Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 06bf3953 by Moritz Mühlenhoff at 2021-07-25T21:18:36+02:00 various bugs filed - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1440,7 +1440,7 @@ CVE-2021-36771 (Zoho ManageEngine ADManager Plus before 7110 allows reflected XS CVE-2021-36770 RESERVED CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android, Telegr ...) - - telegram-desktop <unfixed> + - telegram-desktop <unfixed> (bug #991493) NOTE: https://mtpsym.github.io/ CVE-2021-36768 RESERVED @@ -10638,7 +10638,7 @@ CVE-2021-32744 (Collabora Online is a collaborative online office suite. In vers NOT-FOR-US: Collabora Online CVE-2021-32743 (Icinga is a monitoring system which checks the availability of network ...) [experimental] - icinga2 2.12.5-1~exp1 - - icinga2 <unfixed> + - icinga2 <unfixed> (bug #991494) NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 CVE-2021-32742 (Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug ...) @@ -10651,7 +10651,7 @@ CVE-2021-32740 (Addressable is an alternative implementation to the URI implemen NOTE: https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76 CVE-2021-32739 (Icinga is a monitoring system which checks the availability of network ...) [experimental] - icinga2 2.12.5-1~exp1 - - icinga2 <unfixed> + - icinga2 <unfixed> (bug #991494) NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5 CVE-2021-32738 (js-stellar-sdk is a Javascript library for communicating with a Stella ...) @@ -27763,7 +27763,7 @@ CVE-2021-3248 CVE-2021-3247 RESERVED CVE-2021-3246 (A heap buffer overflow vulnerability in msadpcm_decode_block of libsnd ...) - - libsndfile <unfixed> + - libsndfile <unfixed> (bug #991496) NOTE: https://github.com/libsndfile/libsndfile/issues/687 NOTE: https://github.com/libsndfile/libsndfile/commit/deb669ee8be55a94565f6f8a6b60890c2e7c6f32 CVE-2021-3245 @@ -34440,7 +34440,7 @@ CVE-2021-22925 [TELNET stack contents disclosure again] NOTE: insufficient and the security vulnerability remained. CVE-2021-22924 [Bad connection reuse due to flawed path name checks] RESERVED - - curl <unfixed> + - curl <unfixed> (bug #991492) NOTE: https://curl.se/docs/CVE-2021-22924.html NOTE: Introduced by: https://github.com/curl/curl/commit/89721ff04af70f527baae1368f3b992777bf6526 (curl-7_10_4) NOTE: Fixed by: https://github.com/curl/curl/commit/5ea3145850ebff1dc2b13d17440300a01ca38161 (curl-7_78_0) @@ -148362,7 +148362,8 @@ CVE-2019-11100 (Insufficient input validation in the subsystem for Intel(R) AMT CVE-2019-11099 RESERVED CVE-2019-11098 (Insufficient input validation in MdeModulePkg in EDKII may allow an un ...) - - edk2 <unfixed> + - edk2 <unfixed> (bug #991495) + [bullseye] - edk2 <no-dsa> (Minor issue) [buster] - edk2 <no-dsa> (Minor issue) [stretch] - edk2 <no-dsa> (Minor issue) NOTE: https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06bf39531d56ba5363398de7c72da78718f9716d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06bf39531d56ba5363398de7c72da78718f9716d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits