[Git][security-tracker-team/security-tracker][master] Add upstream commit for CVE-2018-20835
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9fa84694 by Salvatore Bonaccorso at 2021-02-05T07:21:55+01:00 Add upstream commit for CVE-2018-20835 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -119027,6 +119027,7 @@ CVE-2019-11600 (A SQL injection vulnerability in the activities API in OpenProje NOT-FOR-US: OpenProject CVE-2018-20835 (A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File O ...) - node-tar-fs (Fixed before initial upload to Debian) + NOTE: https://github.com/mafintosh/tar-fs/commit/06672828e6fa29ac8551b1b6f36c852a9a3c58a2 (v1.16.2) CVE-2018-20834 (A vulnerability was found in node-tar before version 4.4.2 (excluding ...) - node-tar 4.4.4+ds1-2 [stretch] - node-tar (Nodejs in stretch not covered by security support, minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fa846940d86be99c681c03da129f666b3b77e9c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fa846940d86be99c681c03da129f666b3b77e9c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] node-tar-fs entered th archive (Issues fixed before initial upload)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 356a62f7 by Salvatore Bonaccorso at 2021-02-05T07:20:28+01:00 node-tar-fs entered th archive (Issues fixed before initial upload) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -119026,7 +119026,7 @@ CVE-2019-11601 (A directory traversal vulnerability in remote access to backup & CVE-2019-11600 (A SQL injection vulnerability in the activities API in OpenProject bef ...) NOT-FOR-US: OpenProject CVE-2018-20835 (A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File O ...) - - node-tar-fs (bug #897023) + - node-tar-fs (Fixed before initial upload to Debian) CVE-2018-20834 (A vulnerability was found in node-tar before version 4.4.2 (excluding ...) - node-tar 4.4.4+ds1-2 [stretch] - node-tar (Nodejs in stretch not covered by security support, minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/356a62f793dd982f0c72faf658267a35e4c8195b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/356a62f793dd982f0c72faf658267a35e4c8195b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 314fbd223072bbb674b11a3350c2bfab68c3685b failed
The error message was: data/CVE/list:119028: ITPed package node-tar-fs is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing b340015ccdf3eb5d6e0f6ae4143a658a26b80367 failed
The error message was: data/CVE/list:119022: ITPed package node-tar-fs is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add new issue in AF_VSOCK implementation
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 782efd8f by Salvatore Bonaccorso at 2021-02-05T07:01:36+01:00 Add new issue in AF_VSOCK implementation - - - - - 314fbd22 by Salvatore Bonaccorso at 2021-02-05T07:03:24+01:00 Add upstream reference for new linux issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2021- [vsock: fix the race conditions in multi-transport support] + - linux + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/5 + NOTE: https://git.kernel.org/linus/c518adafa39f37858697ac9309c6cf1805581446 CVE-2021-26697 RESERVED CVE-2021-26696 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b340015ccdf3eb5d6e0f6ae4143a658a26b80367...314fbd223072bbb674b11a3350c2bfab68c3685b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b340015ccdf3eb5d6e0f6ae4143a658a26b80367...314fbd223072bbb674b11a3350c2bfab68c3685b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing b0b9afe2489206d8589ed51a0198be7493dc0d09 failed
The error message was: data/CVE/list:119022: ITPed package node-tar-fs is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2021-3283/nomad
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b340015c by Salvatore Bonaccorso at 2021-02-05T06:53:01+01:00 Add fixed version for CVE-2021-3283/nomad - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1647,7 +1647,7 @@ CVE-2021-3285 (jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before CVE-2021-3284 RESERVED CVE-2021-3283 (HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task d ...) - - nomad (bug #981889) + - nomad 0.12.10+dfsg1-1 (bug #981889) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-01-nomad-s-exec-and-java-task-drivers-did-not-isolate-processes/20332 TODO: check details CVE-2021-3282 (HashiCorp Vault Enterprise 1.6.0 1.6.1 allowed the `remove-peer` ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b340015ccdf3eb5d6e0f6ae4143a658a26b80367 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b340015ccdf3eb5d6e0f6ae4143a658a26b80367 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 3c3c10d28c6e0e011b8a33f3c1b9f038d8079edb failed
The error message was: data/CVE/list:119013: ITPed package node-tar-fs is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-21702/php
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b0b9afe2 by Salvatore Bonaccorso at 2021-02-05T06:37:11+01:00 Add CVE-2021-21702/php - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11098,8 +11098,14 @@ CVE-2021-21704 RESERVED CVE-2021-21703 RESERVED -CVE-2021-21702 +CVE-2021-21702 [Null Dereference in SoapClient] RESERVED + - php8.0 + - php7.4 + - php7.3 + - php7.0 + NOTE: Fixed in PHP 8.0.2, 7.4.15, 7.3.27 + NOTE: PHP Bug: https://bugs.php.net/80672 CVE-2021-21701 RESERVED CVE-2021-21700 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0b9afe2489206d8589ed51a0198be7493dc0d09 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0b9afe2489206d8589ed51a0198be7493dc0d09 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-20228/ansible
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a73e32c3 by Salvatore Bonaccorso at 2021-02-05T06:33:56+01:00 Add CVE-2021-20228/ansible - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15554,8 +15554,11 @@ CVE-2021-20230 RESERVED CVE-2021-20229 RESERVED -CVE-2021-20228 +CVE-2021-20228 [basic.py no_log with fallback option] RESERVED + - ansible + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925002 + TODO: check details CVE-2021-20227 RESERVED - sqlite3 3.34.1-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a73e32c35f1fbf3cbfc692ee64c148c12c9368ef -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a73e32c35f1fbf3cbfc692ee64c148c12c9368ef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-20227/sqlite3
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3c3c10d2 by Salvatore Bonaccorso at 2021-02-05T06:30:04+01:00 Add CVE-2021-20227/sqlite3 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15558,6 +15558,9 @@ CVE-2021-20228 RESERVED CVE-2021-20227 RESERVED + - sqlite3 3.34.1-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1924886 + NOTE: https://sqlite.org/src/info/30a4c323650cc949 CVE-2021-20226 RESERVED CVE-2021-20225 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c3c10d28c6e0e011b8a33f3c1b9f038d8079edb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c3c10d28c6e0e011b8a33f3c1b9f038d8079edb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing bc2c6f5a86daf856b48284bfc80ecd46ab3fcdcf failed
The error message was: data/CVE/list:119006: ITPed package node-tar-fs is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-20176/imagemagick
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 57cb6469 by Salvatore Bonaccorso at 2021-02-05T06:26:49+01:00 Add CVE-2021-20176/imagemagick - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15748,8 +15748,12 @@ CVE-2021-20177 [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=209823 NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/1 -CVE-2021-20176 +CVE-2021-20176 [processing crafted file leads to division by zero] RESERVED + - imagemagick 8:6.9.11.57+dfsg-1 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/3077 + NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774 + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/90255f0834eead08d59f46b0bda7b1580451cc0f CVE-2021-20175 RESERVED CVE-2021-20174 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57cb64697a0cd5a4a7f1e46ad7db7351ccbe334f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57cb64697a0cd5a4a7f1e46ad7db7351ccbe334f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2019-25016/doas
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bc2c6f5a by Salvatore Bonaccorso at 2021-02-05T06:18:56+01:00 Update information for CVE-2019-25016/doas - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -959,8 +959,9 @@ CVE-2021-26300 CVE-2021-26299 RESERVED CVE-2019-25016 (In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly in ...) - - doas (bug #981176) - NOTE: https://github.com/Duncaen/OpenDoas/commit/01c658f8c45cb92a343be5f32aa6da70b2032168 + - doas (Fixed with initial upload to Debian) + NOTE: Introduced in: https://github.com/Duncaen/OpenDoas/commit/01c658f8c45cb92a343be5f32aa6da70b2032168 (v6.6) + NOTE: Fixed by: https://github.com/Duncaen/OpenDoas/commit/d5acd52e2a15c36a8e06f9103d35622933aa422d (v6.8.1) NOTE: https://github.com/Duncaen/OpenDoas/issues/45 CVE-2021-3335 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc2c6f5a86daf856b48284bfc80ecd46ab3fcdcf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc2c6f5a86daf856b48284bfc80ecd46ab3fcdcf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing a983ab459c5086324125fd4056f784ec057f68b7 failed
The error message was: data/CVE/list:961: ITPed package doas is in the archive data/CVE/list:119005: ITPed package node-tar-fs is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing a983ab459c5086324125fd4056f784ec057f68b7 failed
The error message was: data/CVE/list:961: ITPed package doas is in the archive data/CVE/list:119005: ITPed package node-tar-fs is in the archive make: *** [Makefile:19: all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a983ab45 by Salvatore Bonaccorso at 2021-02-04T21:46:27+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21778,7 +21778,7 @@ CVE-2021-1391 CVE-2021-1390 RESERVED CVE-2021-1389 (A vulnerability in the IPv6 traffic processing of Cisco IOS XR Softwar ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1388 RESERVED CVE-2021-1387 @@ -21816,7 +21816,7 @@ CVE-2021-1372 CVE-2021-1371 RESERVED CVE-2021-1370 (A vulnerability in a CLI command of Cisco IOS XR Software for the Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1369 RESERVED CVE-2021-1368 @@ -21848,7 +21848,7 @@ CVE-2021-1356 CVE-2021-1355 (Multiple vulnerabilities in Cisco Unified Communications Manager IM ...) NOT-FOR-US: Cisco CVE-2021-1354 (A vulnerability in the certificate registration process of Cisco Unifi ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1353 (A vulnerability in the IPv4 protocol handling of Cisco StarOS could al ...) NOT-FOR-US: Cisco CVE-2021-1352 @@ -21860,77 +21860,77 @@ CVE-2021-1350 (A vulnerability in the web UI of Cisco Umbrella could allow an un CVE-2021-1349 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2021-1348 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1347 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1346 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1345 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1344 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1343 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1342 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1341 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1340 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1339 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1338 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1337 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1336 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1335 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1334 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1333 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1332 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1331 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1330 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1329 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1328 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1327 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1326 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1325 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1324 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-1323 (Multiple
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c2817aa2 by Salvatore Bonaccorso at 2021-02-04T21:36:50+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -82285,7 +82285,7 @@ CVE-2020-5034 CVE-2020-5033 RESERVED CVE-2020-5032 (IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable t ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-5031 RESERVED CVE-2020-5030 @@ -82693,13 +82693,13 @@ CVE-2020-4830 CVE-2020-4829 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...) NOT-FOR-US: IBM CVE-2020-4828 (IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018. ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4827 (IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018. ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4826 (IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018. ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4825 (IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018. ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4824 RESERVED CVE-2020-4823 @@ -83072,7 +83072,7 @@ CVE-2020-4642 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) CVE-2020-4641 RESERVED CVE-2020-4640 (Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 throu ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4639 RESERVED CVE-2020-4638 (IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulner ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2817aa226d2d30bc110edfd5d681ffd3c04a7e7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2817aa226d2d30bc110edfd5d681ffd3c04a7e7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-3283/nomad
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d48a3996 by Salvatore Bonaccorso at 2021-02-04T21:19:35+01:00 Add Debian bug reference for CVE-2021-3283/nomad - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1646,7 +1646,7 @@ CVE-2021-3285 (jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before CVE-2021-3284 RESERVED CVE-2021-3283 (HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task d ...) - - nomad + - nomad (bug #981889) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-01-nomad-s-exec-and-java-task-drivers-did-not-isolate-processes/20332 TODO: check details CVE-2021-3282 (HashiCorp Vault Enterprise 1.6.0 1.6.1 allowed the `remove-peer` ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d48a39964c4ab8338c15b07f0c9597843d0343ee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d48a39964c4ab8338c15b07f0c9597843d0343ee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a422061 by security tracker role at 2021-02-04T20:10:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,25 @@ +CVE-2021-26697 + RESERVED +CVE-2021-26696 + RESERVED +CVE-2021-26695 + RESERVED +CVE-2021-26694 + RESERVED +CVE-2021-26693 + RESERVED +CVE-2021-26692 + RESERVED +CVE-2021-26691 + RESERVED +CVE-2021-26690 + RESERVED +CVE-2021-26249 + RESERVED +CVE-2021-23202 + RESERVED +CVE-2021-23141 + RESERVED CVE-2021-3401 (Bitcoin Core before 0.19.0 might allow remote attackers to execute arb ...) - bitcoin 0.20.1~dfsg-1 CVE-2021-3400 @@ -21755,8 +21777,8 @@ CVE-2021-1391 RESERVED CVE-2021-1390 RESERVED -CVE-2021-1389 - RESERVED +CVE-2021-1389 (A vulnerability in the IPv6 traffic processing of Cisco IOS XR Softwar ...) + TODO: check CVE-2021-1388 RESERVED CVE-2021-1387 @@ -21793,8 +21815,8 @@ CVE-2021-1372 RESERVED CVE-2021-1371 RESERVED -CVE-2021-1370 - RESERVED +CVE-2021-1370 (A vulnerability in a CLI command of Cisco IOS XR Software for the Cisc ...) + TODO: check CVE-2021-1369 RESERVED CVE-2021-1368 @@ -21825,8 +21847,8 @@ CVE-2021-1356 RESERVED CVE-2021-1355 (Multiple vulnerabilities in Cisco Unified Communications Manager IM ...) NOT-FOR-US: Cisco -CVE-2021-1354 - RESERVED +CVE-2021-1354 (A vulnerability in the certificate registration process of Cisco Unifi ...) + TODO: check CVE-2021-1353 (A vulnerability in the IPv4 protocol handling of Cisco StarOS could al ...) NOT-FOR-US: Cisco CVE-2021-1352 @@ -21837,78 +21859,78 @@ CVE-2021-1350 (A vulnerability in the web UI of Cisco Umbrella could allow an un NOT-FOR-US: Cisco CVE-2021-1349 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco -CVE-2021-1348 - RESERVED -CVE-2021-1347 - RESERVED -CVE-2021-1346 - RESERVED -CVE-2021-1345 - RESERVED -CVE-2021-1344 - RESERVED -CVE-2021-1343 - RESERVED -CVE-2021-1342 - RESERVED -CVE-2021-1341 - RESERVED -CVE-2021-1340 - RESERVED -CVE-2021-1339 - RESERVED -CVE-2021-1338 - RESERVED -CVE-2021-1337 - RESERVED -CVE-2021-1336 - RESERVED -CVE-2021-1335 - RESERVED -CVE-2021-1334 - RESERVED -CVE-2021-1333 - RESERVED -CVE-2021-1332 - RESERVED -CVE-2021-1331 - RESERVED -CVE-2021-1330 - RESERVED -CVE-2021-1329 - RESERVED -CVE-2021-1328 - RESERVED -CVE-2021-1327 - RESERVED -CVE-2021-1326 - RESERVED -CVE-2021-1325 - RESERVED -CVE-2021-1324 - RESERVED -CVE-2021-1323 - RESERVED -CVE-2021-1322 - RESERVED -CVE-2021-1321 - RESERVED -CVE-2021-1320 - RESERVED -CVE-2021-1319 - RESERVED -CVE-2021-1318 - RESERVED -CVE-2021-1317 - RESERVED -CVE-2021-1316 - RESERVED -CVE-2021-1315 - RESERVED -CVE-2021-1314 - RESERVED -CVE-2021-1313 - RESERVED +CVE-2021-1348 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1347 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1346 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1345 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1344 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1343 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1342 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1341 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1340 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1339 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1338 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1337 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1336 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1335 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1334 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1333 (Multiple
[Git][security-tracker-team/security-tracker][master] Track experimental fix for CVE-2021-22172/gitlab
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f423be6d by Salvatore Bonaccorso at 2021-02-04T20:59:30+01:00 Track experimental fix for CVE-2021-22172/gitlab - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10105,6 +10105,7 @@ CVE-2021-22173 [USB HID dissector memory leak] NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17124 CVE-2021-22172 RESERVED + [experimental] - gitlab 13.6.6-1 - gitlab NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/ CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab Pages f ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f423be6d3b08f3a8a8f9e2304bd55c1e275cdcdd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f423be6d3b08f3a8a8f9e2304bd55c1e275cdcdd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2020-27829/imagemagick
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 740e73c4 by Salvatore Bonaccorso at 2021-02-04T20:44:59+01:00 Update information for CVE-2020-27829/imagemagick - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25983,9 +25983,9 @@ CVE-2020-27830 [Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2] NOTE: https://git.kernel.org/linus/f0992098cadb4c9c6a00703b66cafe604e178fea CVE-2020-27829 [heap buffer overflow in coders/tiff.c] RESERVED - - imagemagick + - imagemagick 8:6.9.11.57+dfsg-1 NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ee5059cd3ac8d82714a1ab1321399b88539abf0 - TODO: check status for ImageMagick6 + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e30be60bd97313b80e2701239728a3f47c570817 CVE-2020-27828 (There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Cr ...) - jasper NOTE: https://github.com/jasper-software/jasper/issues/252 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/740e73c4775b1374a183c6a76340fe54286cc270 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/740e73c4775b1374a183c6a76340fe54286cc270 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new nim issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e8e71a0 by Moritz Mühlenhoff at 2021-02-04T17:12:14+01:00 new nim issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -52655,7 +52655,9 @@ CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL a CVE-2020-15691 RESERVED CVE-2020-15690 (In Nim before 1.2.6, the standard library asyncftpclient lacks a check ...) - TODO: check + - nim 1.2.6-1 + [buster] - nim (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/3 CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, ...) NOT-FOR-US: Appweb CVE-2020-15688 (The HTTP Digest Authentication in the GoAhead web server before 5.1.2 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e8e71a07efcf74f75695d20d4fbf2f8027f410c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e8e71a07efcf74f75695d20d4fbf2f8027f410c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] mark some linux issues as for buster
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e869f06a by Moritz Muehlenhoff at 2021-02-04T13:58:23+01:00
mark some linux issues as postponed for buster
podofo unimportant
add openwall refs for nim issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -52641,14 +52641,17 @@ CVE-2020-15694 (In Nim 1.2.4, the standard library
httpClient fails to properly
- nim 1.2.6-1
[buster] - nim (Minor issue)
[stretch] - nim (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/2
CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to
a CR-LF ...)
- nim 1.2.6-1
[buster] - nim (Minor issue)
[stretch] - nim (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/2
CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL
argumen ...)
- nim 1.2.6-1
[buster] - nim (Minor issue)
[stretch] - nim (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/1
CVE-2020-15691
RESERVED
CVE-2020-15690 (In Nim before 1.2.6, the standard library asyncftpclient lacks
a check ...)
@@ -104168,6 +104171,8 @@ CVE-2019-16061 (A number of files on the NETSAS
Enigma NMS server 65.0.0 and pri
NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16089 (An issue was discovered in the Linux kernel through 5.2.13.
nbd_genl_s ...)
- linux
+ [bullseye] - linux (Minor issue, revisit when fixed
upstream)
+ [buster] - linux (Minor issue, revisit when fixed upstream)
[stretch] - linux (Vulnerable code not present)
[jessie] - linux (Vulnerable code not present)
CVE-2019-16060 (The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the
blacklist ...)
@@ -106656,6 +106661,7 @@ CVE-2019-15214 (An issue was discovered in the Linux
kernel before 5.0.10. There
[stretch] - linux 4.9.184-1
CVE-2019-15213 (An issue was discovered in the Linux kernel before 5.2.3.
There is a u ...)
- linux
+ [bullseye] - linux (Revisit when correctly fixed upstream)
[stretch] - linux (Vulnerable code introduced later)
[jessie] - linux (Vulnerable code introduced later)
CVE-2019-15212 (An issue was discovered in the Linux kernel before 5.1.8.
There is a d ...)
@@ -126716,11 +126722,9 @@ CVE-2019-9210 (In AdvanceCOMP 2.1, png_compress in
pngex.cc in advpng has an int
NOTE: https://sourceforge.net/p/advancemame/bugs/277/
NOTE: Fixed by
https://github.com/amadvance/advancecomp/commit/fcf71a89265c78fc26243574dda3a872574a5c02
CVE-2018-20797 (An issue was discovered in PoDoFo 0.9.6. There is an attempted
excessi ...)
- - libpodofo (low; bug #923415)
- [buster] - libpodofo (Minor issue)
- [stretch] - libpodofo (Minor issue)
- [jessie] - libpodofo (Minor issue)
+ - libpodofo (unimportant; bug #923415)
NOTE: https://sourceforge.net/p/podofo/tickets/34/
+ NOTE: Negligible security impact
CVE-2019-9209 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER
and rel ...)
{DSA-4416-1 DLA-1729-1}
- wireshark 2.6.7-1 (bug #923611)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e869f06a6f8295a8f44a9238119916f8faabdc28
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e869f06a6f8295a8f44a9238119916f8faabdc28
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new bitcoin issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a8230cf by Moritz Muehlenhoff at 2021-02-04T11:42:13+01:00 new bitcoin issue NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2021-3401 (Bitcoin Core before 0.19.0 might allow remote attackers to execute arb ...) - TODO: check + - bitcoin 0.20.1~dfsg-1 CVE-2021-3400 RESERVED CVE-2021-26689 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) @@ -1636,9 +1636,9 @@ CVE-2021-3281 (In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3. NOTE: https://github.com/django/django/commit/05413afa8c18cdb978fcdf470e09f7a12b234a23 (master) NOTE: https://github.com/django/django/commit/21e7622dec1f8612c85c2fc37fe8efbfd3311e37 (2.2.18) CVE-2021-26024 (The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable ...) - TODO: check + NOT-FOR-US: Nagios XI CVE-2021-26023 (The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable ...) - TODO: check + NOT-FOR-US: Nagios XI CVE-2021-26022 RESERVED CVE-2021-26021 @@ -2401,53 +2401,53 @@ CVE-2021-25780 CVE-2021-25779 RESERVED CVE-2021-25778 (In JetBrains TeamCity before 2020.2.1, permissions during user deletio ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2021-25777 (In JetBrains TeamCity before 2020.2.1, permissions during token remova ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2021-25776 (In JetBrains TeamCity before 2020.2, an ECR token could be exposed in ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2021-25775 (In JetBrains TeamCity before 2020.2.1, the server admin could create a ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2021-25774 (In JetBrains TeamCity before 2020.2.1, a user could get access to the ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2021-25773 (JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on se ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2021-25772 (In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possibl ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2021-25771 (In JetBrains YouTrack before 2020.6.1099, project information could be ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2021-25770 (In JetBrains YouTrack before 2020.5.3123, server-side template injecti ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2021-25769 (In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator w ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2021-25768 (In JetBrains YouTrack before 2020.4.4701, permissions for attachments ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2021-25767 (In JetBrains YouTrack before 2020.6.1767, an issue's existence could b ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2021-25766 (In JetBrains YouTrack before 2020.4.4701, improper resource access che ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2021-25765 (In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload w ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2021-25764 RESERVED CVE-2021-25763 (In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by def ...) - TODO: check + NOT-FOR-US: JetBrains Ktor CVE-2021-25762 (In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. ...) - TODO: check + NOT-FOR-US: JetBrains Ktor CVE-2021-25761 (In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage ke ...) - TODO: check + NOT-FOR-US: JetBrains Ktor CVE-2021-25760 (In JetBrains Hub before 2020.1.12669, information disclosure via the p ...) - TODO: check + NOT-FOR-US: JetBrains Hub CVE-2021-25759 (In JetBrains Hub before 2020.1.12629, an authenticated user can delete ...) - TODO: check + NOT-FOR-US: JetBrains Hub CVE-2021-25758 (In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deseria ...) - TODO: check + - intellij-idea (bug #747616) CVE-2021-25757 (In JetBrains Hub before 2020.1.12629, an open redirect was possible. ...) - TODO: check + NOT-FOR-US: JetBrains Hub CVE-2021-25756 (In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for sev ...) - TODO: check + - intellij-idea (bug #747616) CVE-2021-25755 (In JetBrains Code With Me before 2020.3, an attacker on the local netw ...) - TODO: check + NOT-FOR-US: JetBrains Code With Me CVE-2021-25754 RESERVED CVE-2021-25753 @@ -27037,7 +27037,7 @@ CVE-2020-27624 (JetBrains YouTrack before 2020.3.888
[Git][security-tracker-team/security-tracker][master] new gitlab issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 55e00c3b by Moritz Muehlenhoff at 2021-02-04T10:37:27+01:00 new gitlab issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10105,12 +10105,16 @@ CVE-2021-22173 [USB HID dissector memory leak] NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17124 CVE-2021-22172 RESERVED + - gitlab + NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/ CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab Pages f ...) - gitlab CVE-2021-22170 RESERVED CVE-2021-22169 RESERVED + - gitlab (Specific to EE) + NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/ CVE-2021-22168 (A regular expression denial of service issue has been discovered in Nu ...) - gitlab CVE-2021-22167 (An issue has been discovered in GitLab affecting all versions starting ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55e00c3b01c80c19e4041d32e6125172dbe38d31 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55e00c3b01c80c19e4041d32e6125172dbe38d31 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c05cb8cf by Salvatore Bonaccorso at 2021-02-04T09:41:14+01:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,7 +5,7 @@ CVE-2021-3400 CVE-2021-26689 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2021-26688 (An issue was discovered on LG Wing mobile devices with Android OS 10 s ...) - TODO: check + NOT-FOR-US: LG Wing mobile devices CVE-2021-26687 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2021-26686 @@ -16261,7 +16261,7 @@ CVE-2021-20018 CVE-2021-20017 RESERVED CVE-2021-20016 (A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product a ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2021-20015 RESERVED CVE-2021-20014 @@ -20099,13 +20099,13 @@ CVE-2020-29168 CVE-2020-29167 RESERVED CVE-2020-29166 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by fil ...) - TODO: check + NOT-FOR-US: PacsOne Server (PACS Server In One Box) CVE-2020-29165 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by inc ...) - TODO: check + NOT-FOR-US: PacsOne Server (PACS Server In One Box) CVE-2020-29164 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cro ...) - TODO: check + NOT-FOR-US: PacsOne Server (PACS Server In One Box) CVE-2020-29163 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL ...) - TODO: check + NOT-FOR-US: PacsOne Server (PACS Server In One Box) CVE-2020-29162 RESERVED CVE-2020-29161 @@ -45964,7 +45964,7 @@ CVE-2020-18725 CVE-2020-18724 (Authenticated stored cross-site scripting (XSS) in the contact name fi ...) TODO: check CVE-2020-18723 (Stored cross-site scripting (XSS) in file attachment field in MDaemon ...) - TODO: check + NOT-FOR-US: MDaemon webmail CVE-2020-18722 RESERVED CVE-2020-18721 @@ -56721,11 +56721,11 @@ CVE-2020-14249 CVE-2020-14248 (BigFix Inventory up to v10.0.2 does not set the secure flag for the se ...) NOT-FOR-US: HCL BigFix Inventory CVE-2020-14247 (HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate sess ...) - TODO: check + NOT-FOR-US: HCL CVE-2020-14246 (HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication w ...) - TODO: check + NOT-FOR-US: HCL CVE-2020-14245 (HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication ...) - TODO: check + NOT-FOR-US: HCL CVE-2020-14244 (A vulnerability in the MIME message handling of the Domino server (ver ...) NOT-FOR-US: HCL Domino server CVE-2020-14243 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c05cb8cf9f789491697a76bdbfe8cd04e4e17edd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c05cb8cf9f789491697a76bdbfe8cd04e4e17edd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a4cf768f by Salvatore Bonaccorso at 2021-02-04T09:36:55+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,11 +3,11 @@ CVE-2021-3401 (Bitcoin Core before 0.19.0 might allow remote attackers to execut CVE-2021-3400 RESERVED CVE-2021-26689 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) - TODO: check + NOT-FOR-US: LG mobile devices CVE-2021-26688 (An issue was discovered on LG Wing mobile devices with Android OS 10 s ...) TODO: check CVE-2021-26687 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) - TODO: check + NOT-FOR-US: LG mobile devices CVE-2021-26686 RESERVED CVE-2021-26685 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4cf768fc5d7042418fd925674a9230b25ae7553 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4cf768fc5d7042418fd925674a9230b25ae7553 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5424d16e by security tracker role at 2021-02-04T08:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,33 @@ +CVE-2021-3401 (Bitcoin Core before 0.19.0 might allow remote attackers to execute arb ...) + TODO: check +CVE-2021-3400 + RESERVED +CVE-2021-26689 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) + TODO: check +CVE-2021-26688 (An issue was discovered on LG Wing mobile devices with Android OS 10 s ...) + TODO: check +CVE-2021-26687 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) + TODO: check +CVE-2021-26686 + RESERVED +CVE-2021-26685 + RESERVED +CVE-2021-26684 + RESERVED +CVE-2021-26683 + RESERVED +CVE-2021-26682 + RESERVED +CVE-2021-26681 + RESERVED +CVE-2021-26680 + RESERVED +CVE-2021-26679 + RESERVED +CVE-2021-26678 + RESERVED +CVE-2021-26677 + RESERVED CVE-2021-3399 RESERVED CVE-2021-3398 @@ -1605,10 +1635,10 @@ CVE-2021-3281 (In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3. NOTE: https://www.djangoproject.com/weblog/2021/feb/01/security-releases/ NOTE: https://github.com/django/django/commit/05413afa8c18cdb978fcdf470e09f7a12b234a23 (master) NOTE: https://github.com/django/django/commit/21e7622dec1f8612c85c2fc37fe8efbfd3311e37 (2.2.18) -CVE-2021-26024 - RESERVED -CVE-2021-26023 - RESERVED +CVE-2021-26024 (The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable ...) + TODO: check +CVE-2021-26023 (The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable ...) + TODO: check CVE-2021-26022 RESERVED CVE-2021-26021 @@ -16230,8 +16260,8 @@ CVE-2021-20018 RESERVED CVE-2021-20017 RESERVED -CVE-2021-20016 - RESERVED +CVE-2021-20016 (A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product a ...) + TODO: check CVE-2021-20015 RESERVED CVE-2021-20014 @@ -27813,12 +27843,12 @@ CVE-2020-27251 (A heap overflow vulnerability exists within FactoryTalk Linx Ver NOT-FOR-US: FactoryTalk CVE-2020-27250 RESERVED -CVE-2020-27249 - RESERVED -CVE-2020-27248 - RESERVED -CVE-2020-27247 - RESERVED +CVE-2020-27249 (A specially crafted document can cause the document parser to copy dat ...) + TODO: check +CVE-2020-27248 (A specially crafted document can cause the document parser to copy dat ...) + TODO: check +CVE-2020-27247 (A specially crafted document can cause the document parser to copy dat ...) + TODO: check CVE-2020-27246 RESERVED CVE-2020-27245 @@ -56690,12 +56720,12 @@ CVE-2020-14249 RESERVED CVE-2020-14248 (BigFix Inventory up to v10.0.2 does not set the secure flag for the se ...) NOT-FOR-US: HCL BigFix Inventory -CVE-2020-14247 - RESERVED -CVE-2020-14246 - RESERVED -CVE-2020-14245 - RESERVED +CVE-2020-14247 (HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate sess ...) + TODO: check +CVE-2020-14246 (HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication w ...) + TODO: check +CVE-2020-14245 (HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication ...) + TODO: check CVE-2020-14244 (A vulnerability in the MIME message handling of the Domino server (ver ...) NOT-FOR-US: HCL Domino server CVE-2020-14243 @@ -58563,8 +58593,8 @@ CVE-2020-13588 RESERVED CVE-2020-13587 RESERVED -CVE-2020-13586 - RESERVED +CVE-2020-13586 (A memory corruption vulnerability exists in the Excel Document SST Rec ...) + TODO: check CVE-2020-13585 RESERVED CVE-2020-13584 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...) @@ -58580,10 +58610,10 @@ CVE-2020-13582 (A denial-of-service vulnerability exists in the HTTP Server func TODO: check CVE-2020-13581 RESERVED -CVE-2020-13580 - RESERVED -CVE-2020-13579 - RESERVED +CVE-2020-13580 (An exploitable heap-based buffer overflow vulnerability exists in the ...) + TODO: check +CVE-2020-13579 (An exploitable integer overflow vulnerability exists in the PlanMaker ...) + TODO: check CVE-2020-13578 RESERVED CVE-2020-13577 @@ -79328,8 +79358,8 @@ CVE-2020-6090 (An exploitable code execution vulnerability exists in the Web-Bas NOT-FOR-US: WAGO CVE-2020-6089 (An exploitable code execution vulnerability exists in the ANI file for ...) NOT-FOR-US: Leadtools -CVE-2020-6088 - RESERVED +CVE-2020-6088 (An exploitable denial of service vulnerability exists in the ENIP Requ ...) + TODO: check CVE-2020-6087 (An exploitable denial of
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-20220/undertow
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4c4d9923 by Salvatore Bonaccorso at 2021-02-04T09:02:30+01:00 Add CVE-2021-20220/undertow - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15514,6 +15514,9 @@ CVE-2021-20221 RESERVED CVE-2021-20220 RESERVED + - undertow + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1923133 + TODO: CVE for incomplete fix for CVE-2020-10687 but not clear if affected any Debian released version CVE-2021-20219 RESERVED CVE-2021-20218 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c4d9923ce335d625e83eb192571e4daa1686f99 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c4d9923ce335d625e83eb192571e4daa1686f99 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
