Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 854d9422 by security tracker role at 2021-06-15T20:10:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,7 @@ +CVE-2021-3603 + RESERVED +CVE-2021-3602 + RESERVED CVE-2021-34695 RESERVED CVE-2021-34694 @@ -7129,8 +7133,7 @@ CVE-2021-31620 RESERVED CVE-2021-31619 RESERVED -CVE-2021-31618 [httpd: NULL pointer dereference on specially crafted HTTP/2 request] - RESERVED +CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol checks rec ...) [experimental] - apache2 2.4.48-1 - apache2 2.4.46-5 (bug #989562) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618 @@ -50993,6 +50996,7 @@ CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access P CVE-2020-26138 (In SilverStripe through 4.6.0-rc1, a FormField with square brackets in ...) NOT-FOR-US: SilverStripe CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...) + {DLA-2686-1} - python-urllib3 1.25.9-1 [buster] - python-urllib3 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue39603 @@ -140870,6 +140874,7 @@ CVE-2019-11323 (HAProxy before 1.9.7 mishandles a reload with rotated keys, whic NOTE: Introduced in: https://git.haproxy.org/?p=haproxy.git;a=commit;h=9e7547740cc2d0a6851de8ca9ac57488bdbb8bf2 NOTE: Fixed by: https://git.haproxy.org/?p=haproxy.git;a=commit;h=8ef706502aa2000531d36e4ac56dbdc7c30f718d CVE-2019-11324 (The urllib3 library before 1.24.2 for Python mishandles certain cases ...) + {DLA-2686-1} - python-urllib3 1.25.6-4 (bug #927412) [buster] - python-urllib3 <no-dsa> (Minor issue) [jessie] - python-urllib3 <not-affected> (Vulnerable code introduced later) @@ -141096,7 +141101,7 @@ CVE-2019-11238 CVE-2019-11237 RESERVED CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF injection is po ...) - {DLA-1828-1} + {DLA-2686-1 DLA-1828-1} [experimental] - python-urllib3 1.25.6-1 - python-urllib3 1.25.6-4 (bug #927172) [buster] - python-urllib3 <no-dsa> (Minor issue) @@ -166650,6 +166655,7 @@ CVE-2018-20062 (An issue was discovered in NoneCms V1.3. thinkphp/library/think/ CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x through ...) NOT-FOR-US: Frappe ERPNext CVE-2018-20060 (urllib3 before version 1.23 does not remove the Authorization HTTP hea ...) + {DLA-2686-1} - python-urllib3 1.24-1 [jessie] - python-urllib3 <ignored> (Minor issue) NOTE: https://github.com/urllib3/urllib3/issues/1316 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/854d9422e8b475425fd714144b4b524a6400ba5a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/854d9422e8b475425fd714144b4b524a6400ba5a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits