Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8d6e4e87 by security tracker role at 2021-03-27T20:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,9 @@ +CVE-2021-29273 + RESERVED +CVE-2021-29272 (bluemonday before 1.0.5 allows XSS because certain Go lowercasing conv ...) + TODO: check +CVE-2021-29271 (remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator ...) + TODO: check CVE-2021-29270 RESERVED CVE-2021-29269 @@ -4484,7 +4490,7 @@ CVE-2021-27292 (ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expre NOTE: https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76 NOTE: https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566 CVE-2021-27291 (In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming ...) - {DLA-2600-1} + {DSA-4878-1 DLA-2600-1} - pygments <unfixed> (bug #985574) NOTE: https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce NOTE: https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14 @@ -97447,6 +97453,7 @@ CVE-2020-1948 (This vulnerability can affect all Dubbo users stay on version 2.7 CVE-2020-1947 (In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingS ...) NOT-FOR-US: Apache ShardingSphere CVE-2020-1946 (In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf ...) + {DSA-4879-1} - spamassassin 3.4.5~pre1-1 (bug #985962) NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/3 NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7793 (not public) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d6e4e873db48f494117cc6e3002109d4944ae99 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d6e4e873db48f494117cc6e3002109d4944ae99 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits