Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 038dd3cc by Moritz Muehlenhoff at 2021-07-01T14:01:19+02:00 bugnums - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,41 +1,41 @@ CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::File ...) - - libgrokj2k <unfixed> + - libgrokj2k <unfixed> (bug #990525) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml CVE-2021-36088 (Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in f ...) NOT-FOR-US: Fluent Bit CVE-2021-36087 (The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in e ...) - - libsepol <unfixed> + - libsepol <unfixed> (bug #990526) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675 NOTE: https://github.com/SELinuxProject/selinux/commit/bad0a746e9f4cf260dedba5828d9645d50176aac NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml CVE-2021-36086 (The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_clas ...) - - libsepol <unfixed> + - libsepol <unfixed> (bug #990526) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177 NOTE: https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml CVE-2021-36085 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c ...) - - libsepol <unfixed> + - libsepol <unfixed> (bug #990526) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124a NOTE: https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml CVE-2021-36084 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c ...) - - libsepol <unfixed> + - libsepol <unfixed> (bug #990526) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065 NOTE: https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml CVE-2021-36083 (KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overf ...) - - kimageformats <unfixed> + - kimageformats <unfixed> (bug #990527) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33742 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/kimageformats/OSV-2021-695.yaml NOTE: https://invent.kde.org/frameworks/kimageformats/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f CVE-2021-36082 (ntop nDPI 3.4 has a stack-based buffer overflow in processClientServer ...) - - ndpi <unfixed> + - ndpi <unfixed> (bug #990528) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30393 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2021-304.yaml NOTE: https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3 CVE-2021-36081 (Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-fr ...) - - tesseract <unfixed> + - tesseract <unfixed> (bug #990529) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tesseract-ocr/OSV-2021-211.yaml NOTE: https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55 @@ -1241,7 +1241,7 @@ CVE-2021-3624 [buffer-overflow caused by integer-overflow in foveon_load_camf()] - dcraw <unfixed> (bug #984761) CVE-2021-3623 [out-of-bounds access when trying to resume the state of the vTPM] RESERVED - - libtpms <unfixed> + - libtpms <unfixed> (bug #990522) NOTE: https://github.com/stefanberger/libtpms/pull/223 NOTE: https://github.com/stefanberger/libtpms/commit/2f30d620d3c053f20d38b54bf76ac0907821d263 NOTE: https://github.com/stefanberger/libtpms/commit/7981d9ad90a5043a05004e4ca7b46beab8ca7809 @@ -7523,11 +7523,11 @@ CVE-2021-32721 (PowerMux is a drop-in replacement for Go's http.ServeMux. In Pow CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony. In vers ...) NOT-FOR-US: Sylius CVE-2021-32719 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...) - - rabbitmq-server <unfixed> + - rabbitmq-server <unfixed> (bug #990524) NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3122 CVE-2021-32718 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...) - - rabbitmq-server <unfixed> + - rabbitmq-server <unfixed> (bug #990524) NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772 NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3028 CVE-2021-32717 (Shopware is an open source eCommerce platform. In versions prior to 6. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/038dd3cc06a889425bdc7abb1b9a01c3e0bdf232 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/038dd3cc06a889425bdc7abb1b9a01c3e0bdf232 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits