[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-21435/otrs2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b9de9f60 by Salvatore Bonaccorso at 2021-02-12T08:47:51+01:00 Add Debian bug reference for CVE-2021-21435/otrs2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13443,7 +13443,7 @@ CVE-2021-21437 CVE-2021-21436 (Agents are able to see and link Config Items without permissions, whic ...) NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon) CVE-2021-21435 (Article Bcc fields and agent personal information are shown when custo ...) - - otrs2 + - otrs2 (bug #982586) [buster] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-02/ CVE-2021-21434 (Survey administrator can craft a survey in such way that malicious cod ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9de9f60546a80c64e7aa2ebada6b8b6f8df5ce7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9de9f60546a80c64e7aa2ebada6b8b6f8df5ce7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Adjust mentioning of advisory type to DLA
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5cd1ac39 by Salvatore Bonaccorso at 2021-02-12T08:28:03+01:00 Adjust mentioning of advisory type to DLA - - - - - 022b56a8 by Salvatore Bonaccorso at 2021-02-12T08:47:17+01:00 Add Debian bug reference for CVE-2021-2627{1,2}/ckeditor - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2180,12 +2180,12 @@ CVE-2021-3310 CVE-2021-3309 (packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process co ...) NOT-FOR-US: Wekan CVE-2021-26272 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...) - - ckeditor - [stretch] - ckeditor (Fix along next ELA) + - ckeditor (bug #982587) + [stretch] - ckeditor (Fix along next DLA) NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416 CVE-2021-26271 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...) - - ckeditor - [stretch] - ckeditor (Fix along next ELA) + - ckeditor (bug #982587) + [stretch] - ckeditor (Fix along next DLA) NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416 CVE-2021-26270 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/56f65d91984b780f292a1f95f49283bfdb45d8a8...022b56a89e477dd02820acb61e8e7b8ac1c0ca9b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/56f65d91984b780f292a1f95f49283bfdb45d8a8...022b56a89e477dd02820acb61e8e7b8ac1c0ca9b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-26299 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 56f65d91 by Salvatore Bonaccorso at 2021-02-12T08:22:47+01:00 Add CVE-2020-26299 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31230,7 +31230,7 @@ CVE-2020-26301 CVE-2020-26300 RESERVED CVE-2020-26299 (ftp-srv is an open-source FTP server designed to be simple yet configu ...) - TODO: check + NOT-FOR-US: Node ftp-srv CVE-2020-26298 (Redcarpet is a Ruby library for Markdown processing. In Redcarpet befo ...) {DSA-4831-1 DLA-2526-1} - ruby-redcarpet 3.5.1-1 (bug #980057) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56f65d91984b780f292a1f95f49283bfdb45d8a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56f65d91984b780f292a1f95f49283bfdb45d8a8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-28483/golang-github-gin-gonic-gin
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3e48b9f5 by Salvatore Bonaccorso at 2021-02-12T08:19:50+01:00 Add CVE-2020-28483/golang-github-gin-gonic-gin - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23982,7 +23982,10 @@ CVE-2020-28485 CVE-2020-28484 RESERVED CVE-2020-28483 (This affects all versions of package github.com/gin-gonic/gin. When gi ...) - TODO: check + - golang-github-gin-gonic-gin + NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736 + NOTE: https://github.com/gin-gonic/gin/pull/2474#issuecomment-729696437 + NOTE: https://github.com/gin-gonic/gin/commit/c9ea8ece4a3881028f7f715f008414346a7f4b88 CVE-2020-28482 (This affects the package fastify-csrf before 3.0.0. 1. The generated c ...) NOT-FOR-US: Node fastify-csrf CVE-2020-28481 (The package socket.io before 2.4.0 are vulnerable to Insecure Defaults ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e48b9f51fc303f1083011cf4c091c309d0248f3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e48b9f51fc303f1083011cf4c091c309d0248f3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update task for CVE-2021-26707
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8ba15761 by Salvatore Bonaccorso at 2021-02-12T08:17:07+01:00 Update task for CVE-2021-26707 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1041,6 +1041,7 @@ CVE-2021-26709 RESERVED CVE-2021-26707 RESERVED + TODO: possibly NFU, as looks different from src:node-deepmerge CVE-2020-36241 (autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNO ...) - gnome-autoar NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ba157610f05638371901033ea39f1fd21b9b941 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ba157610f05638371901033ea39f1fd21b9b941 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-21290/netty
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b37b4c75 by Salvatore Bonaccorso at 2021-02-12T07:52:44+01:00 Add Debian bug reference for CVE-2021-21290/netty - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14264,7 +14264,7 @@ CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file ser NOT-FOR-US: OAuth2 Proxy CVE-2021-21290 (Netty is an open-source, asynchronous event-driven network application ...) {DLA-2555-1} - - netty + - netty (bug #982580) NOTE: https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2 NOTE: https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0eec CVE-2021-21289 (Mechanize is an open-source ruby library that makes automated web inte ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b37b4c751322c6c45b5cedd9fd4f461036107ed5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b37b4c751322c6c45b5cedd9fd4f461036107ed5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-20230/stunnel4
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d8f0092d by Salvatore Bonaccorso at 2021-02-12T07:29:46+01:00 Add Debian bug reference for CVE-2021-20230/stunnel4 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16671,7 +16671,7 @@ CVE-2021-20231 RESERVED CVE-2021-20230 [client certificate not correctly verified when redirect and verifyChain options are used] RESERVED - - stunnel4 + - stunnel4 (bug #982578) NOTE: https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9 NOTE: Isolated fix only the changes in src/verify.c: NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1177580#c2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8f0092d2084235e143565e9e1e70934914dd376 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8f0092d2084235e143565e9e1e70934914dd376 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Try to clarify the needing bits for CVE-2021-20230
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c8016dc3 by Salvatore Bonaccorso at 2021-02-12T07:13:06+01:00 Try to clarify the needing bits for CVE-2021-20230 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16673,6 +16673,8 @@ CVE-2021-20230 [client certificate not correctly verified when redirect and veri RESERVED - stunnel4 NOTE: https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9 + NOTE: Isolated fix only the changes in src/verify.c: + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1177580#c2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925226 CVE-2021-20229 [postgres: information leak in some select statements] RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8016dc3bf2e9a68d6feccd76c452dd85242e6c5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8016dc3bf2e9a68d6feccd76c452dd85242e6c5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ccc839c by Salvatore Bonaccorso at 2021-02-11T21:22:21+01:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3684,11 +3684,11 @@ CVE-2021-25692 CVE-2021-25691 RESERVED CVE-2021-25690 (A null pointer dereference in Teradici PCoIP Soft Client versions prio ...) - TODO: check + NOT-FOR-US: Teradici PCoIP Soft Client CVE-2021-25689 (An out of bounds write in Teradici PCoIP soft client versions prior to ...) - TODO: check + NOT-FOR-US: Teradici PCoIP Soft Client CVE-2021-25688 (Under certain conditions, Teradici PCoIP Agents for Windows prior to v ...) - TODO: check + NOT-FOR-US: Teradici PCoIP Agents CVE-2021-25687 RESERVED CVE-2021-25686 @@ -10230,19 +10230,19 @@ CVE-2021-22660 CVE-2021-22659 RESERVED CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...) - TODO: check + NOT-FOR-US: Advantech iView CVE-2021-22657 RESERVED CVE-2021-22656 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to direc ...) - TODO: check + NOT-FOR-US: Advantech iView CVE-2021-22655 (Multiple out-of-bounds read issues have been identified in the way the ...) NOT-FOR-US: Fuji Electric CVE-2021-22654 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...) - TODO: check + NOT-FOR-US: Advantech iView CVE-2021-22653 (Multiple out-of-bounds write issues have been identified in the way th ...) NOT-FOR-US: Fuji Electric CVE-2021-22652 (Access to the Advantech iView versions prior to v5.7.03.6112 configura ...) - TODO: check + NOT-FOR-US: Advantech iView CVE-2021-22651 RESERVED CVE-2021-22650 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ccc839c4ef14c6ace76bee9900403cddc8c454e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ccc839c4ef14c6ace76bee9900403cddc8c454e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e5bca082 by Salvatore Bonaccorso at 2021-02-11T21:12:31+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16320,13 +16320,13 @@ CVE-2021-20407 CVE-2021-20406 RESERVED CVE-2021-20405 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-20404 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-20403 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-20402 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a re ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-20401 RESERVED CVE-2021-20400 @@ -75509,7 +75509,7 @@ CVE-2020-8029 (A Incorrect Permission Assignment for Critical Resource vulnerabi CVE-2020-8028 (A Improper Access Control vulnerability in the configuration of salt o ...) NOT-FOR-US: Salt configuration in SUSE Server Manager CVE-2020-8027 (A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Ent ...) - TODO: check + NOT-FOR-US: SAP CVE-2020-8026 (A Incorrect Default Permissions vulnerability in the packaging of inn ...) - inn2 (inews has correct ownership in Debian) CVE-2020-8025 (A Incorrect Execution-Assigned Permissions vulnerability in the permis ...) @@ -84057,7 +84057,7 @@ CVE-2020-4770 CVE-2020-4769 RESERVED CVE-2020-4768 (IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0 ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4767 (IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6 ...) NOT-FOR-US: IBM CVE-2020-4766 (IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cau ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5bca0826cb4ae010a45d8cf93a2084f39543004 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5bca0826cb4ae010a45d8cf93a2084f39543004 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f54fbe24 by security tracker role at 2021-02-11T20:10:33+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2021-27195 + RESERVED +CVE-2021-27194 + RESERVED +CVE-2021-27193 + RESERVED +CVE-2021-27192 + RESERVED +CVE-2021-27191 (The get-ip-range package before 4.0.0 for Node.js is vulnerable to den ...) + TODO: check CVE-2021-3408 RESERVED CVE-2021-27190 @@ -500,7 +510,7 @@ CVE-2021-26941 RESERVED CVE-2021-26940 RESERVED -CVE-2021-26939 (An information disclosure issue exists in henriquedornas 5.2.17 becaus ...) +CVE-2021-26939 (** DISPUTED ** An information disclosure issue exists in henriquedorna ...) NOT-FOR-US: henriquedornas CVE-2021-26938 (A stored XSS issue exists in henriquedornas 5.2.17 via online live cha ...) NOT-FOR-US: henriquedornas @@ -750,8 +760,7 @@ CVE-2020-36242 (In the cryptography package before 3.3.2 for Python, certain seq - python-cryptography 3.3.2-1 [buster] - python-cryptography (Minor issue) NOTE: https://github.com/pyca/cryptography/issues/5615 -CVE-2021-21299 [hyper: Multiple Transfer-Encoding headers misinterprets request payload] - RESERVED +CVE-2021-21299 (hyper is an open-source HTTP library for Rust (crates.io). In hyper fr ...) - rust-hyper NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0020.html @@ -3674,12 +3683,12 @@ CVE-2021-25692 RESERVED CVE-2021-25691 RESERVED -CVE-2021-25690 - RESERVED -CVE-2021-25689 - RESERVED -CVE-2021-25688 - RESERVED +CVE-2021-25690 (A null pointer dereference in Teradici PCoIP Soft Client versions prio ...) + TODO: check +CVE-2021-25689 (An out of bounds write in Teradici PCoIP soft client versions prior to ...) + TODO: check +CVE-2021-25688 (Under certain conditions, Teradici PCoIP Agents for Windows prior to v ...) + TODO: check CVE-2021-25687 RESERVED CVE-2021-25686 @@ -8736,10 +8745,10 @@ CVE-2021-23337 RESERVED CVE-2021-23336 RESERVED -CVE-2021-23335 - RESERVED -CVE-2021-23334 - RESERVED +CVE-2021-23335 (All versions of package is-user-valid are vulnerable to LDAP Injection ...) + TODO: check +CVE-2021-23334 (All versions of package static-eval are vulnerable to Arbitrary Code E ...) + TODO: check CVE-2021-2 RESERVED CVE-2021-23332 @@ -9620,10 +9629,10 @@ CVE-2021-22883 RESERVED CVE-2021-22882 RESERVED -CVE-2021-22881 - RESERVED -CVE-2021-22880 - RESERVED +CVE-2021-22881 (The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3 ...) + TODO: check +CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4 ...) + TODO: check CVE-2021-22879 RESERVED CVE-2021-22878 @@ -10220,20 +10229,20 @@ CVE-2021-22660 RESERVED CVE-2021-22659 RESERVED -CVE-2021-22658 - RESERVED +CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...) + TODO: check CVE-2021-22657 RESERVED -CVE-2021-22656 - RESERVED +CVE-2021-22656 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to direc ...) + TODO: check CVE-2021-22655 (Multiple out-of-bounds read issues have been identified in the way the ...) NOT-FOR-US: Fuji Electric -CVE-2021-22654 - RESERVED +CVE-2021-22654 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...) + TODO: check CVE-2021-22653 (Multiple out-of-bounds write issues have been identified in the way th ...) NOT-FOR-US: Fuji Electric -CVE-2021-22652 - RESERVED +CVE-2021-22652 (Access to the Advantech iView versions prior to v5.7.03.6112 configura ...) + TODO: check CVE-2021-22651 RESERVED CVE-2021-22650 @@ -14216,8 +14225,8 @@ CVE-2021-21309 RESERVED CVE-2021-21308 RESERVED -CVE-2021-21307 - RESERVED +CVE-2021-21307 (Lucee Server is a dynamic, Java based (JSR-223), tag and scripting lan ...) + TODO: check CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm package "ma ...) - node-marked NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96 @@ -14233,8 +14242,8 @@ CVE-2021-21303 (Helm is open-source software which is essentially "The Kubernete - helm-kubernetes (bug #910799) CVE-2021-21302 RESERVED -CVE-2021-21301 - RESERVED +CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS (iPhone ...) + TODO: check CVE-2021-21300 RESERVED CVE-2021-21298
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-21288
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b07023d2 by Salvatore Bonaccorso at 2021-02-11T18:47:02+01:00 Add Debian bug reference for CVE-2021-21288 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14267,7 +14267,7 @@ CVE-2021-21289 (Mechanize is an open-source ruby library that makes automated we NOTE: https://github.com/sparklemotion/mechanize/commit/63f8779e49664d5e95fae8d42d04c8e373162b3c (v2.7.7) NOTE: Test warnings fixup: https://github.com/sparklemotion/mechanize/commit/5b30aed33cbac9825e8978f8e36dd221cbd4c093 (v2.7.7) CVE-2021-21288 (CarrierWave is an open-source RubyGem which provides a simple and flex ...) - - ruby-carrierwave + - ruby-carrierwave (bug #982552) NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5 NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0 CVE-2021-21287 (MinIO is a High Performance Object Storage released under Apache Licen ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b07023d21c5b5158f0fe41da72df2a76a0a83364 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b07023d21c5b5158f0fe41da72df2a76a0a83364 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-21305
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: abc6a1f0 by Salvatore Bonaccorso at 2021-02-11T18:43:36+01:00 Add Debian bug reference for CVE-2021-21305 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14224,7 +14224,7 @@ CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm packa NOTE: https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd TODO: might not affect <= 0.8, needs to be verified CVE-2021-21305 (CarrierWave is an open-source RubyGem which provides a simple and flex ...) - - ruby-carrierwave + - ruby-carrierwave (bug #982551) NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4 NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7 CVE-2021-21304 (Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dy ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abc6a1f03ed2334d883e883618dc74ee4a775121 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abc6a1f03ed2334d883e883618dc74ee4a775121 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Take subversion from dsa-needed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e5dc75e by Salvatore Bonaccorso at 2021-02-11T16:48:55+01:00 Take subversion from dsa-needed - - - - - 8b078491 by Salvatore Bonaccorso at 2021-02-11T16:49:59+01:00 Add note for subversion - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -28,7 +28,8 @@ python-pysaml2 screen Maintainer (abe) will take care -- -subversion +subversion (carnil) + Maintainer will prepare updates -- xcftools Hugo proposed to work on this update View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3473e71a07187fb91992018c0347b5f5ddab22e3...8b078491f71d161f205ffcfcf6e482e056a73575 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3473e71a07187fb91992018c0347b5f5ddab22e3...8b078491f71d161f205ffcfcf6e482e056a73575 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3473e71a by Moritz Muehlenhoff at 2021-02-11T16:32:35+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35495,6 +35495,7 @@ CVE-2020-24506 RESERVED CVE-2020-24505 RESERVED + NOT-FOR-US: Intel NIC firmware CVE-2020-24504 RESERVED CVE-2020-24503 @@ -35503,24 +35504,33 @@ CVE-2020-24502 RESERVED CVE-2020-24501 RESERVED + NOT-FOR-US: Intel NIC firmware CVE-2020-24500 RESERVED + NOT-FOR-US: Intel NIC firmware CVE-2020-24499 RESERVED CVE-2020-24498 RESERVED + NOT-FOR-US: Intel NIC firmware CVE-2020-24497 RESERVED + NOT-FOR-US: Intel NIC firmware CVE-2020-24496 RESERVED + NOT-FOR-US: Intel NIC firmware CVE-2020-24495 RESERVED + NOT-FOR-US: Intel NIC firmware CVE-2020-24494 RESERVED + NOT-FOR-US: Intel NIC firmware CVE-2020-24493 RESERVED + NOT-FOR-US: Intel NIC firmware CVE-2020-24492 RESERVED + NOT-FOR-US: Intel NIC firmware CVE-2020-24491 RESERVED NOT-FOR-US: Intel View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3473e71a07187fb91992018c0347b5f5ddab22e3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3473e71a07187fb91992018c0347b5f5ddab22e3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-15469/qemu: 8/9 patches merged
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: c75d671c by Sylvain Beucler at 2021-02-11T16:12:01+01:00 CVE-2020-15469/qemu: 8/9 patches merged - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -54531,8 +54531,16 @@ CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps object may lack read/write call [buster] - qemu (Minor issue, fix along in next DSA) [stretch] - qemu (Minor issue, fix along in next DSA) NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/1 - NOTE: Proposed patch(es): https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html - NOTE: To be merged: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00674.html + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00674.html + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=520f26fc6d17b71a43eaf620e834b3bdf316f3d3 + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=4f2a5202a05fc1612954804a2482f07bff105ea2 + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=24202d2b561c3b4c48bd28383c8c34b4ac66c2bf + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=f867cebaedbc9c43189f102e4cdfdff05e88df7f + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=b5bf601f364e1a14ca4c3276f88dfec024acf613 + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=921604e175b8ec06c39503310e7b3ec1e3eafe9e + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2c9fb3b784000c1df32231e1c2464bb2e3fc4620 + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=735754aaa15a6ed46db51fd731e88331c446ea54 CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit ...) NOT-FOR-US: Persian VIP Download Script CVE-2020-15467 (The administrative interface of Cohesive Networks vns3:vpn appliances ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c75d671ccd2a99e8b920519f912b19da97974598 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c75d671ccd2a99e8b920519f912b19da97974598 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-35504/qemu: reference reproducer
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: f43b0c24 by Sylvain Beucler at 2021-02-11T15:41:38+01:00 CVE-2020-35504/qemu: reference reproducer - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17266,7 +17266,7 @@ CVE-2020-35505 [NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c] [buster] - qemu (Fix along in future DSA) [stretch] - qemu (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909769 - NOTE: https://bugs.launchpad.net/qemu/+bug/1910723 + NOTE: https://bugs.launchpad.net/qemu/+bug/1910723 (reproducer) CVE-2020-35504 [NULL pointer dereference in scsi_req_continue() in hw/scsi/scsi-bus.c] RESERVED - qemu (bug #979679) @@ -17274,6 +17274,7 @@ CVE-2020-35504 [NULL pointer dereference in scsi_req_continue() in hw/scsi/scsi- [buster] - qemu (Fix along in future DSA) [stretch] - qemu (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909766 + NOTE: https://bugs.launchpad.net/qemu/+bug/1910723 (reproducer) CVE-2020-35503 [QEMU: NULL pointer dereference issue in megasas-gen2 host bus adapter] RESERVED - qemu (bug #979678) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f43b0c2447bc177dacdd593a5b8e2ae2e12d5e66 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f43b0c2447bc177dacdd593a5b8e2ae2e12d5e66 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add references for postgresql
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: df1e8dc1 by Salvatore Bonaccorso at 2021-02-11T15:27:36+01:00 Add references for postgresql - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1292,6 +1292,7 @@ CVE-2021-3393 [postgres: information leak in error message] - postgresql-13 13.2-1 - postgresql-11 [buster] - postgresql-11 (Minor issue) + NOTE: https://www.postgresql.org/about/news/postgresql-132-126--1016-9621-and-9525-released-2165/ CVE-2021-3392 [scsi: mptsas: use-after-free while processing io requests] RESERVED - qemu @@ -1,6 +16667,7 @@ CVE-2021-20230 [client certificate not correctly verified when redirect and veri CVE-2021-20229 [postgres: information leak in some select statements] RESERVED - postgresql-13 13.2-1 + NOTE: https://www.postgresql.org/about/news/postgresql-132-126--1016-9621-and-9525-released-2165/ CVE-2021-20228 [basic.py no_log with fallback option] RESERVED - ansible View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df1e8dc1b4b9aeccc8fabdad13acd881105a0203 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df1e8dc1b4b9aeccc8fabdad13acd881105a0203 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] sqlite3 n/a
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 920f7735 by Moritz Muehlenhoff at 2021-02-11T15:09:14+01:00 sqlite3 n/a libytnef no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -528,10 +528,12 @@ CVE-2020-36244 (The daemon in GENIVI Diagnostic Log and Trace (DLT) before 2.18. CVE-2021-3404 RESERVED - libytnef + [buster] - libytnef (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/86 CVE-2021-3403 RESERVED - libytnef + [buster] - libytnef (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/85 CVE-2021-26936 (The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when ...) NOT-FOR-US: ReplaySorcery @@ -16672,8 +16674,12 @@ CVE-2021-20228 [basic.py no_log with fallback option] CVE-2021-20227 RESERVED - sqlite3 3.34.1-1 + [buster] - sqlite3 (Introduced in 3.33) + [stretch] - sqlite3 (Introduced in 3.33) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1924886 NOTE: https://sqlite.org/src/info/30a4c323650cc949 + NOTE: Patch: https://github.com/sqlite/sqlite/commit/f39168e468af3b1d6b6d37efdcb081eced6724b2 + NOTE: Introduced in https://github.com/sqlite/sqlite/commit/896366282dae3789fb277c2dad8660784a0895a3 CVE-2021-20226 RESERVED - linux 5.10.4-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/920f7735c34209a1d57f3408d3b39c3948fe7e03 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/920f7735c34209a1d57f3408d3b39c3948fe7e03 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2555-1 for netty
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 9068364b by Chris Lamb at 2021-02-11T13:00:26+00:00 Reserve DLA-2555-1 for netty - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[11 Feb 2021] DLA-2555-1 netty - security update + {CVE-2021-21290} + [stretch] - netty 1:4.1.7-2+deb9u3 [11 Feb 2021] DLA-2554-1 firejail - security update {CVE-2021-26910} [stretch] - firejail 0.9.44.8-2+deb9u2 = data/dla-needed.txt = @@ -46,8 +46,6 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- -netty (Chris Lamb) --- opendmarc NOTE: 20200719: no patches for remaining CVEs available, everything else is already done in Stretch (thorsten) NOTE: 20201217: patch for CVE-2020-12460 has become available (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9068364bca94d8b426882f9236f0d483896c56e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9068364bca94d8b426882f9236f0d483896c56e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add postgresql-11 for CVE-2021-3393
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6cb3a2c7 by Salvatore Bonaccorso at 2021-02-11T13:22:20+01:00 Add postgresql-11 for CVE-2021-3393 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1288,6 +1288,8 @@ CVE-2021-3394 (Millennium Millewin (also known as "Cartella clinica") 13.39.028, CVE-2021-3393 [postgres: information leak in error message] RESERVED - postgresql-13 13.2-1 + - postgresql-11 + [buster] - postgresql-11 (Minor issue) CVE-2021-3392 [scsi: mptsas: use-after-free while processing io requests] RESERVED - qemu View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb3a2c7bb399618b3753d81d5ed0f9ab442fb01 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb3a2c7bb399618b3753d81d5ed0f9ab442fb01 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] python-cryptography fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c0697aee by Moritz Muehlenhoff at 2021-02-11T13:11:04+01:00 python-cryptography fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -745,7 +745,8 @@ CVE-2021-26843 (An issue was discovered in sthttpd through 2.27.1. On systems wh CVE-2020-36243 (The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injecti ...) NOT-FOR-US: OpenEMR CVE-2020-36242 (In the cryptography package before 3.3.2 for Python, certain sequences ...) - - python-cryptography + - python-cryptography 3.3.2-1 + [buster] - python-cryptography (Minor issue) NOTE: https://github.com/pyca/cryptography/issues/5615 CVE-2021-21299 [hyper: Multiple Transfer-Encoding headers misinterprets request payload] RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0697aee7f51ce64e3bd577151dd279eb91f79d9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0697aee7f51ce64e3bd577151dd279eb91f79d9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new postgres issues, older releases still TBD
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 8574428d by Moritz Muehlenhoff at 2021-02-11T13:08:56+01:00 new postgres issues, older releases still TBD - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1284,8 +1284,9 @@ CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 all NOT-FOR-US: Pryaniki CVE-2021-3394 (Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.3 ...) NOT-FOR-US: Millennium Millewin -CVE-2021-3393 +CVE-2021-3393 [postgres: information leak in error message] RESERVED + - postgresql-13 13.2-1 CVE-2021-3392 [scsi: mptsas: use-after-free while processing io requests] RESERVED - qemu @@ -16657,8 +16658,9 @@ CVE-2021-20230 [client certificate not correctly verified when redirect and veri - stunnel4 NOTE: https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925226 -CVE-2021-20229 +CVE-2021-20229 [postgres: information leak in some select statements] RESERVED + - postgresql-13 13.2-1 CVE-2021-20228 [basic.py no_log with fallback option] RESERVED - ansible View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8574428d39109733f63ab5acda39b9d5a85a2566 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8574428d39109733f63ab5acda39b9d5a85a2566 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ef0e02db by Moritz Muehlenhoff at 2021-02-11T12:17:04+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,7 +11,7 @@ CVE-2021-27187 CVE-2021-27186 (Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc re ...) NOT-FOR-US: Fluent Bit CVE-2021-27185 (The samba-client package before 4.0.0 for Node.js allows command injec ...) - TODO: check + NOT-FOR-US: Node samba-client CVE-2021-27184 (Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity v ...) NOT-FOR-US: Pelco Digital Sentry Server CVE-2021-27183 @@ -501,9 +501,9 @@ CVE-2021-26941 CVE-2021-26940 RESERVED CVE-2021-26939 (An information disclosure issue exists in henriquedornas 5.2.17 becaus ...) - TODO: check + NOT-FOR-US: henriquedornas CVE-2021-26938 (A stored XSS issue exists in henriquedornas 5.2.17 via online live cha ...) - TODO: check + NOT-FOR-US: henriquedornas CVE-2021-27135 (xterm through Patch #365 allows remote attackers to cause a denial of ...) - xterm 366-1 (bug #982439) NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/7 @@ -534,7 +534,7 @@ CVE-2021-3403 - libytnef NOTE: https://github.com/Yeraze/ytnef/issues/85 CVE-2021-26936 (The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when ...) - TODO: check + NOT-FOR-US: ReplaySorcery CVE-2021-26935 RESERVED CVE-2021-26934 @@ -8746,7 +8746,7 @@ CVE-2021-23329 (The package nested-object-assign before 1.0.4 are vulnerable to CVE-2021-23328 (This affects all versions of package iniparserjs. This vulnerability r ...) NOT-FOR-US: Node iniparserjs CVE-2021-23327 (The package apexcharts before 3.24.0 are vulnerable to Cross-site Scri ...) - TODO: check + NOT-FOR-US: apexcharts CVE-2021-23326 (This affects the package @graphql-tools/git-loader before 6.2.6. The u ...) NOT-FOR-US: graphql-tools/git-loader CVE-2021-23325 @@ -9096,7 +9096,7 @@ CVE-2021-3035 CVE-2021-3034 RESERVED CVE-2021-3033 (An improper verification of cryptographic signature vulnerability exis ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2021-3032 (An information exposure through log file vulnerability exists in Palo ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2021-3031 (Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, P ...) @@ -13424,13 +13424,13 @@ CVE-2021-21438 CVE-2021-21437 RESERVED CVE-2021-21436 (Agents are able to see and link Config Items without permissions, whic ...) - TODO: check + NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon) CVE-2021-21435 (Article Bcc fields and agent personal information are shown when custo ...) - otrs2 [buster] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-02/ CVE-2021-21434 (Survey administrator can craft a survey in such way that malicious cod ...) - TODO: check + NOT-FOR-US: OTRS Survey addon CVE-2020-35850 (** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Coc ...) - cockpit [bullseye] - cockpit (Minor issue) @@ -92546,7 +92546,7 @@ CVE-2020-1781 CVE-2020-1780 RESERVED CVE-2020-1779 (When dynamic templates are used (OTRSTicketForms), admin can use OTRS ...) - TODO: check + NOT-FOR-US: OTRSTicketForms (OTRS addon) CVE-2020-1778 (When OTRS uses multiple backends for user authentication (with LDAP), ...) - otrs2 (Only affects 8.x) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-16/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef0e02db3c77d987a96e5ba4c590d137d90c24c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef0e02db3c77d987a96e5ba4c590d137d90c24c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2021-27135/xterm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 98e724b6 by Salvatore Bonaccorso at 2021-02-11T11:16:40+01:00 Add fixed version for CVE-2021-27135/xterm - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -505,7 +505,7 @@ CVE-2021-26939 (An information disclosure issue exists in henriquedornas 5.2.17 CVE-2021-26938 (A stored XSS issue exists in henriquedornas 5.2.17 via online live cha ...) TODO: check CVE-2021-27135 (xterm through Patch #365 allows remote attackers to cause a denial of ...) - - xterm (bug #982439) + - xterm 366-1 (bug #982439) NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/7 NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_366 NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98e724b644ff2919cc707a8740d1d60f140b0081 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98e724b644ff2919cc707a8740d1d60f140b0081 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new ruby-carrierwave, helm-kubernetes, node-marked issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: dcd71852 by Moritz Muehlenhoff at 2021-02-11T10:53:03+01:00 new ruby-carrierwave, helm-kubernetes, node-marked issues NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14212,13 +14212,18 @@ CVE-2021-21308 CVE-2021-21307 RESERVED CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm package "ma ...) - TODO: check + - node-marked + NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96 + NOTE: https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd + TODO: might not affect <= 0.8, needs to be verified CVE-2021-21305 (CarrierWave is an open-source RubyGem which provides a simple and flex ...) - TODO: check + - ruby-carrierwave + NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4 + NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7 CVE-2021-21304 (Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dy ...) - TODO: check + NOT-FOR-US: Dynamoose CVE-2021-21303 (Helm is open-source software which is essentially "The Kubernetes Pack ...) - TODO: check + - helm-kubernetes (bug #910799) CVE-2021-21302 RESERVED CVE-2021-21301 @@ -14230,17 +14235,17 @@ CVE-2021-21298 CVE-2021-21297 RESERVED CVE-2021-21296 (Fleet is an open source osquery manager. In Fleet before version 3.7.0 ...) - TODO: check + NOT-FOR-US: Fleet CVE-2021-21295 RESERVED CVE-2021-21294 (Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface f ...) - TODO: check + NOT-FOR-US: Http4s CVE-2021-21293 (blaze is a Scala library for building asynchronous pipelines, with a f ...) - TODO: check + NOT-FOR-US: blaez CVE-2021-21292 (Traccar is an open source GPS tracking system. In Traccar before versi ...) NOT-FOR-US: Traccar CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file server th ...) - TODO: check + NOT-FOR-US: OAuth2 Proxy CVE-2021-21290 (Netty is an open-source, asynchronous event-driven network application ...) - netty NOTE: https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2 @@ -14255,7 +14260,9 @@ CVE-2021-21289 (Mechanize is an open-source ruby library that makes automated we NOTE: https://github.com/sparklemotion/mechanize/commit/63f8779e49664d5e95fae8d42d04c8e373162b3c (v2.7.7) NOTE: Test warnings fixup: https://github.com/sparklemotion/mechanize/commit/5b30aed33cbac9825e8978f8e36dd221cbd4c093 (v2.7.7) CVE-2021-21288 (CarrierWave is an open-source RubyGem which provides a simple and flex ...) - TODO: check + - ruby-carrierwave + NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5 + NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0 CVE-2021-21287 (MinIO is a High Performance Object Storage released under Apache Licen ...) - minio (bug #859207) CVE-2021-21286 (AVideo Platform is an open-source Audio and Video platform. It is simi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcd71852295bc7b8d53fa9bfed2654d6612d4868 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcd71852295bc7b8d53fa9bfed2654d6612d4868 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c157626e by Moritz Muehlenhoff at 2021-02-11T10:40:11+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7593,27 +7593,27 @@ CVE-2021-23885 CVE-2021-23884 RESERVED CVE-2021-23883 (A Null Pointer Dereference vulnerability in McAfee Endpoint Security ( ...) - TODO: check + NOT-FOR-US: McAfee CVE-2021-23882 (Improper Access Control vulnerability in McAfee Endpoint Security (ENS ...) - TODO: check + NOT-FOR-US: McAfee CVE-2021-23881 (A stored cross site scripting vulnerability in ePO extension of McAfee ...) - TODO: check + NOT-FOR-US: McAfee CVE-2021-23880 (Improper Access Control in attribute in McAfee Endpoint Security (ENS) ...) - TODO: check + NOT-FOR-US: McAfee CVE-2021-23879 RESERVED CVE-2021-23878 (Clear text storage of sensitive Information in memory vulnerability in ...) - TODO: check + NOT-FOR-US: McAfee CVE-2021-23877 RESERVED CVE-2021-23876 (Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to ...) - TODO: check + NOT-FOR-US: McAfee CVE-2021-23875 RESERVED CVE-2021-23874 (Arbitrary Process Execution vulnerability in McAfee Total Protection ( ...) - TODO: check + NOT-FOR-US: McAfee CVE-2021-23873 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...) - TODO: check + NOT-FOR-US: McAfee CVE-2021-23872 RESERVED CVE-2021-23871 @@ -11292,7 +11292,7 @@ CVE-2021-22135 CVE-2021-22134 RESERVED CVE-2021-22133 (The Elastic APM agent for Go versions before 1.11.0 can leak sensitive ...) - TODO: check + NOT-FOR-US: Elastic APM agent CVE-2021-22132 (Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosu ...) - elasticsearch CVE-2021-22131 @@ -21985,9 +21985,9 @@ CVE-2020-28873 CVE-2020-28872 RESERVED CVE-2020-28871 (Remote code execution in Monitorr v1.7.6m in upload.php allows an unau ...) - TODO: check + NOT-FOR-US: Monitorr CVE-2020-28870 (In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code o ...) - TODO: check + NOT-FOR-US: InoERP CVE-2020-28869 RESERVED CVE-2020-28868 @@ -24146,11 +24146,11 @@ CVE-2020-28396 (A vulnerability has been identified in SICAM A8000 CP-8000 (All CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-300 switch family (i ...) NOT-FOR-US: Siemens CVE-2020-28394 (A vulnerability has been identified in JT2Go (All versions V13.1. ...) - TODO: check + NOT-FOR-US: Siemens CVE-2020-28393 RESERVED CVE-2020-28392 (A vulnerability has been identified in SIMARIS configuration (All vers ...) - TODO: check + NOT-FOR-US: Siemens CVE-2020-28391 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens CVE-2020-28390 (A vulnerability has been identified in Opcenter Execution Core (V8.2), ...) @@ -24158,7 +24158,7 @@ CVE-2020-28390 (A vulnerability has been identified in Opcenter Execution Core ( CVE-2020-28389 RESERVED CVE-2020-28388 (A vulnerability has been identified in Nucleus NET (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2020-28387 RESERVED CVE-2020-28386 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) @@ -27055,11 +27055,11 @@ CVE-2020-27859 (This vulnerability allows remote attackers to disclose sensitive CVE-2020-27858 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CA Arcserve CVE-2020-27857 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2020-27856 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Foxit CVE-2020-27855 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Foxit CVE-2020-27854 RESERVED CVE-2020-27853 (Wire before 2020-10-16 allows remote attackers to cause a denial of se ...) @@ -28996,15 +28996,15 @@ CVE-2020-27263 (KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6 CVE-2020-27262 (Innokas Yhtym Oy Vital Signs Monitor VC150 prior to Version 1.7. ...) NOT-FOR-US: Innokas Yhtyma Oy CVE-2020-27261 (The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based ...) - TODO: check + NOT-FOR-US: Omron CX-One CVE-2020-27260 (Innokas Yhtym Oy Vital Signs Monitor VC150 prior to Version 1.7. ...) NOT-FOR-US: Innokas Yhtyma Oy CVE-2020-27259 (The Omron CX-One Version 4.60 and prior may allow an attacker to suppl ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim netty.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: b3154651 by Chris Lamb at 2021-02-11T09:01:38+00:00 data/dla-needed.txt: Claim netty. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -46,7 +46,7 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- -netty +netty (Chris Lamb) -- opendmarc NOTE: 20200719: no patches for remaining CVEs available, everything else is already done in Stretch (thorsten) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b315465165cf233075d9e7c5b4331603d08d26d4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b315465165cf233075d9e7c5b4331603d08d26d4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c0be196a by Salvatore Bonaccorso at 2021-02-11T09:25:09+01:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,11 +9,11 @@ CVE-2021-27188 CVE-2021-27187 RESERVED CVE-2021-27186 (Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc re ...) - TODO: check + NOT-FOR-US: Fluent Bit CVE-2021-27185 (The samba-client package before 4.0.0 for Node.js allows command injec ...) TODO: check CVE-2021-27184 (Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity v ...) - TODO: check + NOT-FOR-US: Pelco Digital Sentry Server CVE-2021-27183 RESERVED CVE-2021-27182 @@ -23,87 +23,87 @@ CVE-2021-27181 CVE-2021-27180 RESERVED CVE-2021-27179 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27178 (An issue was discovered on FiberHome HG6245D devices through RP2613. S ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27177 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27176 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27175 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27174 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27173 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27172 (An issue was discovered on FiberHome HG6245D devices through RP2613. A ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27171 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27170 (An issue was discovered on FiberHome HG6245D devices through RP2613. B ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27169 (An issue was discovered on FiberHome AN5506-04-FA devices with firmwar ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27168 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27167 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27166 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27165 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27164 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27163 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27162 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27161 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27160 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27159 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27158 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27157 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27156 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27155 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27154 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO: check + NOT-FOR-US: FiberHome devices CVE-2021-27153 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) - TODO:
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ee663b7 by Salvatore Bonaccorso at 2021-02-11T09:19:27+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4698,7 +4698,7 @@ CVE-2021-25253 CVE-2021-25252 RESERVED CVE-2021-25251 (The Trend Micro Security 2020 and 2021 families of consumer products a ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2021-25250 RESERVED CVE-2021-25249 (An out-of-bounds write information disclosure vulnerability in Trend M ...) @@ -16400,7 +16400,7 @@ CVE-2021-20355 CVE-2021-20354 RESERVED CVE-2021-20353 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-20352 RESERVED CVE-2021-20351 @@ -21265,7 +21265,7 @@ CVE-2020-29173 CVE-2020-29172 (A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plug ...) NOT-FOR-US: LiteSpeed Cache plugin for WordPress CVE-2020-29171 (Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklis ...) - TODO: check + NOT-FOR-US: Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin for WordPress CVE-2020-29170 RESERVED CVE-2020-29169 @@ -59872,7 +59872,7 @@ CVE-2020-13550 CVE-2020-13549 RESERVED CVE-2020-13548 (In Foxit Reader 10.1.0.37527, a specially crafted PDF document can tri ...) - TODO: check + NOT-FOR-US: Foxit Reader CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2020-13546 (In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1 ...) @@ -83497,7 +83497,7 @@ CVE-2020-5025 CVE-2020-5024 RESERVED CVE-2020-5023 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote u ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-5022 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthentica ...) NOT-FOR-US: IBM CVE-2020-5021 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate se ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ee663b79a1189258f3cabed7edbeb792ece669b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ee663b79a1189258f3cabed7edbeb792ece669b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ba99701e by security tracker role at 2021-02-11T08:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,175 @@ +CVE-2021-3408 + RESERVED +CVE-2021-27190 + RESERVED +CVE-2021-27189 + RESERVED +CVE-2021-27188 + RESERVED +CVE-2021-27187 + RESERVED +CVE-2021-27186 (Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc re ...) + TODO: check +CVE-2021-27185 (The samba-client package before 4.0.0 for Node.js allows command injec ...) + TODO: check +CVE-2021-27184 (Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity v ...) + TODO: check +CVE-2021-27183 + RESERVED +CVE-2021-27182 + RESERVED +CVE-2021-27181 + RESERVED +CVE-2021-27180 + RESERVED +CVE-2021-27179 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) + TODO: check +CVE-2021-27178 (An issue was discovered on FiberHome HG6245D devices through RP2613. S ...) + TODO: check +CVE-2021-27177 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) + TODO: check +CVE-2021-27176 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...) + TODO: check +CVE-2021-27175 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...) + TODO: check +CVE-2021-27174 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...) + TODO: check +CVE-2021-27173 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27172 (An issue was discovered on FiberHome HG6245D devices through RP2613. A ...) + TODO: check +CVE-2021-27171 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) + TODO: check +CVE-2021-27170 (An issue was discovered on FiberHome HG6245D devices through RP2613. B ...) + TODO: check +CVE-2021-27169 (An issue was discovered on FiberHome AN5506-04-FA devices with firmwar ...) + TODO: check +CVE-2021-27168 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27167 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27166 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27165 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27164 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27163 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27162 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27161 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27160 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27159 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27158 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27157 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27156 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27155 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27154 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27153 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27152 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27151 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27150 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27149 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27148 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27147 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27146 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27145 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + TODO: check +CVE-2021-27144 (An