Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4e809321 by security tracker role at 2021-03-31T08:10:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,23 @@ +CVE-2021-29653 + RESERVED +CVE-2021-29652 + RESERVED +CVE-2021-29651 + RESERVED +CVE-2021-29650 (An issue was discovered in the Linux kernel before 5.11.11. The netfil ...) + TODO: check +CVE-2021-29649 (An issue was discovered in the Linux kernel before 5.11.11. The user m ...) + TODO: check +CVE-2021-29648 (An issue was discovered in the Linux kernel before 5.11.11. The BPF su ...) + TODO: check +CVE-2021-29647 (An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvm ...) + TODO: check +CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_re ...) + TODO: check +CVE-2020-36285 + RESERVED +CVE-2020-36284 + RESERVED CVE-2021-3480 RESERVED CVE-2021-3479 [Out-of-memory caused by allocation of a very large buffer] @@ -19829,8 +19849,8 @@ CVE-2021-21415 RESERVED CVE-2021-21414 RESERVED -CVE-2021-21413 - RESERVED +CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to v8's Iso ...) + TODO: check CVE-2021-21412 (Potential for arbitrary code execution in npm package @thi.ng/egf `#gp ...) TODO: check CVE-2021-21411 (OAuth2-Proxy is an open source reverse proxy that provides authenticat ...) @@ -40775,8 +40795,8 @@ CVE-2020-24997 CVE-2020-24996 (There is an invalid memory access in the function TextString::~TextStr ...) - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028 -CVE-2020-24995 - RESERVED +CVE-2020-24995 (Buffer overflow vulnerability in sniff_channel_order function in aacde ...) + TODO: check CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c in liba ...) - libass 1:0.15.0-1 [buster] - libass <no-dsa> (Minor issue) @@ -42109,8 +42129,8 @@ CVE-2020-24392 (In voloko twitter-stream 0.1.10, missing TLS hostname validation [buster] - ruby-twitter-stream <no-dsa> (Minor issue) [stretch] - ruby-twitter-stream <no-dsa> (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream -CVE-2020-24391 - RESERVED +CVE-2020-24391 (mongo-express before 1.0.0 offers support for certain advanced syntax ...) + TODO: check CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape the user ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-24389 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e809321207b9eb83545759afae904fc246e4d1c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e809321207b9eb83545759afae904fc246e4d1c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits