date:20210919

[Git][security-tracker-team/security-tracker][master] Add apache2 to dsa-needed list

2021-09-19 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ce3caa41 by Salvatore Bonaccorso at 2021-09-20T06:21:20+02:00
Add apache2 to dsa-needed list

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
@@ -11,6 +11,9 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source 
package.
 
+--
+apache2
+  Yadd prepared update for bullseye-security, ping about buster?
 --
 asterisk
   Maintainer prepared update for bullseye, needs ping for buster



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce3caa41ae62eca8ccd3e4a29954376ae1a16f13

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce3caa41ae62eca8ccd3e4a29954376ae1a16f13
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2021-09-19 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4c89a1a8 by security tracker role at 2021-09-19T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -694,8 +694,7 @@ CVE-2021-41075
RESERVED
 CVE-2021-41074
RESERVED
-CVE-2021-41073 [io_uring: ensure symmetry in handling iter types in 
loop_rw_iter()]
-   RESERVED
+CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel through 
5.14.6 allow ...)
- linux 5.14.6-2
[buster] - linux  (Vulnerable code introduced later)
[stretch] - linux  (Vulnerable code introduced later)
@@ -1539,8 +1538,7 @@ CVE-2021-40692
RESERVED
 CVE-2021-40691
RESERVED
-CVE-2021-40690
-   RESERVED
+CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior 
to 2.2. ...)
- libxml-security-java  (bug #994569)
NOTE: https://santuario.apache.org/secadv.data/CVE-2021-40690.txt.asc
 CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input 
During Web  ...)
@@ -20056,6 +20054,7 @@ CVE-2021-32730 (XWiki Platform is a generic wiki 
platform offering runtime servi
 CVE-2021-32729 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
NOT-FOR-US: XWiki
 CVE-2021-32728 (The Nextcloud Desktop Client is a tool to synchronize files 
from Nextc ...)
+   {DSA-4974-1}
- nextcloud-desktop 3.3.1-1
NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f5fr-5gcv-6cc5
NOTE: https://github.com/nextcloud/desktop/pull/3338
@@ -43028,8 +43027,8 @@ CVE-2021-23443
RESERVED
 CVE-2021-23442 (This affects all versions of package @cookiex/deep. The global 
proto o ...)
TODO: check
-CVE-2021-23441
-   RESERVED
+CVE-2021-23441 (All versions of package com.jsoniter:jsoniter are vulnerable 
to Deseri ...)
+   TODO: check
 CVE-2021-23440 (This affects the package set-value before 4.0.1. A type 
confusion vuln ...)
- node-set-value 3.0.1-3 (bug #994448)
[bullseye] - node-set-value  (Minor issue)
@@ -44275,6 +44274,7 @@ CVE-2021-22897 (curl 7.61.0 through 7.76.1 suffers from 
exposure of data element
 CVE-2021-22896 (Nextcloud Mail before 1.9.5 suffers from improper access 
control due t ...)
NOT-FOR-US: Nextcloud Mail
 CVE-2021-22895 (Nextcloud Desktop Client before 3.3.1 is vulnerable to 
improper certif ...)
+   {DSA-4974-1}
- nextcloud-desktop 3.3.1-1 (bug #989846)
NOTE: https://github.com/nextcloud/desktop/pull/2926
NOTE: 
https://github.com/nextcloud/desktop/commit/b1ddd0e491b2af0ed040e658d8bcde2a7a61c9fc
 (stable-3.1)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c89a1a8ef667dfd19d07fd9a044969a9924a385

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c89a1a8ef667dfd19d07fd9a044969a9924a385
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process three NFUs

2021-09-19 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9cb629d4 by Salvatore Bonaccorso at 2021-09-19T21:25:26+02:00
Process three NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,9 +1,9 @@
 CVE-2021-41395 (Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers 
to contro ...)
-   TODO: check
+   NOT-FOR-US: Teleport
 CVE-2021-41394 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, 
and 7.x b ...)
-   TODO: check
+   NOT-FOR-US: Teleport
 CVE-2021-41393 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, 
and 7.x b ...)
-   TODO: check
+   NOT-FOR-US: Teleport
 CVE-2021-41392 (static/main-preload.js in Boost Note through 0.22.0 allows 
remote comm ...)
TODO: check
 CVE-2021-41391 (In Ericsson ECM before 18.0, it was observed that Security 
Management  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cb629d4dd450959af161b182707445bf687c0b7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cb629d4dd450959af161b182707445bf687c0b7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for several chromium CVEs via unstable

2021-09-19 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8e117306 by Salvatore Bonaccorso at 2021-09-19T21:06:31+02:00
Track fixed version for several chromium CVEs via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -25399,270 +25399,270 @@ CVE-2021-30634
RESERVED
 CVE-2021-30633
RESERVED
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30632
RESERVED
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30631
RESERVED
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30630
RESERVED
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30629
RESERVED
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30628
RESERVED
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30627
RESERVED
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30626
RESERVED
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30625
RESERVED
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30624 (Chromium: CVE-2021-30624 Use after free in Autofill ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30623 (Chromium: CVE-2021-30623 Use after free in Bookmarks ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30622 (Chromium: CVE-2021-30622 Use after free in WebApp Installs ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30621 (Chromium: CVE-2021-30621 UI Spoofing in Autofill ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30620 (Chromium: CVE-2021-30620 Insufficient policy enforcement in 
Blink ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30619 (Chromium: CVE-2021-30619 UI Spoofing in Autofill ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30618 (Chromium: CVE-2021-30618 Inappropriate implementation in 
DevTools ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30617 (Chromium: CVE-2021-30617 Policy bypass in Blink ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30616 (Chromium: CVE-2021-30616 Use after free in Media ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30615 (Chromium: CVE-2021-30615 Cross-origin data leak in Navigation 
...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30614 (Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30613 (Chromium: CVE-2021-30613 Use after free in Base internals ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30612 (Chromium: CVE-2021-30612 Use after free in WebRTC ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30611 (Chromium: CVE-2021-30611 Use after free in WebRTC ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30610 (Chromium: CVE-2021-30610 Use after free in Extensions API ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30609 (Chromium: CVE-2021-30609 Use after free in Sign-In ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30608 (Chromium: CVE-2021-30608 Use after free in Web Share ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30607 (Chromium: CVE-2021-30607 Use after free in Permissions ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30606 (Chromium: CVE-2021-30606 Use after free in Blink ...)
-   - chromium 
+   - chromium 93.0.4577.82-1
[stretch] - chromium  (see DSA 4562)
 CVE-2021-30605 (Inappropriate

[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2021-40084/opensysusers

2021-09-19 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
798cbcd5 by Salvatore Bonaccorso at 2021-09-19T20:39:41+02:00
Track fixed version via unstable for CVE-2021-40084/opensysusers

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -6862,7 +6862,7 @@ CVE-2021-3696
 CVE-2021-3695
RESERVED
 CVE-2021-40084 (opensysusers through 0.6 does not safely use eval on files in 
sysusers ...)
-   - opensysusers  (bug #992058)
+   - opensysusers 0.6-3 (bug #992058)
[bullseye] - opensysusers  (Minor issue; if fixed upstream 
address via point release)
 CVE-2021-38364
RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/798cbcd5806dcc3adc53c37c246889a809a96582

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/798cbcd5806dcc3adc53c37c246889a809a96582
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Mark glewlwyd issue as no-dsa

2021-09-19 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1d647227 by Salvatore Bonaccorso at 2021-09-19T20:23:37+02:00
Mark glewlwyd issue as no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1567,6 +1567,8 @@ CVE-2021- [jws alg:none signature verification issue]
NOTE: 
https://github.com/babelouest/rhonabwy/commit/ff9ecad4c9a031c8369acde67ea52d558899e51e
 (v1.0.0)
 CVE-2021-40818 (scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a 
buffer ov ...)
- glewlwyd 2.5.2-3 (bug #993867)
+   [bullseye] - glewlwyd  (Minor issue; can be fixed via point 
release)
+   [buster] - glewlwyd  (Minor issue; can be fixed via point 
release)
NOTE: 
https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2
 CVE-2021-40683
RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d647227f237c762c2051f25094771fa952d051a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d647227f237c762c2051f25094771fa952d051a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Mark rhonabwy issues as no-dsa

2021-09-19 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
91cd2ba5 by Salvatore Bonaccorso at 2021-09-19T20:23:06+02:00
Mark rhonabwy issues as no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1559,9 +1559,11 @@ CVE-2021-40684
RESERVED
 CVE-2021- [jwe cbc tag computation error]
- rhonabwy 0.9.13-4 (bug #993866)
+   [bullseye] - rhonabwy  (Minor issue; can be fixed via point 
release)
NOTE: 
https://github.com/babelouest/rhonabwy/commit/996d935540c2c171c7678f14b8178d9ce87db9ac
 (v1.0.0)
 CVE-2021- [jws alg:none signature verification issue]
- rhonabwy 0.9.13-4 (bug #993866)
+   [bullseye] - rhonabwy  (Minor issue; can be fixed via point 
release)
NOTE: 
https://github.com/babelouest/rhonabwy/commit/ff9ecad4c9a031c8369acde67ea52d558899e51e
 (v1.0.0)
 CVE-2021-40818 (scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a 
buffer ov ...)
- glewlwyd 2.5.2-3 (bug #993867)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91cd2ba5ea1dea001d86d718e95a5ef0120174e7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91cd2ba5ea1dea001d86d718e95a5ef0120174e7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add prerequsite patches needed for CVE-2021-41072/squashfs-tools

2021-09-19 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a0bd36d3 by Salvatore Bonaccorso at 2021-09-19T13:40:41+02:00
Add prerequsite patches needed for CVE-2021-41072/squashfs-tools

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -701,7 +701,11 @@ CVE-2021-41073 [io_uring: ensure symmetry in handling iter 
types in loop_rw_iter
[stretch] - linux  (Vulnerable code introduced later)
 CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows 
Director ...)
- squashfs-tools 1:4.5-3 (bug #994262)
-   NOTE: 
https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd
+   NOTE: Prerequisites:
+   NOTE: 
https://github.com/plougher/squashfs-tools/commit/80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36
+   NOTE: 
https://github.com/plougher/squashfs-tools/commit/1993a4e7aeda04962bf26e84c15fba8b58837e10
+   NOTE: 
https://github.com/plougher/squashfs-tools/commit/9938154174756ee48a94ea0b076397a2944b028d
+   NOTE: Fixed by: 
https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd
NOTE: Followup fix: 
https://github.com/plougher/squashfs-tools/commit/19fcc9365dcdb2c22d232d42d11012940df64b7c
NOTE: 
https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405
 CVE-2021-41071



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0bd36d3f1a368b3d6fb953b36052b282f176c39

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0bd36d3f1a368b3d6fb953b36052b282f176c39
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update notes for two libgcrypt20 CVEs

2021-09-19 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ff7bba42 by Salvatore Bonaccorso at 2021-09-19T13:35:23+02:00
Update notes for two libgcrypt20 CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1905,7 +1905,11 @@ CVE-2021-40528 (The ElGamal implementation in Libgcrypt 
before 1.9.4 allows plai
NOTE: https://eprint.iacr.org/2021/923
NOTE: 
https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
NOTE: 
https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
-   NOTE: Related to CVE-2021-33560, but not a duplicate
+   NOTE: 
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e8b7f10be275bcedb5fc05ed4837a89bfd605c61
 (1.9.x)
+   NOTE: Related to CVE-2021-33560, but not a duplicate. Unfortunately 
scope of CVE-2021-33560 and
+   NOTE: CVE-2021-40528 got switched at some point, and CVE-2021-33560 
referring to the blinding
+   NOTE: hardening. We keep the original association as per 2021-09-19 
(until MITRE clarifies on
+   NOTE: a query).
 CVE-2021-40527
RESERVED
 CVE-2021-40526
@@ -18003,7 +18007,10 @@ CVE-2021-33560 (Libgcrypt before 1.8.8 and 1.9.x 
before 1.9.3 mishandles ElGamal
[buster] - libgcrypt20 1.8.4-5+deb10u1
NOTE: https://dev.gnupg.org/T5328
NOTE: https://eprint.iacr.org/2021/923.pdf
-   NOTE: 
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=3462280f2e23e16adf3ed5176e0f2413d8861320
+   NOTE: 
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=3462280f2e23e16adf3ed5176e0f2413d8861320
 (1.9.x)
+   NOTE: 
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=707c3c5c511ee70ad0e39ec613471f665305fbea
 (1.8.x)
+   NOTE: See notes on CVE-2021-40528 on the confusion about swapping of 
scope of
+   NOTE: CVE-2021-40528 and CVE-2021-33560.
 CVE-2021-33559
RESERVED
 CVE-2021-33558 (Boa 0.94.13 allows remote attackers to obtain sensitive 
information vi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff7bba427b8f21ddd1849d525f153f05aafc9abe

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff7bba427b8f21ddd1849d525f153f05aafc9abe
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] nextcloud-desktop DSA

2021-09-19 Thread Moritz Muehlenhoff (@jmm)



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a897983d by Moritz Mühlenhoff at 2021-09-19T12:31:59+02:00
nextcloud-desktop DSA

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,7 @@
+[19 Sep 2021] DSA-4974-1 nextcloud-desktop - security update
+   {CVE-2021-22895 CVE-2021-32728}
+   [buster] - nextcloud-desktop 2.5.1-3+deb10u2
+   [bullseye] - nextcloud-desktop 3.1.1-2+deb11u1
 [10 Sep 2021] DSA-4973-1 thunderbird - security update
{CVE-2021-38493}
[buster] - thunderbird 1:78.14.0-1~deb10u1


=
data/dsa-needed.txt
=
@@ -29,9 +29,6 @@ linux (carnil)
 --
 ndpi
 --
-nextcloud-desktop
-  Maintainer prepared an update for bullseye, needs update for buster
---
 nodejs (jmm)
 --
 puppetdb (jmm)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a897983d3fc0a1b04ea50474faa7acf66ab95624

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a897983d3fc0a1b04ea50474faa7acf66ab95624
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-41073 via unstable

2021-09-19 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8fb0b35e by Salvatore Bonaccorso at 2021-09-19T10:51:55+02:00
Track fixed version for CVE-2021-41073 via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -696,7 +696,7 @@ CVE-2021-41074
RESERVED
 CVE-2021-41073 [io_uring: ensure symmetry in handling iter types in 
loop_rw_iter()]
RESERVED
-   - linux 
+   - linux 5.14.6-2
[buster] - linux  (Vulnerable code introduced later)
[stretch] - linux  (Vulnerable code introduced later)
 CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows 
Director ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fb0b35ef2f31487ab194ca36fce6c60a5d7987d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fb0b35ef2f31487ab194ca36fce6c60a5d7987d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2021-41073/linux

2021-09-19 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
994cf4a2 by Salvatore Bonaccorso at 2021-09-19T10:11:18+02:00
Add CVE-2021-41073/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -694,8 +694,11 @@ CVE-2021-41075
RESERVED
 CVE-2021-41074
RESERVED
-CVE-2021-41073
+CVE-2021-41073 [io_uring: ensure symmetry in handling iter types in 
loop_rw_iter()]
RESERVED
+   - linux 
+   [buster] - linux  (Vulnerable code introduced later)
+   [stretch] - linux  (Vulnerable code introduced later)
 CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows 
Director ...)
- squashfs-tools 1:4.5-3 (bug #994262)
NOTE: 
https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/994cf4a21e9b988b0e85bae30c0cdf6023298ee4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/994cf4a21e9b988b0e85bae30c0cdf6023298ee4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2021-3761/cfrpki via unstable

2021-09-19 Thread Salvatore Bonaccorso (@carnil)



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f746b1b0 by Salvatore Bonaccorso at 2021-09-19T09:12:43+02:00
Add fixed version for CVE-2021-3761/cfrpki via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2307,7 +2307,7 @@ CVE-2021-40355 (A vulnerability has been identified in 
Teamcenter V12.4 (All ver
 CVE-2021-40354 (A vulnerability has been identified in Teamcenter V12.4 (All 
versions  ...)
NOT-FOR-US: Siemens
 CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 
into emitt ...)
-   - cfrpki  (bug #994572)
+   - cfrpki 1.3.0-1 (bug #994572)
NOTE: 
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9
NOTE: 
https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422
 CVE-2021-3760



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f746b1b09d15379c365043c9a5399c299fecc488

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f746b1b09d15379c365043c9a5399c299fecc488
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add apache2 to dsa-needed list

[Git][security-tracker-team/security-tracker][master] automatic update

[Git][security-tracker-team/security-tracker][master] Process three NFUs

[Git][security-tracker-team/security-tracker][master] Track fixed version for several chromium CVEs via unstable

[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2021-40084/opensysusers

[Git][security-tracker-team/security-tracker][master] Mark glewlwyd issue as no-dsa

[Git][security-tracker-team/security-tracker][master] Mark rhonabwy issues as no-dsa

[Git][security-tracker-team/security-tracker][master] Add prerequsite patches needed for CVE-2021-41072/squashfs-tools

[Git][security-tracker-team/security-tracker][master] Update notes for two libgcrypt20 CVEs

[Git][security-tracker-team/security-tracker][master] nextcloud-desktop DSA

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-41073 via unstable

[Git][security-tracker-team/security-tracker][master] Add CVE-2021-41073/linux

[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2021-3761/cfrpki via unstable

13 matches

Site Navigation

Mail list logo

Footer information