Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 09ae9916 by security tracker role at 2021-04-20T08:10:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2,8 +2,7 @@ CVE-2021-3508 RESERVED CVE-2021-3507 RESERVED -CVE-2021-3506 [Out of bounds memory access bug in get_next_net_page() in fs/f2fs/node.c] - RESERVED +CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c ...) - linux <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2 NOTE: https://lore.kernel.org/lkml/20210322114730.71103-1-yuch...@huawei.com/ @@ -13,8 +12,7 @@ CVE-2021-XXXX [xscreensaver allows starting external programs with cap_net_raw] [stretch] - xscreensaver <no-dsa> (Minor issue) NOTE: Fixed upstream in 6.00 (no public version control): https://twitter.com/jwz/status/1383503845217554444 NOTE: https://www.openwall.com/lists/oss-security/2021/04/17/1 -CVE-2021-3505 - RESERVED +CVE-2021-3505 (A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implem ...) - libtpms 0.8.0~dev1-1 NOTE: https://github.com/stefanberger/libtpms/issues/183 NOTE: https://github.com/stefanberger/libtpms/commit/625171be0c8225824740b5d0fb7e8562f6a1c6a8 (v0.8.0) @@ -1824,14 +1822,12 @@ CVE-2017-20004 (In the standard library in Rust before 1.19.0, there is a synchr NOTE: https://github.com/rust-lang/rust/pull/41624 CVE-2015-20002 RESERVED -CVE-2021-3498 [gstreamer-plugins-good: Heap corruption in matroska demuxing] - RESERVED +CVE-2021-3498 (GStreamer before 1.18.4 might cause heap corruption when parsing certa ...) [experimental] - gst-plugins-good1.0 1.18.4-1 - gst-plugins-good1.0 <unfixed> (bug #986911) NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0003.html NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0?merge_request_iid=903 -CVE-2021-3497 [gstreamer-plugins-good: Use-after-free in matroska demuxing] - RESERVED +CVE-2021-3497 (GStreamer before 1.18.4 might access already-freed memory in error cod ...) [experimental] - gst-plugins-good1.0 1.18.4-1 - gst-plugins-good1.0 <unfixed> (bug #986910) NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0002.html @@ -2819,8 +2815,8 @@ CVE-2021-30201 RESERVED CVE-2021-30200 RESERVED -CVE-2021-30199 - RESERVED +CVE-2021-30199 (In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Derefe ...) + TODO: check CVE-2021-30198 RESERVED CVE-2021-30197 @@ -3272,24 +3268,24 @@ CVE-2021-30024 RESERVED CVE-2021-30023 RESERVED -CVE-2021-30022 - RESERVED +CVE-2021-30022 (There is a integer overflow in media_tools/av_parsers.c in the gf_avc_ ...) + TODO: check CVE-2021-30021 RESERVED -CVE-2021-30020 - RESERVED -CVE-2021-30019 - RESERVED +CVE-2021-30020 (In the function gf_hevc_read_pps_bs_internal function in media_tools/a ...) + TODO: check +CVE-2021-30019 (In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0 ...) + TODO: check CVE-2021-30018 RESERVED CVE-2021-30017 RESERVED CVE-2021-30016 RESERVED -CVE-2021-30015 - RESERVED -CVE-2021-30014 - RESERVED +CVE-2021-30015 (There is a Null Pointer Dereference in function filter_core/filter_pck ...) + TODO: check +CVE-2021-30014 (There is a integer overflow in media_tools/av_parsers.c in the hevc_pa ...) + TODO: check CVE-2021-30013 RESERVED CVE-2021-30012 @@ -4949,8 +4945,8 @@ CVE-2021-29281 RESERVED CVE-2021-29280 RESERVED -CVE-2021-29279 - RESERVED +CVE-2021-29279 (There is a integer overflow in function filter_core/filter_props.c:gf_ ...) + TODO: check CVE-2021-29278 RESERVED CVE-2021-29277 @@ -9148,8 +9144,8 @@ CVE-2021-27460 RESERVED CVE-2021-27459 RESERVED -CVE-2021-27458 - RESERVED +CVE-2021-27458 (If Ethernet communication of the JTEKT Corporation TOYOPUC product ser ...) + TODO: check CVE-2021-27457 RESERVED CVE-2021-27456 @@ -19201,14 +19197,14 @@ CVE-2021-3040 RESERVED CVE-2021-3039 RESERVED -CVE-2021-3038 - RESERVED -CVE-2021-3037 - RESERVED -CVE-2021-3036 - RESERVED -CVE-2021-3035 - RESERVED +CVE-2021-3038 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...) + TODO: check +CVE-2021-3037 (An information exposure through log file vulnerability exists in Palo ...) + TODO: check +CVE-2021-3036 (An information exposure through log file vulnerability exists in Palo ...) + TODO: check +CVE-2021-3035 (An unsafe deserialization vulnerability in Bridgecrew Checkov by Prism ...) + TODO: check CVE-2021-3034 (An information exposure through log file vulnerability exists in Corte ...) NOT-FOR-US: Cortex XSOAR software (Palo Alto Networks) CVE-2021-3033 (An improper verification of cryptographic signature vulnerability exis ...) @@ -27444,8 +27440,7 @@ CVE-2021-20209 [buster] - privoxy 3.0.28-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c62254a686dcd40e3b6e5753d0c7c0308209a7b6 (3.0.29) -CVE-2021-20208 [Container can use kerberos cache from the host via mount.cifs/cifs.upcall] - RESERVED +CVE-2021-20208 (A flaw was found in cifs-utils in versions before 6.13. A user when mo ...) - cifs-utils <unfixed> NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14651 NOTE: https://lists.samba.org/archive/samba-technical/2021-April/136467.html @@ -39965,10 +39960,10 @@ CVE-2020-27243 RESERVED CVE-2020-27242 RESERVED -CVE-2020-27241 - RESERVED -CVE-2020-27240 - RESERVED +CVE-2020-27241 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) + TODO: check +CVE-2020-27240 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) + TODO: check CVE-2020-27239 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) NOT-FOR-US: OpenClinic CVE-2020-27238 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09ae9916ef472ac85089db1b1e4850bef8b0f948 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09ae9916ef472ac85089db1b1e4850bef8b0f948 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits