Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
06bf3953 by Moritz Mühlenhoff at 2021-07-25T21:18:36+02:00
various bugs filed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1440,7 +1440,7 @@ CVE-2021-36771 (Zoho ManageEngine ADManager Plus before
7110 allows reflected XS
CVE-2021-36770
RESERVED
CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for
Android, Telegr ...)
- - telegram-desktop <unfixed>
+ - telegram-desktop <unfixed> (bug #991493)
NOTE: https://mtpsym.github.io/
CVE-2021-36768
RESERVED
@@ -10638,7 +10638,7 @@ CVE-2021-32744 (Collabora Online is a collaborative
online office suite. In vers
NOT-FOR-US: Collabora Online
CVE-2021-32743 (Icinga is a monitoring system which checks the availability of
network ...)
[experimental] - icinga2 2.12.5-1~exp1
- - icinga2 <unfixed>
+ - icinga2 <unfixed> (bug #991494)
NOTE:
https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
NOTE:
https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7
CVE-2021-32742 (Vapor is a web framework for Swift. In versions 4.47.1 and
prior, bug ...)
@@ -10651,7 +10651,7 @@ CVE-2021-32740 (Addressable is an alternative
implementation to the URI implemen
NOTE:
https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76
CVE-2021-32739 (Icinga is a monitoring system which checks the availability of
network ...)
[experimental] - icinga2 2.12.5-1~exp1
- - icinga2 <unfixed>
+ - icinga2 <unfixed> (bug #991494)
NOTE:
https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
NOTE:
https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5
CVE-2021-32738 (js-stellar-sdk is a Javascript library for communicating with
a Stella ...)
@@ -27763,7 +27763,7 @@ CVE-2021-3248
CVE-2021-3247
RESERVED
CVE-2021-3246 (A heap buffer overflow vulnerability in msadpcm_decode_block of
libsnd ...)
- - libsndfile <unfixed>
+ - libsndfile <unfixed> (bug #991496)
NOTE: https://github.com/libsndfile/libsndfile/issues/687
NOTE:
https://github.com/libsndfile/libsndfile/commit/deb669ee8be55a94565f6f8a6b60890c2e7c6f32
CVE-2021-3245
@@ -34440,7 +34440,7 @@ CVE-2021-22925 [TELNET stack contents disclosure again]
NOTE: insufficient and the security vulnerability remained.
CVE-2021-22924 [Bad connection reuse due to flawed path name checks]
RESERVED
- - curl <unfixed>
+ - curl <unfixed> (bug #991492)
NOTE: https://curl.se/docs/CVE-2021-22924.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/89721ff04af70f527baae1368f3b992777bf6526
(curl-7_10_4)
NOTE: Fixed by:
https://github.com/curl/curl/commit/5ea3145850ebff1dc2b13d17440300a01ca38161
(curl-7_78_0)
@@ -148362,7 +148362,8 @@ CVE-2019-11100 (Insufficient input validation in the
subsystem for Intel(R) AMT
CVE-2019-11099
RESERVED
CVE-2019-11098 (Insufficient input validation in MdeModulePkg in EDKII may
allow an un ...)
- - edk2 <unfixed>
+ - edk2 <unfixed> (bug #991495)
+ [bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
[stretch] - edk2 <no-dsa> (Minor issue)
NOTE:
https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06bf39531d56ba5363398de7c72da78718f9716d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06bf39531d56ba5363398de7c72da78718f9716d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
