE-2020-13962 (Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 ...) - qtbase-opensource-src 5.14.2+dfsg-6 [buster] - qtbase-opensource-src <not-affected> (Only affects 5.12.2 and later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fae8ec95d616d33e253811bbc6c15567317c08c1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fae8ec95d616d33e253811bbc6c15567317c08c1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits