Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: c687d49c by Moritz Mühlenhoff at 2021-04-12T11:53:19+02:00 various bugs filed NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -674,7 +674,7 @@ CVE-2021-30186 CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host header in a ...) NOT-FOR-US: CERN Indico CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted ...) - - gnuchess <unfixed> + - gnuchess <unfixed> (bug #986801) NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html CVE-2021-30183 @@ -727,11 +727,9 @@ CVE-2021-30166 CVE-2021-30165 RESERVED CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...) - - redmine <unfixed> - TODO: check fixing commit, fixed in 4.0.8 + - redmine <unfixed> (bug #986800) CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...) - - redmine <unfixed> - TODO: check fixing commit, fixed in 4.0.8 + - redmine <unfixed> (bug #986800) CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 4.4 throu ...) NOT-FOR-US: LG mobile devices CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...) @@ -771,16 +769,12 @@ CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in Ope NOTE: https://github.com/openresty/lua-nginx-module/pull/1654 CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discov ...) - redmine 4.0.7-1 - TODO: check fixing commit, fixed in 4.0.7 CVE-2020-36307 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile ...) - redmine 4.0.7-1 - TODO: check fixing commit, fixed in 4.0.7 CVE-2020-36306 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url f ...) - redmine 4.0.7-1 - TODO: check fixing commit, fixed in 4.0.7 CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data duri ...) - redmine 4.0.6-1 - TODO: check fixing commit, fixed in 4.0.6 CVE-2021-30160 RESERVED CVE-2021-30159 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) @@ -1259,7 +1253,7 @@ CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including 0.27.4 NOTE: https://github.com/Exiv2/exiv2/issues/1522 CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file] RESERVED - - qtsvg-opensource-src <unfixed> + - qtsvg-opensource-src <unfixed> (bug #986798) [buster] - qtsvg-opensource-src <no-dsa> (Minor issue) - qt4-x11 <removed> [buster] - qt4-x11 <no-dsa> (Minor issue) @@ -4155,7 +4149,7 @@ CVE-2021-3447 (A flaw was found in several ansible modules, where parameters con NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939349 NOTE: check, details on upstream status not yet clear CVE-2021-3446 (A flaw was found in libtpms in versions before 0.8.2. The commonly use ...) - - libtpms <unfixed> + - libtpms <unfixed> (bug #986799) NOTE: https://github.com/stefanberger/libtpms/commit/32c159ab53db703749a8f90430cdc7b20b00975e CVE-2021-28650 (autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOM ...) [experimental] - gnome-autoar 0.3.1-1 @@ -4181,7 +4175,7 @@ CVE-2017-20002 (The Debian shadow package before 1:4.5-1 for Shadow incorrectly NOTE: Introduced in attempt to address #830255 in 1:4.4-2 CVE-2021-3445 RESERVED - - libdnf <unfixed> + - libdnf <unfixed> (bug #986802) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932079 CVE-2021-28644 RESERVED @@ -21806,11 +21800,11 @@ CVE-2020-35628 (A code execution vulnerability exists in the Nef polygon-parsing - cgal 5.2-3 (bug #985671) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 CVE-2021-21433 (Discord Recon Server is a bot that allows you to do your reconnaissanc ...) - TODO: check + NOT-FOR-US: Discord Recon Server CVE-2021-21432 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...) - TODO: check + NOT-FOR-US: Vela CVE-2021-21431 (sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior ...) - TODO: check + NOT-FOR-US: sopel-channelmgnt CVE-2021-21430 RESERVED CVE-2021-21429 @@ -21847,7 +21841,7 @@ CVE-2021-21415 CVE-2021-21414 RESERVED CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to v8's Iso ...) - TODO: check + NOT-FOR-US: Node isolated-vm CVE-2021-21412 (Potential for arbitrary code execution in npm package @thi.ng/egf `#gp ...) NOT-FOR-US: Node @thi.ng/egf CVE-2021-21411 (OAuth2-Proxy is an open source reverse proxy that provides authenticat ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c687d49c54143317a3d04da680a7ec6bef86924e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c687d49c54143317a3d04da680a7ec6bef86924e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits