[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 20 Apr 2021 01:10:45 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
09ae9916 by security tracker role at 2021-04-20T08:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,8 +2,7 @@ CVE-2021-3508
        RESERVED
 CVE-2021-3507
        RESERVED
-CVE-2021-3506 [Out of bounds memory access bug in get_next_net_page() in 
fs/f2fs/node.c]
-       RESERVED
+CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in 
fs/f2fs/node.c  ...)
        - linux <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2
        NOTE: 
https://lore.kernel.org/lkml/20210322114730.71103-1-yuch...@huawei.com/
@@ -13,8 +12,7 @@ CVE-2021-XXXX [xscreensaver allows starting external programs 
with cap_net_raw]
        [stretch] - xscreensaver <no-dsa> (Minor issue)
        NOTE: Fixed upstream in 6.00 (no public version control): 
https://twitter.com/jwz/status/1383503845217554444
        NOTE: https://www.openwall.com/lists/oss-security/2021/04/17/1
-CVE-2021-3505
-       RESERVED
+CVE-2021-3505 (A flaw was found in libtpms in versions before 0.8.0. The TPM 2 
implem ...)
        - libtpms 0.8.0~dev1-1
        NOTE: https://github.com/stefanberger/libtpms/issues/183
        NOTE: 
https://github.com/stefanberger/libtpms/commit/625171be0c8225824740b5d0fb7e8562f6a1c6a8
 (v0.8.0)
@@ -1824,14 +1822,12 @@ CVE-2017-20004 (In the standard library in Rust before 
1.19.0, there is a synchr
        NOTE: https://github.com/rust-lang/rust/pull/41624
 CVE-2015-20002
        RESERVED
-CVE-2021-3498 [gstreamer-plugins-good: Heap corruption in matroska demuxing]
-       RESERVED
+CVE-2021-3498 (GStreamer before 1.18.4 might cause heap corruption when 
parsing certa ...)
        [experimental] - gst-plugins-good1.0 1.18.4-1
        - gst-plugins-good1.0 <unfixed> (bug #986911)
        NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0003.html
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0?merge_request_iid=903
-CVE-2021-3497 [gstreamer-plugins-good: Use-after-free in matroska demuxing]
-       RESERVED
+CVE-2021-3497 (GStreamer before 1.18.4 might access already-freed memory in 
error cod ...)
        [experimental] - gst-plugins-good1.0 1.18.4-1
        - gst-plugins-good1.0 <unfixed> (bug #986910)
        NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0002.html
@@ -2819,8 +2815,8 @@ CVE-2021-30201
        RESERVED
 CVE-2021-30200
        RESERVED
-CVE-2021-30199
-       RESERVED
+CVE-2021-30199 (In filters/reframe_latm.c in GPAC 1.0.1 there is a Null 
Pointer Derefe ...)
+       TODO: check
 CVE-2021-30198
        RESERVED
 CVE-2021-30197
@@ -3272,24 +3268,24 @@ CVE-2021-30024
        RESERVED
 CVE-2021-30023
        RESERVED
-CVE-2021-30022
-       RESERVED
+CVE-2021-30022 (There is a integer overflow in media_tools/av_parsers.c in the 
gf_avc_ ...)
+       TODO: check
 CVE-2021-30021
        RESERVED
-CVE-2021-30020
-       RESERVED
-CVE-2021-30019
-       RESERVED
+CVE-2021-30020 (In the function gf_hevc_read_pps_bs_internal function in 
media_tools/a ...)
+       TODO: check
+CVE-2021-30019 (In the adts_dmx_process function in filters/reframe_adts.c in 
GPAC 1.0 ...)
+       TODO: check
 CVE-2021-30018
        RESERVED
 CVE-2021-30017
        RESERVED
 CVE-2021-30016
        RESERVED
-CVE-2021-30015
-       RESERVED
-CVE-2021-30014
-       RESERVED
+CVE-2021-30015 (There is a Null Pointer Dereference in function 
filter_core/filter_pck ...)
+       TODO: check
+CVE-2021-30014 (There is a integer overflow in media_tools/av_parsers.c in the 
hevc_pa ...)
+       TODO: check
 CVE-2021-30013
        RESERVED
 CVE-2021-30012
@@ -4949,8 +4945,8 @@ CVE-2021-29281
        RESERVED
 CVE-2021-29280
        RESERVED
-CVE-2021-29279
-       RESERVED
+CVE-2021-29279 (There is a integer overflow in function 
filter_core/filter_props.c:gf_ ...)
+       TODO: check
 CVE-2021-29278
        RESERVED
 CVE-2021-29277
@@ -9148,8 +9144,8 @@ CVE-2021-27460
        RESERVED
 CVE-2021-27459
        RESERVED
-CVE-2021-27458
-       RESERVED
+CVE-2021-27458 (If Ethernet communication of the JTEKT Corporation TOYOPUC 
product ser ...)
+       TODO: check
 CVE-2021-27457
        RESERVED
 CVE-2021-27456
@@ -19201,14 +19197,14 @@ CVE-2021-3040
        RESERVED
 CVE-2021-3039
        RESERVED
-CVE-2021-3038
-       RESERVED
-CVE-2021-3037
-       RESERVED
-CVE-2021-3036
-       RESERVED
-CVE-2021-3035
-       RESERVED
+CVE-2021-3038 (A denial-of-service (DoS) vulnerability in Palo Alto Networks 
GlobalPr ...)
+       TODO: check
+CVE-2021-3037 (An information exposure through log file vulnerability exists 
in Palo  ...)
+       TODO: check
+CVE-2021-3036 (An information exposure through log file vulnerability exists 
in Palo  ...)
+       TODO: check
+CVE-2021-3035 (An unsafe deserialization vulnerability in Bridgecrew Checkov 
by Prism ...)
+       TODO: check
 CVE-2021-3034 (An information exposure through log file vulnerability exists 
in Corte ...)
        NOT-FOR-US: Cortex XSOAR software (Palo Alto Networks)
 CVE-2021-3033 (An improper verification of cryptographic signature 
vulnerability exis ...)
@@ -27444,8 +27440,7 @@ CVE-2021-20209
        [buster] - privoxy 3.0.28-2+deb10u1
        NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
        NOTE: 
https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c62254a686dcd40e3b6e5753d0c7c0308209a7b6
 (3.0.29)
-CVE-2021-20208 [Container can use kerberos cache from the host via 
mount.cifs/cifs.upcall]
-       RESERVED
+CVE-2021-20208 (A flaw was found in cifs-utils in versions before 6.13. A user 
when mo ...)
        - cifs-utils <unfixed>
        NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14651
        NOTE: 
https://lists.samba.org/archive/samba-technical/2021-April/136467.html
@@ -39965,10 +39960,10 @@ CVE-2020-27243
        RESERVED
 CVE-2020-27242
        RESERVED
-CVE-2020-27241
-       RESERVED
-CVE-2020-27240
-       RESERVED
+CVE-2020-27241 (An exploitable SQL injection vulnerability exists in 
&#8216;getAssets. ...)
+       TODO: check
+CVE-2020-27240 (An exploitable SQL injection vulnerability exists in 
&#8216;getAssets. ...)
+       TODO: check
 CVE-2020-27239 (An exploitable SQL injection vulnerability exists in 
&#8216;getAssets. ...)
        NOT-FOR-US: OpenClinic
 CVE-2020-27238 (An exploitable SQL injection vulnerability exists in 
&#8216;getAssets. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09ae9916ef472ac85089db1b1e4850bef8b0f948

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09ae9916ef472ac85089db1b1e4850bef8b0f948
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to