[Git][security-tracker-team/security-tracker][master] Add apache2 to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ce3caa41 by Salvatore Bonaccorso at 2021-09-20T06:21:20+02:00 Add apache2 to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -11,6 +11,9 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. +-- +apache2 + Yadd prepared update for bullseye-security, ping about buster? -- asterisk Maintainer prepared update for bullseye, needs ping for buster View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce3caa41ae62eca8ccd3e4a29954376ae1a16f13 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce3caa41ae62eca8ccd3e4a29954376ae1a16f13 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4c89a1a8 by security tracker role at 2021-09-19T20:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -694,8 +694,7 @@ CVE-2021-41075 RESERVED CVE-2021-41074 RESERVED -CVE-2021-41073 [io_uring: ensure symmetry in handling iter types in loop_rw_iter()] - RESERVED +CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel through 5.14.6 allow ...) - linux 5.14.6-2 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) @@ -1539,8 +1538,7 @@ CVE-2021-40692 RESERVED CVE-2021-40691 RESERVED -CVE-2021-40690 - RESERVED +CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...) - libxml-security-java (bug #994569) NOTE: https://santuario.apache.org/secadv.data/CVE-2021-40690.txt.asc CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input During Web ...) @@ -20056,6 +20054,7 @@ CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime servi CVE-2021-32729 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-32728 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) + {DSA-4974-1} - nextcloud-desktop 3.3.1-1 NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f5fr-5gcv-6cc5 NOTE: https://github.com/nextcloud/desktop/pull/3338 @@ -43028,8 +43027,8 @@ CVE-2021-23443 RESERVED CVE-2021-23442 (This affects all versions of package @cookiex/deep. The global proto o ...) TODO: check -CVE-2021-23441 - RESERVED +CVE-2021-23441 (All versions of package com.jsoniter:jsoniter are vulnerable to Deseri ...) + TODO: check CVE-2021-23440 (This affects the package set-value before 4.0.1. A type confusion vuln ...) - node-set-value 3.0.1-3 (bug #994448) [bullseye] - node-set-value (Minor issue) @@ -44275,6 +44274,7 @@ CVE-2021-22897 (curl 7.61.0 through 7.76.1 suffers from exposure of data element CVE-2021-22896 (Nextcloud Mail before 1.9.5 suffers from improper access control due t ...) NOT-FOR-US: Nextcloud Mail CVE-2021-22895 (Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certif ...) + {DSA-4974-1} - nextcloud-desktop 3.3.1-1 (bug #989846) NOTE: https://github.com/nextcloud/desktop/pull/2926 NOTE: https://github.com/nextcloud/desktop/commit/b1ddd0e491b2af0ed040e658d8bcde2a7a61c9fc (stable-3.1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c89a1a8ef667dfd19d07fd9a044969a9924a385 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c89a1a8ef667dfd19d07fd9a044969a9924a385 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process three NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9cb629d4 by Salvatore Bonaccorso at 2021-09-19T21:25:26+02:00 Process three NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2021-41395 (Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to contro ...) - TODO: check + NOT-FOR-US: Teleport CVE-2021-41394 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...) - TODO: check + NOT-FOR-US: Teleport CVE-2021-41393 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...) - TODO: check + NOT-FOR-US: Teleport CVE-2021-41392 (static/main-preload.js in Boost Note through 0.22.0 allows remote comm ...) TODO: check CVE-2021-41391 (In Ericsson ECM before 18.0, it was observed that Security Management ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cb629d4dd450959af161b182707445bf687c0b7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cb629d4dd450959af161b182707445bf687c0b7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for several chromium CVEs via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e117306 by Salvatore Bonaccorso at 2021-09-19T21:06:31+02:00 Track fixed version for several chromium CVEs via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25399,270 +25399,270 @@ CVE-2021-30634 RESERVED CVE-2021-30633 RESERVED - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30632 RESERVED - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30631 RESERVED - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30630 RESERVED - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30629 RESERVED - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30628 RESERVED - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30627 RESERVED - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30626 RESERVED - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30625 RESERVED - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30624 (Chromium: CVE-2021-30624 Use after free in Autofill ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30623 (Chromium: CVE-2021-30623 Use after free in Bookmarks ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30622 (Chromium: CVE-2021-30622 Use after free in WebApp Installs ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30621 (Chromium: CVE-2021-30621 UI Spoofing in Autofill ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30620 (Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30619 (Chromium: CVE-2021-30619 UI Spoofing in Autofill ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30618 (Chromium: CVE-2021-30618 Inappropriate implementation in DevTools ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30617 (Chromium: CVE-2021-30617 Policy bypass in Blink ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30616 (Chromium: CVE-2021-30616 Use after free in Media ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30615 (Chromium: CVE-2021-30615 Cross-origin data leak in Navigation ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30614 (Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30613 (Chromium: CVE-2021-30613 Use after free in Base internals ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30612 (Chromium: CVE-2021-30612 Use after free in WebRTC ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30611 (Chromium: CVE-2021-30611 Use after free in WebRTC ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30610 (Chromium: CVE-2021-30610 Use after free in Extensions API ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30609 (Chromium: CVE-2021-30609 Use after free in Sign-In ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30608 (Chromium: CVE-2021-30608 Use after free in Web Share ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30607 (Chromium: CVE-2021-30607 Use after free in Permissions ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30606 (Chromium: CVE-2021-30606 Use after free in Blink ...) - - chromium + - chromium 93.0.4577.82-1 [stretch] - chromium (see DSA 4562) CVE-2021-30605 (Inappropriate
[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2021-40084/opensysusers
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 798cbcd5 by Salvatore Bonaccorso at 2021-09-19T20:39:41+02:00 Track fixed version via unstable for CVE-2021-40084/opensysusers - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6862,7 +6862,7 @@ CVE-2021-3696 CVE-2021-3695 RESERVED CVE-2021-40084 (opensysusers through 0.6 does not safely use eval on files in sysusers ...) - - opensysusers (bug #992058) + - opensysusers 0.6-3 (bug #992058) [bullseye] - opensysusers (Minor issue; if fixed upstream address via point release) CVE-2021-38364 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/798cbcd5806dcc3adc53c37c246889a809a96582 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/798cbcd5806dcc3adc53c37c246889a809a96582 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark glewlwyd issue as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d647227 by Salvatore Bonaccorso at 2021-09-19T20:23:37+02:00 Mark glewlwyd issue as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1567,6 +1567,8 @@ CVE-2021- [jws alg:none signature verification issue] NOTE: https://github.com/babelouest/rhonabwy/commit/ff9ecad4c9a031c8369acde67ea52d558899e51e (v1.0.0) CVE-2021-40818 (scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer ov ...) - glewlwyd 2.5.2-3 (bug #993867) + [bullseye] - glewlwyd (Minor issue; can be fixed via point release) + [buster] - glewlwyd (Minor issue; can be fixed via point release) NOTE: https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2 CVE-2021-40683 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d647227f237c762c2051f25094771fa952d051a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d647227f237c762c2051f25094771fa952d051a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark rhonabwy issues as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 91cd2ba5 by Salvatore Bonaccorso at 2021-09-19T20:23:06+02:00 Mark rhonabwy issues as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1559,9 +1559,11 @@ CVE-2021-40684 RESERVED CVE-2021- [jwe cbc tag computation error] - rhonabwy 0.9.13-4 (bug #993866) + [bullseye] - rhonabwy (Minor issue; can be fixed via point release) NOTE: https://github.com/babelouest/rhonabwy/commit/996d935540c2c171c7678f14b8178d9ce87db9ac (v1.0.0) CVE-2021- [jws alg:none signature verification issue] - rhonabwy 0.9.13-4 (bug #993866) + [bullseye] - rhonabwy (Minor issue; can be fixed via point release) NOTE: https://github.com/babelouest/rhonabwy/commit/ff9ecad4c9a031c8369acde67ea52d558899e51e (v1.0.0) CVE-2021-40818 (scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer ov ...) - glewlwyd 2.5.2-3 (bug #993867) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91cd2ba5ea1dea001d86d718e95a5ef0120174e7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91cd2ba5ea1dea001d86d718e95a5ef0120174e7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add prerequsite patches needed for CVE-2021-41072/squashfs-tools
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a0bd36d3 by Salvatore Bonaccorso at 2021-09-19T13:40:41+02:00 Add prerequsite patches needed for CVE-2021-41072/squashfs-tools - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -701,7 +701,11 @@ CVE-2021-41073 [io_uring: ensure symmetry in handling iter types in loop_rw_iter [stretch] - linux (Vulnerable code introduced later) CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Director ...) - squashfs-tools 1:4.5-3 (bug #994262) - NOTE: https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd + NOTE: Prerequisites: + NOTE: https://github.com/plougher/squashfs-tools/commit/80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36 + NOTE: https://github.com/plougher/squashfs-tools/commit/1993a4e7aeda04962bf26e84c15fba8b58837e10 + NOTE: https://github.com/plougher/squashfs-tools/commit/9938154174756ee48a94ea0b076397a2944b028d + NOTE: Fixed by: https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd NOTE: Followup fix: https://github.com/plougher/squashfs-tools/commit/19fcc9365dcdb2c22d232d42d11012940df64b7c NOTE: https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405 CVE-2021-41071 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0bd36d3f1a368b3d6fb953b36052b282f176c39 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0bd36d3f1a368b3d6fb953b36052b282f176c39 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update notes for two libgcrypt20 CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ff7bba42 by Salvatore Bonaccorso at 2021-09-19T13:35:23+02:00 Update notes for two libgcrypt20 CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1905,7 +1905,11 @@ CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plai NOTE: https://eprint.iacr.org/2021/923 NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 - NOTE: Related to CVE-2021-33560, but not a duplicate + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e8b7f10be275bcedb5fc05ed4837a89bfd605c61 (1.9.x) + NOTE: Related to CVE-2021-33560, but not a duplicate. Unfortunately scope of CVE-2021-33560 and + NOTE: CVE-2021-40528 got switched at some point, and CVE-2021-33560 referring to the blinding + NOTE: hardening. We keep the original association as per 2021-09-19 (until MITRE clarifies on + NOTE: a query). CVE-2021-40527 RESERVED CVE-2021-40526 @@ -18003,7 +18007,10 @@ CVE-2021-33560 (Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal [buster] - libgcrypt20 1.8.4-5+deb10u1 NOTE: https://dev.gnupg.org/T5328 NOTE: https://eprint.iacr.org/2021/923.pdf - NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=3462280f2e23e16adf3ed5176e0f2413d8861320 + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=3462280f2e23e16adf3ed5176e0f2413d8861320 (1.9.x) + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=707c3c5c511ee70ad0e39ec613471f665305fbea (1.8.x) + NOTE: See notes on CVE-2021-40528 on the confusion about swapping of scope of + NOTE: CVE-2021-40528 and CVE-2021-33560. CVE-2021-33559 RESERVED CVE-2021-33558 (Boa 0.94.13 allows remote attackers to obtain sensitive information vi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff7bba427b8f21ddd1849d525f153f05aafc9abe -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff7bba427b8f21ddd1849d525f153f05aafc9abe You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] nextcloud-desktop DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: a897983d by Moritz Mühlenhoff at 2021-09-19T12:31:59+02:00 nextcloud-desktop DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[19 Sep 2021] DSA-4974-1 nextcloud-desktop - security update + {CVE-2021-22895 CVE-2021-32728} + [buster] - nextcloud-desktop 2.5.1-3+deb10u2 + [bullseye] - nextcloud-desktop 3.1.1-2+deb11u1 [10 Sep 2021] DSA-4973-1 thunderbird - security update {CVE-2021-38493} [buster] - thunderbird 1:78.14.0-1~deb10u1 = data/dsa-needed.txt = @@ -29,9 +29,6 @@ linux (carnil) -- ndpi -- -nextcloud-desktop - Maintainer prepared an update for bullseye, needs update for buster --- nodejs (jmm) -- puppetdb (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a897983d3fc0a1b04ea50474faa7acf66ab95624 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a897983d3fc0a1b04ea50474faa7acf66ab95624 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-41073 via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8fb0b35e by Salvatore Bonaccorso at 2021-09-19T10:51:55+02:00 Track fixed version for CVE-2021-41073 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -696,7 +696,7 @@ CVE-2021-41074 RESERVED CVE-2021-41073 [io_uring: ensure symmetry in handling iter types in loop_rw_iter()] RESERVED - - linux + - linux 5.14.6-2 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Director ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fb0b35ef2f31487ab194ca36fce6c60a5d7987d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fb0b35ef2f31487ab194ca36fce6c60a5d7987d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-41073/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 994cf4a2 by Salvatore Bonaccorso at 2021-09-19T10:11:18+02:00 Add CVE-2021-41073/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -694,8 +694,11 @@ CVE-2021-41075 RESERVED CVE-2021-41074 RESERVED -CVE-2021-41073 +CVE-2021-41073 [io_uring: ensure symmetry in handling iter types in loop_rw_iter()] RESERVED + - linux + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Director ...) - squashfs-tools 1:4.5-3 (bug #994262) NOTE: https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/994cf4a21e9b988b0e85bae30c0cdf6023298ee4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/994cf4a21e9b988b0e85bae30c0cdf6023298ee4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2021-3761/cfrpki via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f746b1b0 by Salvatore Bonaccorso at 2021-09-19T09:12:43+02:00 Add fixed version for CVE-2021-3761/cfrpki via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2307,7 +2307,7 @@ CVE-2021-40355 (A vulnerability has been identified in Teamcenter V12.4 (All ver CVE-2021-40354 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) NOT-FOR-US: Siemens CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitt ...) - - cfrpki (bug #994572) + - cfrpki 1.3.0-1 (bug #994572) NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9 NOTE: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422 CVE-2021-3760 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f746b1b09d15379c365043c9a5399c299fecc488 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f746b1b09d15379c365043c9a5399c299fecc488 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits