Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: ba911e8a by Moritz Muehlenhoff at 2021-07-01T11:04:59+02:00 new rar, darktable, photoflow issues NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -80,15 +80,25 @@ CVE-2020-36396 CVE-2020-36395 RESERVED CVE-2019-25049 (LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_pr ...) - TODO: check + NOT-FOR-US: LibreSSL CVE-2019-25048 (LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_p ...) - TODO: check + NOT-FOR-US: LibreSSL CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write durin ...) - TODO: check + - unrar-nonfree <unfixed> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845 + NOTE: https://github.com/aawc/unrar/releases + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml CVE-2018-25017 (RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in Tab ...) - TODO: check + - darktable <unfixed> + - photoflow <unfixed> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5256 + NOTE: https://github.com/darktable-org/rawspeed/commit/dbe7591e54bad5e6430d38be6bed051582da76b9 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/librawspeed/OSV-2018-227.yaml CVE-2017-20006 (UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack:: ...) - TODO: check + - unrar-nonfree 1:5.6.6-1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373 + NOTE: https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml CVE-2021-3631 RESERVED CVE-2021-36079 @@ -310,7 +320,7 @@ CVE-2021-35972 CVE-2021-35971 (Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 be ...) NOT-FOR-US: Veeam CVE-2021-35970 (Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-ma ...) - TODO: check + NOT-FOR-US: Coral CVE-2021-35969 RESERVED CVE-2021-35968 @@ -7477,7 +7487,7 @@ CVE-2021-32738 CVE-2021-32737 RESERVED CVE-2021-32736 (think-helper defines a set of helper functions for ThinkJS. In version ...) - TODO: check + NOT-FOR-US: think-helper CVE-2021-32735 RESERVED CVE-2021-32734 @@ -10055,7 +10065,7 @@ CVE-2021-31723 CVE-2021-31722 RESERVED CVE-2021-31721 (Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image ...) - TODO: check + NOT-FOR-US: Chevereto CVE-2021-31720 RESERVED CVE-2021-31719 @@ -17169,11 +17179,11 @@ CVE-2021-28806 (A DOM-based XSS vulnerability has been reported to affect QNAP N CVE-2021-28805 (Inclusion of sensitive information in the source code has been reporte ...) NOT-FOR-US: QNAP CVE-2021-28804 (A command injection vulnerabilities have been reported to affect QTS a ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-28803 (This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11. ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-28802 (A command injection vulnerabilities have been reported to affect QTS a ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-28801 (An out-of-bounds read vulnerability has been reported to affect certai ...) NOT-FOR-US: QNAP CVE-2021-28800 (A command injection vulnerability has been reported to affect QNAP NAS ...) @@ -25657,11 +25667,11 @@ CVE-2020-36198 (A command injection vulnerability has been reported to affect ce CVE-2020-36197 (An improper access control vulnerability has been reported to affect e ...) NOT-FOR-US: QNAP CVE-2020-36196 (A stored XSS vulnerability has been reported to affect QNAP NAS runnin ...) - TODO: check + NOT-FOR-US: QNAP CVE-2020-36195 (An SQL injection vulnerability has been reported to affect QNAP NAS ru ...) NOT-FOR-US: QNAP CVE-2020-36194 (An XSS vulnerability has been reported to affect QNAP NAS running QTS ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...) NOT-FOR-US: MISP CVE-2021-3183 (Files.com Fat Client 3.3.6 allows authentication bypass because the cl ...) @@ -32378,21 +32388,21 @@ CVE-2021-22354 (There is an Information Disclosure Vulnerability in Huawei Smart CVE-2021-22353 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...) NOT-FOR-US: Huawei CVE-2021-22352 (There is a Configuration Defect Vulnerability in Huawei Smartphone. Su ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22351 (There is a Credentials Management Errors Vulnerability in Huawei Smart ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22350 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22349 (There is an Input Verification Vulnerability in Huawei Smartphone. Suc ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22348 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22347 RESERVED CVE-2021-22346 (There is an Improper Permission Management Vulnerability in Huawei Sma ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22345 (There is an Input Verification Vulnerability in Huawei Smartphone. Suc ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22344 RESERVED CVE-2021-22343 @@ -37544,7 +37554,7 @@ CVE-2021-20754 CVE-2021-20753 RESERVED CVE-2021-20752 (Cross-site scripting vulnerability in IkaIka RSS Reader all versions a ...) - TODO: check + NOT-FOR-US: IkaIka RSS Reader CVE-2021-20751 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p ...) NOT-FOR-US: EC-CUBE CVE-2021-20750 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18- ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba911e8a603f4de3a0308595f6a097a101ed8317 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba911e8a603f4de3a0308595f6a097a101ed8317 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits