Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 79fd9868 by Salvatore Bonaccorso at 2021-05-10T21:59:17+02:00 Process some NFUs - - - - - ad36c4d5 by Salvatore Bonaccorso at 2021-05-11T08:59:12+02:00 Track fixed version for CVE-2021-20308/htmldoc via unstable - - - - - 67f2be05 by Salvatore Bonaccorso at 2021-05-11T09:00:08+02:00 Track fixed version for CVE-2021-32056/cyrus-imapd via unstable - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -884,7 +884,7 @@ CVE-2021-32057 RESERVED CVE-2021-32056 [annotate: don't allow everyone to write shared server entries ] RESERVED - - cyrus-imapd <unfixed> + - cyrus-imapd 3.2.6-2 NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995 NOTE: https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released CVE-2021-32054 @@ -2882,7 +2882,7 @@ CVE-2021-31247 CVE-2021-31246 RESERVED CVE-2021-31245 (omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares ...) - TODO: check + NOT-FOR-US: openmptcprouter-vps-admin CVE-2021-31244 RESERVED CVE-2021-31243 @@ -6866,9 +6866,9 @@ CVE-2021-29493 (Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploi CVE-2021-29492 RESERVED CVE-2021-29491 (Mixme is a library for recursive merging of Javascript objects. In Nod ...) - TODO: check + NOT-FOR-US: mixme nodejs module CVE-2021-29490 (Jellyfin is a free software media system that provides media from a de ...) - TODO: check + NOT-FOR-US: Jellyfin CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG. In Highch ...) NOT-FOR-US: Highcharts JS CVE-2021-29488 (SABnzbd is an open source binary newsreader. A vulnerability was disco ...) @@ -13831,7 +13831,7 @@ CVE-2021-26545 CVE-2021-26544 (Livy server version 0.7.0-incubating (only) is vulnerable to a cross s ...) NOT-FOR-US: Apache Livy CVE-2021-26543 (The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command i ...) - TODO: check + NOT-FOR-US: git-parse nodejs module CVE-2021-26542 RESERVED CVE-2021-26541 (The gitlog function in src/index.ts in gitlog before 4.0.4 has a comma ...) @@ -29606,7 +29606,7 @@ CVE-2021-20309 [Division by zero in WaveImage() of MagickCore/visual-effects.c] NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow attackers ...) - - htmldoc <unfixed> (unimportant; bug #984765) + - htmldoc 1.9.11-3 (unimportant; bug #984765) NOTE: https://github.com/michaelrsweet/htmldoc/issues/423 NOTE: Crash in CLI tool, no security impact CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in libpano1 ...) @@ -32985,7 +32985,7 @@ CVE-2021-1897 CVE-2021-1896 RESERVED CVE-2021-1895 (Possible integer overflow due to improper length check while flashing ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2021-1894 RESERVED CVE-2021-1893 @@ -80714,7 +80714,7 @@ CVE-2020-11270 (Possible denial of service due to RTT responder consistently rej CVE-2020-11269 (Possible memory corruption while processing EAPOL frames due to lack o ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11268 (Potential UE reset while decoding a crafted Sib1 or SIB1 that schedule ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2020-11267 RESERVED CVE-2020-11266 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c88afa77085ee22214f9341283b0ef203cd892a...67f2be05fdf8827c7f6f327764d1c0d119b9dded -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c88afa77085ee22214f9341283b0ef203cd892a...67f2be05fdf8827c7f6f327764d1c0d119b9dded You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits