Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
038dd3cc by Moritz Muehlenhoff at 2021-07-01T14:01:19+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,41 +1,41 @@
CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in
grk::File ...)
- - libgrokj2k <unfixed>
+ - libgrokj2k <unfixed> (bug #990525)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml
CVE-2021-36088 (Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double
free in f ...)
NOT-FOR-US: Fluent Bit
CVE-2021-36087 (The CIL compiler in SELinux 3.2 has a heap-based buffer
over-read in e ...)
- - libsepol <unfixed>
+ - libsepol <unfixed> (bug #990526)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675
NOTE:
https://github.com/SELinuxProject/selinux/commit/bad0a746e9f4cf260dedba5828d9645d50176aac
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml
CVE-2021-36086 (The CIL compiler in SELinux 3.2 has a use-after-free in
cil_reset_clas ...)
- - libsepol <unfixed>
+ - libsepol <unfixed> (bug #990526)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177
NOTE:
https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml
CVE-2021-36085 (The CIL compiler in SELinux 3.2 has a use-after-free in
__cil_verify_c ...)
- - libsepol <unfixed>
+ - libsepol <unfixed> (bug #990526)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124a
NOTE:
https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml
CVE-2021-36084 (The CIL compiler in SELinux 3.2 has a use-after-free in
__cil_verify_c ...)
- - libsepol <unfixed>
+ - libsepol <unfixed> (bug #990526)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065
NOTE:
https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml
CVE-2021-36083 (KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based
buffer overf ...)
- - kimageformats <unfixed>
+ - kimageformats <unfixed> (bug #990527)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33742
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/kimageformats/OSV-2021-695.yaml
NOTE:
https://invent.kde.org/frameworks/kimageformats/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f
CVE-2021-36082 (ntop nDPI 3.4 has a stack-based buffer overflow in
processClientServer ...)
- - ndpi <unfixed>
+ - ndpi <unfixed> (bug #990528)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30393
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2021-304.yaml
NOTE:
https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3
CVE-2021-36081 (Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict
use-after-fr ...)
- - tesseract <unfixed>
+ - tesseract <unfixed> (bug #990529)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tesseract-ocr/OSV-2021-211.yaml
NOTE:
https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55
@@ -1241,7 +1241,7 @@ CVE-2021-3624 [buffer-overflow caused by integer-overflow
in foveon_load_camf()]
- dcraw <unfixed> (bug #984761)
CVE-2021-3623 [out-of-bounds access when trying to resume the state of the
vTPM]
RESERVED
- - libtpms <unfixed>
+ - libtpms <unfixed> (bug #990522)
NOTE: https://github.com/stefanberger/libtpms/pull/223
NOTE:
https://github.com/stefanberger/libtpms/commit/2f30d620d3c053f20d38b54bf76ac0907821d263
NOTE:
https://github.com/stefanberger/libtpms/commit/7981d9ad90a5043a05004e4ca7b46beab8ca7809
@@ -7523,11 +7523,11 @@ CVE-2021-32721 (PowerMux is a drop-in replacement for
Go's http.ServeMux. In Pow
CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony.
In vers ...)
NOT-FOR-US: Sylius
CVE-2021-32719 (RabbitMQ is a multi-protocol messaging broker. In
rabbitmq-server prio ...)
- - rabbitmq-server <unfixed>
+ - rabbitmq-server <unfixed> (bug #990524)
NOTE:
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x
NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3122
CVE-2021-32718 (RabbitMQ is a multi-protocol messaging broker. In
rabbitmq-server prio ...)
- - rabbitmq-server <unfixed>
+ - rabbitmq-server <unfixed> (bug #990524)
NOTE:
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772
NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3028
CVE-2021-32717 (Shopware is an open source eCommerce platform. In versions
prior to 6. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/038dd3cc06a889425bdc7abb1b9a01c3e0bdf232
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/038dd3cc06a889425bdc7abb1b9a01c3e0bdf232
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
