Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
79fd9868 by Salvatore Bonaccorso at 2021-05-10T21:59:17+02:00
Process some NFUs
- - - - -
ad36c4d5 by Salvatore Bonaccorso at 2021-05-11T08:59:12+02:00
Track fixed version for CVE-2021-20308/htmldoc via unstable
- - - - -
67f2be05 by Salvatore Bonaccorso at 2021-05-11T09:00:08+02:00
Track fixed version for CVE-2021-32056/cyrus-imapd via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -884,7 +884,7 @@ CVE-2021-32057
RESERVED
CVE-2021-32056 [annotate: don't allow everyone to write shared server entries ]
RESERVED
- - cyrus-imapd <unfixed>
+ - cyrus-imapd 3.2.6-2
NOTE:
https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995
NOTE:
https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released
CVE-2021-32054
@@ -2882,7 +2882,7 @@ CVE-2021-31247
CVE-2021-31246
RESERVED
CVE-2021-31245 (omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier
compares ...)
- TODO: check
+ NOT-FOR-US: openmptcprouter-vps-admin
CVE-2021-31244
RESERVED
CVE-2021-31243
@@ -6866,9 +6866,9 @@ CVE-2021-29493 (Kennnyshiwa-cogs contains cogs for Red
Discordbot. An RCE exploi
CVE-2021-29492
RESERVED
CVE-2021-29491 (Mixme is a library for recursive merging of Javascript
objects. In Nod ...)
- TODO: check
+ NOT-FOR-US: mixme nodejs module
CVE-2021-29490 (Jellyfin is a free software media system that provides media
from a de ...)
- TODO: check
+ NOT-FOR-US: Jellyfin
CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG.
In Highch ...)
NOT-FOR-US: Highcharts JS
CVE-2021-29488 (SABnzbd is an open source binary newsreader. A vulnerability
was disco ...)
@@ -13831,7 +13831,7 @@ CVE-2021-26545
CVE-2021-26544 (Livy server version 0.7.0-incubating (only) is vulnerable to a
cross s ...)
NOT-FOR-US: Apache Livy
CVE-2021-26543 (The "gitDiff" function in Wayfair git-parse <=1.0.4 has a
command i ...)
- TODO: check
+ NOT-FOR-US: git-parse nodejs module
CVE-2021-26542
RESERVED
CVE-2021-26541 (The gitlog function in src/index.ts in gitlog before 4.0.4 has
a comma ...)
@@ -29606,7 +29606,7 @@ CVE-2021-20309 [Division by zero in WaveImage() of
MagickCore/visual-effects.c]
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f
CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow
attackers ...)
- - htmldoc <unfixed> (unimportant; bug #984765)
+ - htmldoc 1.9.11-3 (unimportant; bug #984765)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/423
NOTE: Crash in CLI tool, no security impact
CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in
libpano1 ...)
@@ -32985,7 +32985,7 @@ CVE-2021-1897
CVE-2021-1896
RESERVED
CVE-2021-1895 (Possible integer overflow due to improper length check while
flashing ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-1894
RESERVED
CVE-2021-1893
@@ -80714,7 +80714,7 @@ CVE-2020-11270 (Possible denial of service due to RTT
responder consistently rej
CVE-2020-11269 (Possible memory corruption while processing EAPOL frames due
to lack o ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11268 (Potential UE reset while decoding a crafted Sib1 or SIB1 that
schedule ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2020-11267
RESERVED
CVE-2020-11266
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c88afa77085ee22214f9341283b0ef203cd892a...67f2be05fdf8827c7f6f327764d1c0d119b9dded
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c88afa77085ee22214f9341283b0ef203cd892a...67f2be05fdf8827c7f6f327764d1c0d119b9dded
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
