[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 15 Jun 2021 13:10:46 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
854d9422 by security tracker role at 2021-06-15T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-3603
+       RESERVED
+CVE-2021-3602
+       RESERVED
 CVE-2021-34695
        RESERVED
 CVE-2021-34694
@@ -7129,8 +7133,7 @@ CVE-2021-31620
        RESERVED
 CVE-2021-31619
        RESERVED
-CVE-2021-31618 [httpd: NULL pointer dereference on specially crafted HTTP/2 
request]
-       RESERVED
+CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol 
checks rec ...)
        [experimental] - apache2 2.4.48-1
        - apache2 2.4.46-5 (bug #989562)
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618
@@ -50993,6 +50996,7 @@ CVE-2020-26139 (An issue was discovered in the kernel 
in NetBSD 7.1. An Access P
 CVE-2020-26138 (In SilverStripe through 4.6.0-rc1, a FormField with square 
brackets in ...)
        NOT-FOR-US: SilverStripe
 CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker 
controls t ...)
+       {DLA-2686-1}
        - python-urllib3 1.25.9-1
        [buster] - python-urllib3 <no-dsa> (Minor issue)
        NOTE: https://bugs.python.org/issue39603
@@ -140870,6 +140874,7 @@ CVE-2019-11323 (HAProxy before 1.9.7 mishandles a 
reload with rotated keys, whic
        NOTE: Introduced in: 
https://git.haproxy.org/?p=haproxy.git;a=commit;h=9e7547740cc2d0a6851de8ca9ac57488bdbb8bf2
        NOTE: Fixed by: 
https://git.haproxy.org/?p=haproxy.git;a=commit;h=8ef706502aa2000531d36e4ac56dbdc7c30f718d
 CVE-2019-11324 (The urllib3 library before 1.24.2 for Python mishandles 
certain cases  ...)
+       {DLA-2686-1}
        - python-urllib3 1.25.6-4 (bug #927412)
        [buster] - python-urllib3 <no-dsa> (Minor issue)
        [jessie] - python-urllib3 <not-affected> (Vulnerable code introduced 
later)
@@ -141096,7 +141101,7 @@ CVE-2019-11238
 CVE-2019-11237
        RESERVED
 CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF 
injection is po ...)
-       {DLA-1828-1}
+       {DLA-2686-1 DLA-1828-1}
        [experimental] - python-urllib3 1.25.6-1
        - python-urllib3 1.25.6-4 (bug #927172)
        [buster] - python-urllib3 <no-dsa> (Minor issue)
@@ -166650,6 +166655,7 @@ CVE-2018-20062 (An issue was discovered in NoneCms 
V1.3. thinkphp/library/think/
 CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x 
through  ...)
        NOT-FOR-US: Frappe ERPNext
 CVE-2018-20060 (urllib3 before version 1.23 does not remove the Authorization 
HTTP hea ...)
+       {DLA-2686-1}
        - python-urllib3 1.24-1
        [jessie] - python-urllib3 <ignored> (Minor issue)
        NOTE: https://github.com/urllib3/urllib3/issues/1316



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/854d9422e8b475425fd714144b4b524a6400ba5a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/854d9422e8b475425fd714144b4b524a6400ba5a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to