Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
12d7286f by Moritz Mühlenhoff at 2021-04-20T20:50:32+02:00
nim fixed in sid (was apparently meant to target experimental, though)
various bugs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2149,13 +2149,13 @@ CVE-2021-30500
NOTE:
https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc
CVE-2021-30499
RESERVED
- - libcaca <unfixed>
+ - libcaca <unfixed> (bug #987278)
[buster] - libcaca <no-dsa> (Minor issue)
[stretch] - libcaca <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://github.com/cacalabs/libcaca/issues/54
CVE-2021-30498
RESERVED
- - libcaca <unfixed>
+ - libcaca <unfixed> (bug #987278)
[buster] - libcaca <no-dsa> (Minor issue)
[stretch] - libcaca <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://github.com/cacalabs/libcaca/issues/53
@@ -4519,12 +4519,14 @@ CVE-2021-29460
CVE-2021-29459
RESERVED
CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- - exiv2 <unfixed>
+ - exiv2 <unfixed> (bug #987277)
+ [buster] - exiv2 <no-dsa> (Minor issue)
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5
NOTE: https://github.com/Exiv2/exiv2/issues/1530
NOTE: https://github.com/Exiv2/exiv2/pull/1536
CVE-2021-29457 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- - exiv2 <unfixed>
+ - exiv2 <unfixed> (bug #987277)
+ [buster] - exiv2 <no-dsa> (Minor issue)
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
NOTE: https://github.com/Exiv2/exiv2/issues/1529
NOTE: https://github.com/Exiv2/exiv2/pull/1534
@@ -4826,7 +4828,7 @@ CVE-2021-29340
CVE-2021-29339
RESERVED
CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to
crash t ...)
- - openjpeg2 <unfixed>
+ - openjpeg2 <unfixed> (bug #987276)
[buster] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1338
CVE-2021-29337
@@ -7118,7 +7120,7 @@ CVE-2021-28307 (An issue was discovered in the fltk crate
before 0.15.3 for Rust
CVE-2021-28306 (An issue was discovered in the fltk crate before 0.15.3 for
Rust. Ther ...)
NOT-FOR-US: Rust craste fltk
CVE-2021-28305 (An issue was discovered in the diesel crate before 1.4.6 for
Rust. The ...)
- - rust-diesel <unfixed>
+ - rust-diesel <unfixed> (bug #987275)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0037.html
CVE-2021-28304
RESERVED
@@ -19753,7 +19755,7 @@ CVE-2021-22880 (The PostgreSQL adapter in Active Record
before 6.1.2.1, 6.0.3.5,
NOTE:
https://github.com/rails/rails/commit/eddda4d8fb6b6508e11196b14494ceac37b57339
(main)
NOTE:
https://github.com/rails/rails/commit/879d02107b5b3eb7aeaad1cd1f259bb41f17286b
(v6.0.3.5)
CVE-2021-22879 (Nextcloud Desktop Client prior to 3.1.3 is vulnerable to
resource inje ...)
- - nextcloud-desktop <unfixed>
+ - nextcloud-desktop <unfixed> (bug #987274)
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2021-008
NOTE: https://github.com/nextcloud/desktop/pull/2906
@@ -22162,7 +22164,7 @@ CVE-2021-21785
CVE-2021-21784 (An out-of-bounds write vulnerability exists in the JPG format
SOF mark ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing
plugin func ...)
- - gsoap <unfixed>
+ - gsoap <unfixed> (bug #987273)
[buster] - gsoap <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245
CVE-2021-21782 (An out-of-bounds write vulnerability exists in the SGI format
buffer s ...)
@@ -24270,17 +24272,17 @@ CVE-2021-21375 (PJSIP is a free and open source
multimedia communication library
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
NOTE:
https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365
CVE-2021-21374 (Nimble is a package manager for the Nim programming language.
In Nim r ...)
- - nim <unfixed>
+ - nim 1.4.6-1 (bug #987272)
[buster] - nim <no-dsa> (Minor issue)
[stretch] - nim <postponed> (Minor issue; can be fixed in next update)
NOTE:
https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
CVE-2021-21373 (Nimble is a package manager for the Nim programming language.
In Nim r ...)
- - nim <unfixed>
+ - nim 1.4.6-1 (bug #987272)
[buster] - nim <no-dsa> (Minor issue)
[stretch] - nim <postponed> (Minor issue; can be fixed in next update)
NOTE:
https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
CVE-2021-21372 (Nimble is a package manager for the Nim programming language.
In Nim r ...)
- - nim <unfixed>
+ - nim 1.4.6-1 (bug #987272)
[buster] - nim <no-dsa> (Minor issue)
[stretch] - nim <postponed> (Minor issue; can be fixed in next update)
NOTE:
https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12d7286f1f101e0db3666fa358270b43deb2b378
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12d7286f1f101e0db3666fa358270b43deb2b378
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
