Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: b5d97147 by Moritz Mühlenhoff at 2021-05-07T21:40:18+02:00 various bugs filed - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -792,7 +792,7 @@ CVE-2021-32063 RESERVED CVE-2021-32062 (MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x ...) [experimental] - mapserver 7.6.3-1~exp1 - - mapserver <unfixed> + - mapserver <unfixed> (bug #988208) NOTE: https://github.com/mapserver/mapserver/issues/6313 NOTE: https://github.com/MapServer/MapServer/pull/6314 NOTE: https://github.com/mapserver/mapserver/commit/927ac97cb9ece305306b5ab2b5600d3afe8c1732 (branch-7-6) @@ -1284,7 +1284,7 @@ CVE-2021-31881 CVE-2021-31880 RESERVED CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header upon a ...) - - wget <unfixed> + - wget <unfixed> (bug #988209) NOTE: https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html CVE-2021-31878 RESERVED @@ -2476,7 +2476,7 @@ CVE-2021-3502 [reachable assertion in avahi_s_host_name_resolver_start when tryi NOTE: Introduced by: https://github.com/lathiat/avahi/commit/80c98fa16782e921f5b5d5c880f1d80f5c43bd49 (v0.8) CVE-2021-3500 RESERVED - - djvulibre <unfixed> + - djvulibre <unfixed> (bug #988215) [bullseye] - djvulibre <no-dsa> (Minor issue) [buster] - djvulibre <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685 @@ -4522,7 +4522,7 @@ CVE-2021-30475 CVE-2021-30474 RESERVED CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that i ...) - - aom <unfixed> + - aom <unfixed> (bug #988211) NOTE: https://aomedia.googlesource.com/aom/+/4efe20e99dcd9b6f8eadc8de8acc825be7416578 NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2998 CVE-2021-30472 @@ -22156,7 +22156,7 @@ CVE-2021-22905 RESERVED CVE-2021-22904 [Possible DoS Vulnerability in Action Controller Token Authentication] RESERVED - - rails <unfixed> + - rails <unfixed> (bug #988214) NOTE: https://github.com/rails/rails/commit/eab8c20f3ef6a022c4c11b439b1b22cef1768d5e (main) NOTE: https://github.com/rails/rails/commit/d861fa8ade353390c4419b53a6c6b41f3005b1f2 (v6.0.3.7) NOTE: https://github.com/rails/rails/commit/3d9e9fdf14e044b3ba66f909582c228a9d4ffb5c (v5.2.4.6) @@ -22167,7 +22167,7 @@ CVE-2021-22903 NOTE: Fixed by: https://github.com/rails/rails/commit/55e0723846aa77ce6afcb677618578fb859b7fd7 (main) CVE-2021-22902 [Possible Denial of Service vulnerability in Action Dispatch] RESERVED - - rails <unfixed> + - rails <unfixed> (bug #988214) [buster] - rails <not-affected> (Vulnerable code introduced later) [stretch] - rails <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/rails/rails/commit/b61b94181b2a0cecab49d90d8f259bc8e39b662a (main) @@ -22210,7 +22210,7 @@ CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to p NOT-FOR-US: Rocket.Chat CVE-2021-22885 [Possible Information Disclosure / Unintended Method Execution in Action Pack] RESERVED - - rails <unfixed> + - rails <unfixed> (bug #988214) NOTE: https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c (main) NOTE: https://github.com/rails/rails/commit/f202249bdd701f908a57d733e633d366a982f8ce (v6.0.3.7) NOTE: https://github.com/rails/rails/commit/3eb9e74c287750a9fe11f700fc96d3be1e83aa35 (v5.2.4.6) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5d97147dc238627ea97875f6165a0be077b5237 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5d97147dc238627ea97875f6165a0be077b5237 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits