Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 059a837c by security tracker role at 2022-01-01T08:10:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,75 @@ +CVE-2022-0079 + RESERVED +CVE-2022-0078 + RESERVED +CVE-2021-45959 ({fmt} 7.1.0 through 8.0.1 has a stack-based buffer overflow in fmt::v8 ...) + TODO: check +CVE-2021-45958 (UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based buffer ove ...) + TODO: check +CVE-2021-45957 (Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (calle ...) + TODO: check +CVE-2021-45956 (Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called fro ...) + TODO: check +CVE-2021-45955 (Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called ...) + TODO: check +CVE-2021-45954 (Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called ...) + TODO: check +CVE-2021-45953 (Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called ...) + TODO: check +CVE-2021-45952 (Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called fr ...) + TODO: check +CVE-2021-45951 (Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (ca ...) + TODO: check +CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in ...) + TODO: check +CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...) + TODO: check +CVE-2021-45948 (Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-base ...) + TODO: check +CVE-2021-45947 (Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from ...) + TODO: check +CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...) + TODO: check +CVE-2021-45945 (uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds write in std::_ ...) + TODO: check +CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...) + TODO: check +CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::C ...) + TODO: check +CVE-2021-45942 (OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_ ...) + TODO: check +CVE-2021-45941 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...) + TODO: check +CVE-2021-45940 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in _ ...) + TODO: check +CVE-2021-45939 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) + TODO: check +CVE-2021-45938 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) + TODO: check +CVE-2021-45937 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) + TODO: check +CVE-2021-45936 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Di ...) + TODO: check +CVE-2021-45935 (Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K: ...) + TODO: check +CVE-2021-45934 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) + TODO: check +CVE-2021-45933 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in Mqt ...) + TODO: check +CVE-2021-45932 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in Mqt ...) + TODO: check +CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t:: ...) + TODO: check +CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 6.2.1 has an out-of-bounds write in QtPriva ...) + TODO: check +CVE-2021-45929 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...) + TODO: check +CVE-2021-45928 (libjxl before 0.6, as used in libvips 8.11 through 8.11.2 and other pr ...) + TODO: check +CVE-2021-45927 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...) + TODO: check +CVE-2021-45926 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...) + TODO: check CVE-2021-4196 RESERVED CVE-2021-4195 @@ -3685,8 +3757,8 @@ CVE-2021-44854 [REST API incorrectly publicly caches autocomplete search results NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitec...@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ CVE-2021-44853 RESERVED -CVE-2021-44852 - RESERVED +CVE-2021-44852 (An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1. ...) + TODO: check CVE-2021-44851 RESERVED CVE-2021-44850 @@ -4159,8 +4231,7 @@ CVE-2021-44719 RESERVED CVE-2021-44718 RESERVED -CVE-2021-44717 - RESERVED +CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operat ...) - golang-1.17 1.17.5-1 - golang-1.15 1.15.15-5 [bullseye] - golang-1.15 1.15.15-1~deb11u2 @@ -4171,8 +4242,7 @@ CVE-2021-44717 NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ NOTE: https://github.com/golang/go/commit/e46abcb816fb20663483f84fe52e370790a99bee (go1.17.5) NOTE: https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.16.12) -CVE-2021-44716 - RESERVED +CVE-2021-44716 (net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontro ...) - golang-1.17 1.17.5-1 - golang-1.15 1.15.15-5 [bullseye] - golang-1.15 1.15.15-1~deb11u2 @@ -8899,8 +8969,8 @@ CVE-2021-43335 RESERVED CVE-2021-43334 RESERVED -CVE-2021-43333 - RESERVED +CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...) + TODO: check CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...) - mailman <removed> (bug #1000367) [buster] - mailman <no-dsa> (Minor issue) @@ -14725,8 +14795,7 @@ CVE-2021-41821 (Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Int NOT-FOR-US: Wazuh CVE-2021-41820 RESERVED -CVE-2021-41819 [Cookie Prefix Spoofing in CGI::Cookie.parse] - RESERVED +CVE-2021-41819 (CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes i ...) {DLA-2853-1} - ruby3.0 <unfixed> - ruby2.7 2.7.5-1 @@ -14737,8 +14806,7 @@ CVE-2021-41819 [Cookie Prefix Spoofing in CGI::Cookie.parse] NOTE: Fixed by: https://github.com/ruby/cgi/commit/052eb3a828b0f99bca39cfd800f6c2b91307dbd5 (v0.3.1) CVE-2021-41818 RESERVED -CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsing Methods] - RESERVED +CVE-2021-41817 (Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regula ...) {DLA-2853-1} - ruby3.0 <unfixed> - ruby2.7 2.7.5-1 @@ -27088,7 +27156,7 @@ CVE-2021-3652 [CRYPT password hash with asterisk allows any bind attempt to succ NOTE: https://github.com/389ds/389-ds-base/issues/4817 NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master) NOTE: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 (1.4.4.x) -CVE-2021-36767 (In Digi RealPort through 4.8.488.0, authentication relies on a challen ...) +CVE-2021-36767 (In Digi RealPort through 4.10.490, authentication relies on a challeng ...) NOT-FOR-US: Digi RealPort CVE-2021-36766 (Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable co ...) NOT-FOR-US: Concrete5 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/059a837c52f8a5124ae63251b3e0c3f371615af7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/059a837c52f8a5124ae63251b3e0c3f371615af7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits