[Git][security-tracker-team/security-tracker][master] CVE-2021-36749 TODO
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: d2c4dd95 by Henri Salo at 2021-09-24T07:44:39+03:00 CVE-2021-36749 TODO - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11140,6 +11140,8 @@ CVE-2021-36750 RESERVED CVE-2021-36749 RESERVED + NOTE: https://www.openwall.com/lists/oss-security/2021/09/24/1 + TODO: check CVE-2021-3650 RESERVED CVE-2021-3649 (chatwoot is vulnerable to Inefficient Regular Expression Complexity ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2c4dd95cad217184e5f4d5999c631c0c582062e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2c4dd95cad217184e5f4d5999c631c0c582062e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Typo fix
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker
Commits:
33222c7d by Henri Salo at 2021-09-24T07:43:30+03:00
Typo fix
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -46939,37 +46939,37 @@ CVE-2021-22022 (The vRealize Operations Manager API
(8.x prior to 8.5) contains
CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a
Cross Site S ...)
NOT-FOR-US: VMware
CVE-2021-22020 (The vCenter Server contains a denial-of-service vulnerability
in the A ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-22019 (The vCenter Server contains a denial-of-service vulnerability
in VAPI ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-22018 (The vCenter Server contains an arbitrary file deletion
vulnerability i ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-22017 (Rhttproxy as used in vCenter Server contains a vulnerability
due to im ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-22016 (The vCenter Server contains a reflected cross-site scripting
vulnerabi ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-22015 (The vCenter Server contains multiple local privilege
escalation vulner ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-22014 (The vCenter Server contains an authenticated code execution
vulnerabil ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-22013 (The vCenter Server contains a file path traversal
vulnerability leadin ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-22012 (The vCenter Server contains an information disclosure
vulnerability du ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-22011 (vCenter Server contains an unauthenticated API endpoint
vulnerability ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-22010 (The vCenter Server contains a denial-of-service vulnerability
in VPXD ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-22009 (The vCenter Server contains multiple denial-of-service
vulnerabilities ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-22008 (The vCenter Server contains an information disclosure
vulnerability in ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-22007 (The vCenter Server contains a local information disclosure
vulnerabili ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-22006 (The vCenter Server contains a reverse proxy bypass
vulnerability due t ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-22005 (The vCenter Server contains an arbitrary file upload
vulnerability in ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-22004 (An issue was discovered in SaltStack Salt before 3003.3. The
salt mini ...)
- salt (bug #994016)
NOTE:
https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
@@ -46995,7 +46995,7 @@ CVE-2021-21995 (OpenSLP as used in ESXi has a
denial-of-service vulnerability du
CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as used in ESXi has an
authenticatio ...)
NOT-FOR-US: VMware
CVE-2021-21993 (The vCenter Server contains an SSRF (Server Side Request
Forgery) vuln ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2021-21992 (The vCenter Server contains a denial-of-service vulnerability
due to i ...)
NOT-FOR-US: VMware
CVE-2021-21991 (The vCenter Server contains a local privilege escalation
vulnerability ...)
@@ -312285,8 +312285,8 @@ CVE-2016- [mediawiki issues from 1.26.3, 1.25.6
and 1.23.14]
CVE-2016-4952 (QEMU (aka Quick Emulator), when built with VMWARE PVSCSI
paravirtual S ...)
{DLA-1599-1}
- qemu 1:2.6+dfsg-2 (bug #825210)
- [wheezy] - qemu (VMWare PVSCSI paravirtual device
implementation introduced later)
- - qemu-kvm (VMWare PVSCSI paravirtual device
implementation introduced later)
+ [wheezy] - qemu (VMware PVSCSI paravirtual device
implementation introduced later)
+ - qemu-kvm (VMware PVSCSI paravirtual device
implementation introduced later)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html
NOTE: Introduced in:
http://git.qemu.org/?p=qemu.git;a=commit;h=881d588a98bf0dce98ddb65c15aa0854c0ac41ed
(v1.5.0-rc0)
CVE-2016-4951 (The tipc_nl_publ_dump function in net/tipc/socket.c in the
Linux kerne ...)
@@ -375313,15 +375313,15 @@ CVE-2014-1213 (Sophos Anti-Virus engine (SAVi)
before 3.50.1, as used in VDL 4.9
CVE-2014-1212
RESERVED
CVE-2014-1211 (Cross-site request forgery (CSRF) vulnerability in VMware
vCloud Direc ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2014-1210 (VMware vSphere Client 5.0 before Update 3 and 5.1 before Update
2
[Git][security-tracker-team/security-tracker][master] CVE-2021-40690,CVE-2019-12400,libxml-security-java: Fixed in unstable
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 5f8c7a11 by Markus Koschany at 2021-09-23T23:58:36+02:00 CVE-2021-40690,CVE-2019-12400,libxml-security-java: Fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1923,7 +1923,7 @@ CVE-2021-40692 CVE-2021-40691 RESERVED CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...) - - libxml-security-java (bug #994569) + - libxml-security-java 2.1.7-1 (bug #994569) NOTE: https://santuario.apache.org/secadv.data/CVE-2021-40690.txt.asc CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input During Web ...) - peertube (bug #950821) @@ -155837,7 +155837,7 @@ CVE-2019-12401 (Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 NOTE: disabling coalescing by default which can trigger large memory consumption NOTE: when parsing specially crafted XML data. CVE-2019-12400 (In version 2.0.3 Apache Santuario XML Security for Java, a caching mec ...) - - libxml-security-java (bug #935548) + - libxml-security-java 2.1.7-1 (bug #935548) [bullseye] - libxml-security-java (Minor issue) [buster] - libxml-security-java (Minor issue) [stretch] - libxml-security-java (Vulnerable code introduced in 2.0.3) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f8c7a112a0a365241ae68b3693d789e6953e34e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f8c7a112a0a365241ae68b3693d789e6953e34e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dc54ad1f by Salvatore Bonaccorso at 2021-09-23T22:33:09+02:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -307,7 +307,7 @@ CVE-2021-41430 CVE-2021-41429 RESERVED CVE-2021-41428 (Insecure permissions in Update Manager = 5.8.0.2300 and DFL = ...) - TODO: check + NOT-FOR-US: DATEV CVE-2021-41427 RESERVED CVE-2021-41426 @@ -402,7 +402,7 @@ CVE-2021-41383 (setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to e CVE-2021-41382 (Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server managem ...) NOT-FOR-US: Plastic SCM CVE-2021-41381 (Payara Micro Community 5.2021.6 and below allows Directory Traversal. ...) - TODO: check + NOT-FOR-US: Payara Micro Community CVE-2021-3816 RESERVED CVE-2021-41380 (RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of ...) @@ -10788,9 +10788,9 @@ CVE-2021-36875 CVE-2021-36874 RESERVED CVE-2021-36873 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-36872 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...) NOT-FOR-US: Wordpress plugin CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...) @@ -10888,7 +10888,7 @@ CVE-2021-36825 CVE-2021-36824 RESERVED CVE-2021-36823 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-36822 RESERVED CVE-2021-36821 @@ -35641,7 +35641,7 @@ CVE-2021-26796 CVE-2021-26795 RESERVED CVE-2021-26794 (Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows ...) - TODO: check + NOT-FOR-US: FrogCMS SentCMS CVE-2021-26793 RESERVED CVE-2021-26792 @@ -44716,15 +44716,15 @@ CVE-2021-22955 CVE-2021-22954 RESERVED CVE-2021-22953 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to c ...) - TODO: check + NOT-FOR-US: Concrete CMS CVE-2021-22952 (A vulnerability found in UniFi Talk application V1.12.3 and earlier pe ...) TODO: check CVE-2021-22951 RESERVED CVE-2021-22950 (Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachme ...) - TODO: check + NOT-FOR-US: Concrete CMS CVE-2021-22949 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to d ...) - TODO: check + NOT-FOR-US: Concrete CMS CVE-2021-22948 (Vulnerability in the generation of session IDs in revive-adserver ...) TODO: check CVE-2021-22947 [STARTTLS protocol injection via MITM] @@ -44755,7 +44755,7 @@ CVE-2021-22942 [ossible Open Redirect in Host Authorization Middleware] [stretch] - rails (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/08/20/1 CVE-2021-22941 (Improper Access Control in Citrix ShareFile storage zones controller b ...) - TODO: check + NOT-FOR-US: Citrix CVE-2021-22940 (Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use aft ...) - nodejs 12.22.5~dfsg-1 [bullseye] - nodejs (Incomplete fix for CVE-2021-22930 not applied) @@ -46348,7 +46348,7 @@ CVE-2021-22278 CVE-2021-22277 RESERVED CVE-2021-22276 (The vulnerability allows a successful attacker to bypass the integrity ...) - TODO: check + NOT-FOR-US: ABB CVE-2021-22275 RESERVED CVE-2021-22274 @@ -46939,37 +46939,37 @@ CVE-2021-22022 (The vRealize Operations Manager API (8.x prior to 8.5) contains CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site S ...) NOT-FOR-US: VMware CVE-2021-22020 (The vCenter Server contains a denial-of-service vulnerability in the A ...) - TODO: check + NOT-FOR-US: VMWare CVE-2021-22019 (The vCenter Server contains a denial-of-service vulnerability in VAPI ...) - TODO: check + NOT-FOR-US: VMWare CVE-2021-22018 (The vCenter Server contains an arbitrary file deletion vulnerability i ...) - TODO: check + NOT-FOR-US: VMWare CVE-2021-22017 (Rhttproxy as used in vCenter Server contains a vulnerability due to im ...) - TODO: check + NOT-FOR-US: VMWare CVE-2021-22016 (The vCenter Server contains a reflected cross-site scripting vulnerabi ...) - TODO: check + NOT-FOR-US: VMWare CVE-2021-22015 (The vCenter Server contains multiple local privilege escalation vulner ...) - TODO: check + NOT-FOR-US: VMWare CVE-2021-22014 (The vCenter
[Git][security-tracker-team/security-tracker][master] Track proposed atftp via {buster,bullseye}-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
90299ca4 by Salvatore Bonaccorso at 2021-09-23T22:16:36+02:00
Track proposed atftp via {buster,bullseye}-pu
- - - - -
2 changed files:
- data/next-oldstable-point-update.txt
- data/next-point-update.txt
Changes:
=
data/next-oldstable-point-update.txt
=
@@ -115,3 +115,5 @@ CVE-2021-2372
[buster] - mariadb-10.3 1:10.3.31-0+deb10u1
CVE-2021-38173
[buster] - btrbk 0.27.1-1+deb10u1
+CVE-2021-41054
+ [buster] - atftp 0.7.git20120829-3.2+deb10u2
=
data/next-point-update.txt
=
@@ -46,3 +46,5 @@ CVE-2021-3805
[bullseye] - node-object-path 0.11.5-3+deb11u1
CVE-2021-23440
[bullseye] - node-set-value 3.0.1-2+deb11u1
+CVE-2021-41054
+ [bullseye] - atftp 0.7.git20120829-3.3+deb11u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90299ca4960a956cea9bc435cb369d0e37cacb1b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90299ca4960a956cea9bc435cb369d0e37cacb1b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fd951f18 by Salvatore Bonaccorso at 2021-09-23T22:12:59+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6158,7 +6158,7 @@ CVE-2021-38879 CVE-2021-38878 RESERVED CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-38876 RESERVED CVE-2021-38875 @@ -6172,7 +6172,7 @@ CVE-2021-38872 CVE-2021-38871 RESERVED CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vu ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-38869 RESERVED CVE-2021-38868 @@ -6184,9 +6184,9 @@ CVE-2021-38866 CVE-2021-38865 RESERVED CVE-2021-38864 (IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensit ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-38863 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-38862 RESERVED CVE-2021-38861 @@ -28123,9 +28123,9 @@ CVE-2021-29907 (IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticat CVE-2021-29906 RESERVED CVE-2021-29905 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-29904 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-29903 RESERVED CVE-2021-29902 @@ -28267,9 +28267,9 @@ CVE-2021-29835 CVE-2021-29834 RESERVED CVE-2021-29833 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-29832 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-29831 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) NOT-FOR-US: IBM CVE-2021-29830 @@ -28301,19 +28301,19 @@ CVE-2021-29818 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_G CVE-2021-29817 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) NOT-FOR-US: IBM CVE-2021-29816 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-29815 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-29814 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-29813 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-29812 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-29811 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) NOT-FOR-US: IBM CVE-2021-29810 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-29809 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) NOT-FOR-US: IBM CVE-2021-29808 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) @@ -28333,7 +28333,7 @@ CVE-2021-29802 (IBM Security SOAR performs an operation at a privilege level tha CVE-2021-29801 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM CVE-2021-29800 (IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1 ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-29799 RESERVED CVE-2021-29798 @@ -52002,7 +52002,7 @@ CVE-2021-20565 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6 CVE-2021-20564 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...) NOT-FOR-US: IBM CVE-2021-20563 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-20562 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 ...) NOT-FOR-US: IBM CVE-2021-20561 @@ -52158,9 +52158,9 @@ CVE-2021-20487 (IBM Power9 Self Boot Engine(SBE) could allow a privileged user t CVE-2021-20486 (IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain ...) NOT-FOR-US: IBM CVE-2021-20485 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-20484 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cro ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-20483 (IBM
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
34a9e870 by security tracker role at 2021-09-23T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,7 @@
+CVE-2021-41572
+ RESERVED
+CVE-2021-41571
+ RESERVED
CVE-2021-41570
RESERVED
CVE-2021-41569
@@ -22,8 +26,8 @@ CVE-2021-41561
RESERVED
CVE-2021-3825
RESERVED
-CVE-2021-3824
- RESERVED
+CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote
attackers to in ...)
+ TODO: check
CVE-2021-3823
RESERVED
CVE-2021-3822
@@ -302,8 +306,8 @@ CVE-2021-41430
RESERVED
CVE-2021-41429
RESERVED
-CVE-2021-41428
- RESERVED
+CVE-2021-41428 (Insecure permissions in Update Manager = 5.8.0.2300 and
DFL = ...)
+ TODO: check
CVE-2021-41427
RESERVED
CVE-2021-41426
@@ -397,8 +401,8 @@ CVE-2021-41383 (setup.cgi on NETGEAR R6020 1.0.0.48 devices
allows an admin to e
NOT-FOR-US: Netgear
CVE-2021-41382 (Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server
managem ...)
NOT-FOR-US: Plastic SCM
-CVE-2021-41381
- RESERVED
+CVE-2021-41381 (Payara Micro Community 5.2021.6 and below allows Directory
Traversal. ...)
+ TODO: check
CVE-2021-3816
RESERVED
CVE-2021-41380 (RealVNC Viewer 6.21.406 allows remote VNC servers to cause a
denial of ...)
@@ -6153,8 +6157,8 @@ CVE-2021-38879
RESERVED
CVE-2021-38878
RESERVED
-CVE-2021-38877
- RESERVED
+CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to
stored cross ...)
+ TODO: check
CVE-2021-38876
RESERVED
CVE-2021-38875
@@ -6167,8 +6171,8 @@ CVE-2021-38872
RESERVED
CVE-2021-38871
RESERVED
-CVE-2021-38870
- RESERVED
+CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting.
This vu ...)
+ TODO: check
CVE-2021-38869
RESERVED
CVE-2021-38868
@@ -6179,10 +6183,10 @@ CVE-2021-38866
RESERVED
CVE-2021-38865
RESERVED
-CVE-2021-38864
- RESERVED
-CVE-2021-38863
- RESERVED
+CVE-2021-38864 (IBM Security Verify Bridge 1.0.5.0 could allow a user to
obtain sensit ...)
+ TODO: check
+CVE-2021-38863 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in
plain cl ...)
+ TODO: check
CVE-2021-38862
RESERVED
CVE-2021-38861
@@ -10783,10 +10787,10 @@ CVE-2021-36875
RESERVED
CVE-2021-36874
RESERVED
-CVE-2021-36873
- RESERVED
-CVE-2021-36872
- RESERVED
+CVE-2021-36873 (Authenticated Persistent Cross-Site Scripting (XSS)
vulnerability in W ...)
+ TODO: check
+CVE-2021-36872 (Authenticated Persistent Cross-Site Scripting (XSS)
vulnerability in W ...)
+ TODO: check
CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS)
vulnerabi ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS)
vulnerabi ...)
@@ -10883,8 +10887,8 @@ CVE-2021-36825
RESERVED
CVE-2021-36824
RESERVED
-CVE-2021-36823
- RESERVED
+CVE-2021-36823 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability
in WordP ...)
+ TODO: check
CVE-2021-36822
RESERVED
CVE-2021-36821
@@ -19836,8 +19840,8 @@ CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6,
9.0.0.M1 to 9.0.46 and 8.5.0
NOTE:
https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02
(8.5.67)
CVE-2021-33036
RESERVED
-CVE-2021-33035
- RESERVED
+CVE-2021-33035 (Apache OpenOffice opens dBase/DBF documents and shows the
contents as ...)
+ TODO: check
CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c
has a use ...)
{DLA-2690-1 DLA-2689-1}
- linux 5.10.38-1
@@ -19915,8 +19919,8 @@ CVE-2021-33001
RESERVED
CVE-2021-33000 (Parsing a maliciously crafted project file may cause a
heap-based buff ...)
NOT-FOR-US: WebAccess HMI Designer
-CVE-2021-32999
- RESERVED
+CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink
server while ...)
+ TODO: check
CVE-2021-32998
RESERVED
CVE-2021-32997
@@ -19939,8 +19943,8 @@ CVE-2021-32989
RESERVED
CVE-2021-32988 (FATEK Automation WinProladder Versions 3.30 and prior are
vulnerable t ...)
NOT-FOR-US: FATEK Automation WinProladder
-CVE-2021-32987
- RESERVED
+CVE-2021-32987 (Null pointer dereference in SuiteLink server while processing
command ...)
+ TODO: check
CVE-2021-32986
RESERVED
CVE-2021-32985
@@ -19955,8 +19959,8 @@ CVE-2021-32981
RESERVED
CVE-2021-32980
RESERVED
-CVE-2021-32979
- RESERVED
+CVE-2021-32979 (Null pointer dereference in SuiteLink server while processing
commands ...)
+ TODO: check
[Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-20079/vim
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f5897553 by Salvatore Bonaccorso at 2021-09-23T22:07:15+02:00 Update information on CVE-2019-20079/vim - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -123731,11 +123731,12 @@ CVE-2019-20080 RESERVED CVE-2019-20079 (The autocmd feature in window.c in Vim before 8.1.2136 accesses freed ...) - vim 2:8.1.2136-1 - [buster] - vim (Minor issue) + [buster] - vim (Vulnerable code introduced later) [stretch] - vim (Vulnerable code introduced later) [jessie] - vim (vulnerable code was introduced later) NOTE: https://github.com/vim/vim/issues/5041 - NOTE: https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 + NOTE: Introduced with: https://github.com/vim/vim/commit/a27e1dcddc9e3914ab34b164f71c51b72903b00b (v8.1.2121) + NOTE: Fixed by: https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 (v8.1.2136) CVE-2019-20078 RESERVED CVE-2019-20077 (The Typesetter CMS 5.1 logout functionality is affected by a CSRF vuln ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f58975538c96ade3afe66f204f53ee9334011f22 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f58975538c96ade3afe66f204f53ee9334011f22 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove one ignored entry which got an update in DLA-2765-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c6492cc3 by Salvatore Bonaccorso at 2021-09-23T20:46:06+02:00 Remove one ignored entry which got an update in DLA-2765-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -279961,7 +279961,6 @@ CVE-2017-6061 (Cross-site scripting (XSS) vulnerability in the help component of NOT-FOR-US: SAP CVE-2017-6060 (Stack-based buffer overflow in jstest_main.c in mujstest in Artifex So ...) - mupdf 1.12.0+ds1-1 (unimportant) - [stretch] - mupdf (Vulnerable code not packaged or compiled) [wheezy] - mupdf (Vulnerable code not present) NOTE: Although jstest_main.c compiled during build and mujstest is created NOTE: it is not included in the produced binary packages View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6492cc3c2b9c2e65800262685fe033294ebb0d2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6492cc3c2b9c2e65800262685fe033294ebb0d2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-21468/redis as unimportant
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 029d966b by Salvatore Bonaccorso at 2021-09-23T20:44:28+02:00 Mark CVE-2020-21468/redis as unimportant - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -79046,9 +79046,9 @@ CVE-2020-21470 CVE-2020-21469 RESERVED CVE-2020-21468 (A segmentation fault in the redis-server component of Redis 5.0.7 lead ...) - - redis + - redis (unimportant) NOTE: https://github.com/redis/redis/issues/6633 - TODO: check + NOTE: Negligible security impact; disputed issue upstream and unreproducible. CVE-2020-21467 RESERVED CVE-2020-21466 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/029d966be38fab45b37ba035111de59ec3d0dff8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/029d966be38fab45b37ba035111de59ec3d0dff8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixes for python3.9 via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b206e7d8 by Salvatore Bonaccorso at 2021-09-23T20:42:25+02:00
Track fixes for python3.9 via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -3213,7 +3213,7 @@ CVE-2021-3738
CVE-2021-3737 [client can enter an infinite loop on a 100 Continue response
from the server]
RESERVED
[experimental] - python3.9 3.9.6-1
- - python3.9
+ - python3.9 3.9.7-1
[bullseye] - python3.9 (Minor issue)
- python3.7
- python3.5
@@ -28082,7 +28082,7 @@ CVE-2021-29922 (library/std/src/net/parser.rs in Rust
before 1.53.0 does not pro
NOTE:
https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-015.md
CVE-2021-29921 (In Python before 3,9,5, the ipaddress library mishandles
leading zero ...)
[experimental] - python3.9 3.9.5-1
- - python3.9 (bug #989195)
+ - python3.9 3.9.7-1 (bug #989195)
[bullseye] - python3.9 (Minor issue)
NOTE: https://bugs.python.org/issue36384#msg392423
NOTE:
https://github.com/python/cpython/commit/60ce8f0be6354ad565393ab449d8de5d713f35bc
(v3.10.0b1)
@@ -32518,7 +32518,7 @@ CVE-2021-28374 (The Debian courier-authlib package
before 0.71.1-2 for Courier A
CVE-2021-3426 (There's a flaw in Python 3's pydoc. A local or adjacent
attacker who d ...)
{DLA-2619-1}
[experimental] - python3.9 3.9.3-1
- - python3.9
+ - python3.9 3.9.7-1
[bullseye] - python3.9 (Minor issue)
- python3.7
[buster] - python3.7 (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b206e7d842e6153b4cb2563cd2ce46681b1c18e1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b206e7d842e6153b4cb2563cd2ce46681b1c18e1
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2765-1 for mupdf
Anton Gladky pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f4858ea2 by Anton Gladky at 2021-09-23T20:42:13+02:00
Reserve DLA-2765-1 for mupdf
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[23 Sep 2021] DLA-2765-1 mupdf - security update
+ {CVE-2016-10246 CVE-2016-10247 CVE-2017-6060 CVE-2018-10289
CVE-2018-136 CVE-2020-19609}
+ [stretch] - mupdf 1.14.0+ds1-4+deb9u1
[22 Sep 2021] DLA-2764-1 tomcat8 - security update
{CVE-2021-41079}
[stretch] - tomcat8 8.5.54-0+deb9u8
=
data/dla-needed.txt
=
@@ -60,9 +60,6 @@ mosquitto
NOTE: 20210805: coordinating upload to buster before DLA for Stretch
(codehelp)
NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable
code not accessible. (codehelp)
--
-mupdf (Anton Gladky)
- NOTE: 20210817: fix for CVE-2020-19609 and CVE-2021-37220 in buster are to
be put into a point release.
---
ntfs-3g (Abhijith PA)
--
nvidia-graphics-drivers
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4858ea2b01b88925584bcbcf4b9f3edd4936a30
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4858ea2b01b88925584bcbcf4b9f3edd4936a30
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: unclaim libxstream-java
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: cc744cf2 by Anton Gladky at 2021-09-23T20:10:52+02:00 LTS: unclaim libxstream-java - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -49,7 +49,7 @@ jsoup (Markus Koschany) krb5 (Adrian Bunk) NOTE: 20210905: testing fixes -- -libxstream-java (Anton Gladky) +libxstream-java NOTE: 20210901: See thread at https://www.mail-archive.com/debian-lts@lists.debian.org/msg09588.html -- linux (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc744cf249af483728b45befab38991764049039 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc744cf249af483728b45befab38991764049039 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: take ffmpeg
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: be685423 by Anton Gladky at 2021-09-23T19:43:02+02:00 LTS: take ffmpeg - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -35,7 +35,7 @@ debian-archive-keyring (Utkarsh) NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html NOTE: 20210920: Raphael answered. will backport today. (utkarsh) -- -ffmpeg +ffmpeg (Anton Gladky) NOTE: probably wait until stuff is fixed in Buster -- fig2dev (Markus Koschany) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be6854237f1c6096bac104059eed9cf796d9f288 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be6854237f1c6096bac104059eed9cf796d9f288 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim fig2dev in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 0cff7c47 by Markus Koschany at 2021-09-23T19:40:36+02:00 Claim fig2dev in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -38,7 +38,7 @@ debian-archive-keyring (Utkarsh) ffmpeg NOTE: probably wait until stuff is fixed in Buster -- -fig2dev +fig2dev (Markus Koschany) -- firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cff7c47ece1bf430bf4914a516f9e4a61566c50 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cff7c47ece1bf430bf4914a516f9e4a61566c50 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] follow security team and maintainer and mark two CVEs of gtkpod as for Stretch
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 8911d82e by Thorsten Alteholz at 2021-09-23T18:35:39+02:00 follow security team and maintainer and mark two CVEs of gtkpod as ignored for Stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9985,6 +9985,7 @@ CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley 20210124. - gtkpod (bug #993376) [bullseye] - gtkpod (Minor issue) [buster] - gtkpod (Minor issue) + [stretch] - gtkpod (Minor issue) NOTE: https://github.com/wez/atomicparsley/commit/d72ccf06c98259d7261e0f3ac4fd8717778782c1 NOTE: https://github.com/wez/atomicparsley/issues/32 CVE-2021-37231 (A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499 ...) @@ -9992,6 +9993,7 @@ CVE-2021-37231 (A stack-buffer-overflow occurs in Atomicparsley 20210124.204813. - gtkpod (bug #993375) [bullseye] - gtkpod (Minor issue) [buster] - gtkpod (Minor issue) + [stretch] - gtkpod (Minor issue) NOTE: https://github.com/wez/atomicparsley/issues/30 NOTE: https://github.com/wez/atomicparsley/pull/31#issue-687280335 CVE-2021-37230 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8911d82e11af24b2cab38dcc3dd8ebdff29831da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8911d82e11af24b2cab38dcc3dd8ebdff29831da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla-needed.txt: Update note for redis.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: c6db76fe by Chris Lamb at 2021-09-23T17:08:03+01:00 dla-needed.txt: Update note for redis. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -88,6 +88,7 @@ qtbase-opensource-src (Utkarsh) NOTE: 20210914: needs further checking for vulnerability. (utkarsh) -- redis (Chris Lamb) + NOTE: 20210923: Origins murky; may not even be a security issue. (lamby) -- ruby2.3 NOTE: 20210802: Utkarsh already uploaded a fix for sid/bullseye. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6db76fe127c14c822e5a0a88484726829ea2afe -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6db76fe127c14c822e5a0a88484726829ea2afe You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: add ffmpeg
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 49bfc022 by Thorsten Alteholz at 2021-09-23T17:48:55+02:00 add ffmpeg - - - - - 22a2ee73 by Thorsten Alteholz at 2021-09-23T17:50:01+02:00 follow security team and mark CVE-2021-33362 as ignored for Stretch - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -19017,6 +19017,7 @@ CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function i - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) = data/dla-needed.txt = @@ -35,6 +35,9 @@ debian-archive-keyring (Utkarsh) NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html NOTE: 20210920: Raphael answered. will backport today. (utkarsh) -- +ffmpeg + NOTE: probably wait until stuff is fixed in Buster +-- fig2dev -- firmware-nonfree View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f50af7b6fb69137433480780eb7983eb9d5e2000...22a2ee73cccfaf48613c6d161e6f48ce45b19294 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f50af7b6fb69137433480780eb7983eb9d5e2000...22a2ee73cccfaf48613c6d161e6f48ce45b19294 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: add curl
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 3c7872af by Thorsten Alteholz at 2021-09-23T17:30:38+02:00 add curl - - - - - f50af7b6 by Thorsten Alteholz at 2021-09-23T17:37:01+02:00 add redis - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -29,6 +29,8 @@ cacti (Roberto C. Sánchez) NOTE: 20210829: not really sure whether affected, please recheck NOTE: 20210914: still assessing whether or not affected (roberto) -- +curl (Thorsten Alteholz) +-- debian-archive-keyring (Utkarsh) NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html NOTE: 20210920: Raphael answered. will backport today. (utkarsh) @@ -82,6 +84,8 @@ python-babel qtbase-opensource-src (Utkarsh) NOTE: 20210914: needs further checking for vulnerability. (utkarsh) -- +redis (Chris Lamb) +-- ruby2.3 NOTE: 20210802: Utkarsh already uploaded a fix for sid/bullseye. (utkarsh) NOTE: 20210816: wip, backporting patches; a bit hard. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/30e5ff86074d0b1d1a9624c46f4336d6c2d2f43c...f50af7b6fb69137433480780eb7983eb9d5e2000 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/30e5ff86074d0b1d1a9624c46f4336d6c2d2f43c...f50af7b6fb69137433480780eb7983eb9d5e2000 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: add fig2dev
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: f1305d96 by Thorsten Alteholz at 2021-09-23T17:26:59+02:00 add fig2dev - - - - - e48462ca by Thorsten Alteholz at 2021-09-23T17:27:00+02:00 follow security team and mark CVEs of libsolv as no-dsa - - - - - 30e5ff86 by Thorsten Alteholz at 2021-09-23T17:27:02+02:00 follow security team and mark CVEs of vim as no-dsa - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -1514,6 +1514,7 @@ CVE-2021-3796 (vim is vulnerable to Use After Free ...) - vim (bug #994497) [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) + [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d/ NOTE: https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3 (v8.2.3428) CVE-2021-3795 (semver-regex is vulnerable to Inefficient Regular Expression Complexit ...) @@ -1957,6 +1958,7 @@ CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim (bug #994498) [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) + [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273 NOTE: https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f (v8.2.3409) CVE-2021-3777 (nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity ...) @@ -2347,6 +2349,7 @@ CVE-2021-3770 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim (bug #994076) [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) + [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/ NOTE: Fixed by: https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 (v8.2.3402) NOTE: Followup fix for introduced memory leak: https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1b6e08e (v8.2.3403) @@ -17534,6 +17537,7 @@ CVE-2021-33939 CVE-2021-33938 (Buffer overflow vulnerability in function prune_to_recommended in src/ ...) - libsolv 0.7.17-1 [buster] - libsolv (Minor issue) + [stretch] - libsolv (Minor issue) NOTE: https://github.com/openSUSE/libsolv/issues/420 NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) CVE-2021-33937 @@ -17553,16 +17557,19 @@ CVE-2021-33931 CVE-2021-33930 (Buffer overflow vulnerability in function pool_installable_whatprovide ...) - libsolv 0.7.17-1 [buster] - libsolv (Minor issue) + [stretch] - libsolv (Minor issue) NOTE: https://github.com/openSUSE/libsolv/issues/417 NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) CVE-2021-33929 (Buffer overflow vulnerability in function pool_disabled_solvable in sr ...) - libsolv 0.7.17-1 [buster] - libsolv (Minor issue) + [stretch] - libsolv (Minor issue) NOTE: https://github.com/openSUSE/libsolv/issues/417 NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) CVE-2021-33928 (Buffer overflow vulnerability in function pool_installable in src/repo ...) - libsolv 0.7.17-1 [buster] - libsolv (Minor issue) + [stretch] - libsolv (Minor issue) NOTE: https://github.com/openSUSE/libsolv/issues/417 NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) CVE-2021-33927 = data/dla-needed.txt = @@ -33,6 +33,8 @@ debian-archive-keyring (Utkarsh) NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html NOTE: 20210920: Raphael answered. will backport today. (utkarsh) -- +fig2dev +-- firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ef0fe6e5ab9c57627cfbf720a19fa07b76401bff...30e5ff86074d0b1d1a9624c46f4336d6c2d2f43c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ef0fe6e5ab9c57627cfbf720a19fa07b76401bff...30e5ff86074d0b1d1a9624c46f4336d6c2d2f43c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ef0fe6e5 by Moritz Muehlenhoff at 2021-09-23T16:48:29+02:00 buster/bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1610,6 +1610,7 @@ CVE-2021-40824 (A logic error in the room key sharing functionality of Element A CVE-2021-40823 (A logic error in the room key sharing functionality of matrix-js-sdk ( ...) - element-web (bug #866502) - node-matrix-js-sdk (bug #994213) + [bullseye] - node-matrix-js-sdk (Minor issue) NOTE: https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing/ NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9 (v12.4.1) CVE-2021-40822 @@ -3210,6 +3211,7 @@ CVE-2021-3737 [client can enter an infinite loop on a 100 Continue response from RESERVED [experimental] - python3.9 3.9.6-1 - python3.9 + [bullseye] - python3.9 (Minor issue) - python3.7 - python3.5 - python3.4 @@ -6771,6 +6773,7 @@ CVE-2021-38598 (OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 NOTE: https://review.opendev.org/c/openstack/neutron/+/785917/ CVE-2021-38597 (wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain si ...) - wolfssl (bug #992174) + [bullseye] - wolfssl (Minor issue) NOTE: https://github.com/wolfSSL/wolfssl/commit/f93083be72a3b3d956b52a7ec13f307a27b6e093 CVE-2021-38596 RESERVED @@ -6922,6 +6925,8 @@ CVE-2019-25052 (In Linaro OP-TEE before 3.7.0, by using inconsistent or malforme NOT-FOR-US: Linaro/OP-TEE OP-TEE CVE-2021-38511 (An issue was discovered in the tar crate before 0.4.36 for Rust. When ...) - rust-tar (bug #992173) + [bullseye] - rust-tar (Minor issue) + [buster] - rust-tar (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0080.html NOTE: https://github.com/alexcrichton/tar-rs/issues/238 CVE-2021-38540 (The variable import endpoint was not protected by authentication in Ai ...) @@ -7263,16 +7268,19 @@ CVE-2021-38383 (OwnTone (aka owntone-server) through 28.1 has a use-after-free i NOT-FOR-US: OwnTone CVE-2021-38382 (Live555 through 1.08 does not handle Matroska and Ogg files properly. ...) - liblivemedia + [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021959.html NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.06] CVE-2021-38381 (Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sendi ...) - liblivemedia + [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021961.html NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09] CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3 stream, ...) - liblivemedia + [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021954.html NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04] @@ -20262,6 +20270,7 @@ CVE-2021-32840 RESERVED CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In sqlparse ...) - sqlparse (bug #994841) + [bullseye] - sqlparse (Minor issue) [buster] - sqlparse (Vulnerable code introduced later) [stretch] - sqlparse (Vulnerable code introduced later) NOTE: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf @@ -28064,6 +28073,7 @@ CVE-2021-29922 (library/std/src/net/parser.rs in Rust before 1.53.0 does not pro CVE-2021-29921 (In Python before 3,9,5, the ipaddress library mishandles leading zero ...) [experimental] - python3.9 3.9.5-1 - python3.9 (bug #989195) + [bullseye] - python3.9 (Minor issue) NOTE: https://bugs.python.org/issue36384#msg392423 NOTE: https://github.com/python/cpython/commit/60ce8f0be6354ad565393ab449d8de5d713f35bc (v3.10.0b1) NOTE: https://github.com/python/cpython/commit/5374fbc31446364bf5f12e5ab88c5493c35eaf04 (v3.9.5) @@ -65215,6 +65225,7 @@ CVE-2020-27512 RESERVED CVE-2020-27511 (An issue was discovered in the stripTags and unescapeHTML components i ...) - prototypejs (bug #991898) + [bullseye] - prototypejs (Minor issue) NOTE: https://github.com/prototypejs/prototype/blame/dee2f7d8611248abce81287e1be4156011953c90/src/prototype/lang/string.js#L283 NOTE:
[Git][security-tracker-team/security-tracker][master] dla: claim apache2
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d191a6c by Sylvain Beucler at 2021-09-23T14:49:42+02:00 dla: claim apache2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -23,7 +23,7 @@ ansible (Lee Garrett) NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- -apache2 +apache2 (Sylvain Beucler) -- cacti (Roberto C. Sánchez) NOTE: 20210829: not really sure whether affected, please recheck View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d191a6c9da118aa0ee0737d987e0ff5313d4ad4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d191a6c9da118aa0ee0737d987e0ff5313d4ad4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] nodejs n/a
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 039aa5e5 by Moritz Muehlenhoff at 2021-09-23T14:21:01+02:00 nodejs n/a - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -44759,9 +44759,8 @@ CVE-2021-22933 (A vulnerability in Pulse Connect Secure before 9.1R12 could allo CVE-2021-22932 (An issue has been identified in the CTX269106 mitigation tool for Citr ...) NOT-FOR-US: Citrix CVE-2021-22931 (Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Co ...) - - nodejs + - nodejs (Debian builds nodejs against src:c-ares) NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#cares-upgrade-improper-handling-of-untypical-characters-in-domain-names-high-cve-2021-22931 - TODO: check, nodejs uses system c-ares which fixed CVE-2021-3672 and so this entry might be not-affected CVE-2021-22930 [Use after free on close http2 on stream canceling] RESERVED - nodejs 12.22.4~dfsg-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/039aa5e57bcddcb4e0441791a42ce32ab7c73232 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/039aa5e57bcddcb4e0441791a42ce32ab7c73232 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Drop wordpress from dla-needed
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f833d8f by Utkarsh Gupta at 2021-09-23T16:32:40+05:30 Drop wordpress from dla-needed - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -5454,6 +5454,7 @@ CVE-2021-39202 (WordPress is a free and open-source content management system wr NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297 CVE-2021-39201 (WordPress is a free and open-source content management system written ...) - wordpress 5.8.1+dfsg1-1 (bug #994059) + [stretch] - wordpress (Vulnerable code added later) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-wh69-25hr-h94v CVE-2021-39200 (WordPress is a free and open-source content management system written ...) - wordpress 5.8.1+dfsg1-1 (bug #994060) = data/dla-needed.txt = @@ -105,5 +105,3 @@ squashfs-tools (Thorsten Alteholz) -- tiff (Utkarsh) -- -wordpress --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f833d8f296e17dd6736de48a3d9807a7108459c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f833d8f296e17dd6736de48a3d9807a7108459c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix one small typo
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c6d2282d by Salvatore Bonaccorso at 2021-09-23T12:42:23+02:00
Fix one small typo
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -6203,7 +6203,7 @@ CVE-2021-3712 (ASN.1 strings are represented internally
within OpenSSL as an ASN
CVE-2021-3711 (In order to decrypt SM2 encrypted data an application is
expected to c ...)
{DSA-4963-1}
- openssl 1.1.1l-1
- [stretch] - openssl (supprt for SM2 decryption added in
1.1.1-pre3)
+ [stretch] - openssl (support for SM2 decryption added in
1.1.1-pre3)
- openssl1.0 (Vulnerability does not affect 1.0.2 series)
NOTE: https://www.openssl.org/news/secadv/20210824.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46
(OpenSSL_1_1_1l)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6d2282d87ff10363cfe89ee32bd26d59deb63a1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6d2282d87ff10363cfe89ee32bd26d59deb63a1
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update commit for CVE-2021-40438/apache2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6376a472 by Salvatore Bonaccorso at 2021-09-23T12:39:56+02:00 Update commit for CVE-2021-40438/apache2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2519,8 +2519,7 @@ CVE-2021-40439 CVE-2021-40438 (A crafted request uri-path can cause mod_proxy to forward the request ...) - apache2 2.4.49-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-40438 - NOTE: https://github.com/apache/httpd/commit/fe32f679f4f9da07b04a3387a6623ac45fbc15a1 - TODO: check commit + NOTE: https://github.com/apache/httpd/commit/d4901cb32133bc0e59ad193a29d1665597080d67 CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate addresses ...) - inetutils 2:2.2-1 (bug #993476) [bullseye] - inetutils (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6376a472dc52c5b813697d91e2a2180f3c96f369 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6376a472dc52c5b813697d91e2a2180f3c96f369 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add apache2
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: f1c6f9bb by Thorsten Alteholz at 2021-09-23T12:21:43+02:00 add apache2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -23,6 +23,8 @@ ansible (Lee Garrett) NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- +apache2 +-- cacti (Roberto C. Sánchez) NOTE: 20210829: not really sure whether affected, please recheck NOTE: 20210914: still assessing whether or not affected (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1c6f9bb7dd11f11d438f7904f9f11b8b480014a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1c6f9bb7dd11f11d438f7904f9f11b8b480014a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 4 commits: add wordpress
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f3c34a2 by Thorsten Alteholz at 2021-09-23T11:57:30+02:00 add wordpress - - - - - c1c66ce6 by Thorsten Alteholz at 2021-09-23T11:59:20+02:00 add squashfs-tools - - - - - 864f0882 by Thorsten Alteholz at 2021-09-23T12:02:03+02:00 follow security team and mark some CVEs from gpac as ignored - - - - - d845a7c9 by Thorsten Alteholz at 2021-09-23T12:04:10+02:00 mark several CVEs from ligde265 as postponed until fixed upstream - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -22000,6 +22000,7 @@ CVE-2021-32139 (The gf_isom_vp_config_get function in GPAC 1.0.1 allows attacker - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Vulnerable code introduced later) [buster] - ccextractor (Vulnerable code introduced later) @@ -22009,12 +22010,14 @@ CVE-2021-32138 (The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cau - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/289ffce3e0d224d314f5f92a744d5fe35999f20b NOTE: https://github.com/gpac/gpac/issues/1767 CVE-2021-32137 (Heap buffer overflow in the URL_GetProtocolType function in MP4Box in ...) - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) @@ -22024,6 +22027,7 @@ CVE-2021-32136 (Heap buffer overflow in the print_udta function in MP4Box in GPA - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/eb71812fcc10e9c5348a5d1c61bd25b6fa06eaed NOTE: https://github.com/gpac/gpac/issues/1765 CVE-2021-32135 (The trak_box_size function in GPAC 1.0.1 allows attackers to cause a d ...) @@ -22037,6 +22041,7 @@ CVE-2021-32134 (The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Vulnerable code introduced later) [buster] - ccextractor (Vulnerable code introduced later) @@ -78663,66 +78668,79 @@ CVE-2020-21606 (libde265 v1.0.4 contains a heap buffer overflow fault in the put - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/232 CVE-2020-21605 (libde265 v1.0.4 contains a segmentation fault in the apply_sao_interna ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/234 CVE-2020-21604 (libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/231 CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fa ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/240 CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bi ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/242 CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallb ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed
[Git][security-tracker-team/security-tracker][master] 10 commits: mark CVE-2021-3711 as not-affected for Stretch
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d20ab257 by Thorsten Alteholz at 2021-09-23T11:05:48+02:00
mark CVE-2021-3711 as not-affected for Stretch
- - - - -
ed422429 by Thorsten Alteholz at 2021-09-23T11:39:38+02:00
mark CVE-2021-38575 as no-dsa for Stretch
- - - - -
ef8b13bb by Thorsten Alteholz at 2021-09-23T11:40:55+02:00
mark CVE-2021-32280 as no-dsa for Stretch
- - - - -
e4dba6cd by Thorsten Alteholz at 2021-09-23T11:42:16+02:00
mark CVE-2021-40812 as no-dsa for Stretch
- - - - -
47cc2611 by Thorsten Alteholz at 2021-09-23T11:44:44+02:00
mark CVE-2021-3805 as no-dsa for Stretch
- - - - -
6aa32b6a by Thorsten Alteholz at 2021-09-23T11:45:29+02:00
mark CVE-2021-23440 as no-dsa for Stretch
- - - - -
7f31d374 by Thorsten Alteholz at 2021-09-23T11:50:12+02:00
mark CVE-2021-3807 as not-affected for Stretch
- - - - -
6e88e4b7 by Thorsten Alteholz at 2021-09-23T11:51:42+02:00
mark CVE-2021-40839 as no-dsa for Stretch
- - - - -
84036693 by Thorsten Alteholz at 2021-09-23T11:53:35+02:00
mark CVE-2021-39214 as no-dsa for Stretch
- - - - -
f6bebaed by Thorsten Alteholz at 2021-09-23T11:55:10+02:00
mark CVE-2021-32294 as postponed for Stretch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -575,6 +575,7 @@ CVE-2021-3807 (ansi-regex is vulnerable to Inefficient
Regular Expression Comple
- node-ansi-regex 5.0.1-1 (bug #994568)
[bullseye] - node-ansi-regex (Minor issue)
[buster] - node-ansi-regex (Minor issue)
+ [stretch] - node-ansi-regex (Vulnerable code introduced
later)
NOTE: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
NOTE:
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
(v6.0.1)
CVE-2021-3806 (A path traversal vulnerability on Pardus Software Center's
"extractArc ...)
@@ -583,6 +584,7 @@ CVE-2021-3805 (object-path is vulnerable to Improperly
Controlled Modification o
- node-object-path 0.11.8-1
[bullseye] - node-object-path (Minor issue)
[buster] - node-object-path (Minor issue)
+ [stretch] - node-object-path (Minor issue)
NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053
NOTE:
https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6
CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring
Boot, a ...)
@@ -1572,6 +1574,7 @@ CVE-2021-40839 (The rencode package through 1.0.6 for
Python allows an infinite
- python-rencode 1.0.6-2
[bullseye] - python-rencode (Minor issue)
[buster] - python-rencode (Minor issue)
+ [stretch] - python-rencode (Minor issue)
NOTE:
https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75
NOTE: https://github.com/aresch/rencode/pull/29
CVE-2021-40838
@@ -1665,6 +1668,7 @@ CVE-2021-40812 (The GD Graphics Library (aka LibGD)
through 2.3.2 has an out-of-
- libgd2
[bullseye] - libgd2 (Minor issue)
[buster] - libgd2 (Minor issue)
+ [stretch] - libgd2 (Minor issue)
NOTE: https://github.com/libgd/libgd/issues/750#issuecomment-914872385
NOTE:
https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9
CVE-2021-40811
@@ -5410,6 +5414,7 @@ CVE-2021-39214 (mitmproxy is an interactive,
SSL/TLS-capable intercepting proxy.
- mitmproxy (bug #994570)
[bullseye] - mitmproxy (Minor issue)
[buster] - mitmproxy (Minor issue)
+ [stretch] - mitmproxy (Minor issue)
NOTE:
https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38
CVE-2021-39213 (GLPI is a free Asset and IT management software package.
Starting in v ...)
- glpi (unimportant)
@@ -6199,6 +6204,7 @@ CVE-2021-3712 (ASN.1 strings are represented internally
within OpenSSL as an ASN
CVE-2021-3711 (In order to decrypt SM2 encrypted data an application is
expected to c ...)
{DSA-4963-1}
- openssl 1.1.1l-1
+ [stretch] - openssl (supprt for SM2 decryption added in
1.1.1-pre3)
- openssl1.0 (Vulnerability does not affect 1.0.2 series)
NOTE: https://www.openssl.org/news/secadv/20210824.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46
(OpenSSL_1_1_1l)
@@ -6820,6 +6826,7 @@ CVE-2021-38575 [edk2: remote buffer overflow in
IScsiHexToBin function in Networ
- edk2 2021.08-1
[bullseye] - edk2 (Minor issue)
[buster] - edk2 (Minor issue)
+ [stretch] - edk2 (Minor issue)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
NOTE: https://edk2.groups.io/g/devel/message/76198
NOTE: https://github.com/tianocore/edk2/pull/1698
@@ -21645,6 +21652,7 @@ CVE-2021-32294 (An
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1561d719 by Moritz Muehlenhoff at 2021-09-23T10:23:17+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8005,7 +8005,7 @@ CVE-2021-3683 CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) t ...) NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif) CVE-2021-38112 (In the Amazon AWS WorkSpaces client before 3.1.9 on Windows, argument ...) - TODO: check + NOT-FOR-US: Amazon AWS client for Windows CVE-2021-38111 (The DEF CON 27 badge allows remote attackers to exploit a buffer overf ...) NOT-FOR-US: DEF CON 27 badge CVE-2021-38110 @@ -141541,7 +141541,7 @@ CVE-2019-16653 (An application plugin in Genius Bytes Genius Server (Genius CDDS CVE-2019-16652 (The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 al ...) NOT-FOR-US: Genius Bytes Genius Server (Genius CDDS) CVE-2019-16651 (An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG ...) - TODO: check + NOT-FOR-US: Virgin Media Super Hub CVE-2019-16650 (On Supermicro X10 and X11 products, a client's access privileges may b ...) NOT-FOR-US: Supermicro CVE-2019-16649 (On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1561d719b09cd8ddc265547a1b892bcf241852c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1561d719b09cd8ddc265547a1b892bcf241852c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
43a85d99 by Salvatore Bonaccorso at 2021-09-23T10:21:50+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -15653,13 +15653,13 @@ CVE-2021-34772
CVE-2021-34771 (A vulnerability in the Cisco IOS XR Software CLI could allow
an authen ...)
NOT-FOR-US: Cisco
CVE-2021-34770 (A vulnerability in the Control and Provisioning of Wireless
Access Poi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34769 (Multiple vulnerabilities in the Control and Provisioning of
Wireless A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34768 (Multiple vulnerabilities in the Control and Provisioning of
Wireless A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34767 (A vulnerability in IPv6 traffic processing of Cisco IOS XE
Wireless Co ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34766
RESERVED
CVE-2021-34765 (A vulnerability in the web UI for Cisco Nexus Insights could
allow an ...)
@@ -15713,7 +15713,7 @@ CVE-2021-34742
CVE-2021-34741
RESERVED
CVE-2021-34740 (A vulnerability in the WLAN Control Protocol (WCP)
implementation for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34739
RESERVED
CVE-2021-34738
@@ -15735,19 +15735,19 @@ CVE-2021-34731
CVE-2021-34730 (A vulnerability in the Universal Plug-and-Play (UPnP) service
of Cisco ...)
NOT-FOR-US: Cisco
CVE-2021-34729 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and
Cisco I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34728 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software
could all ...)
NOT-FOR-US: Cisco
CVE-2021-34727 (A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN
Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34726 (A vulnerability in the CLI of Cisco SD-WAN Software could
allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34725 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software
could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34724 (A vulnerability in the Cisco IOS XE SD-WAN Software CLI could
allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34723 (A vulnerability in a specific CLI command that is run on Cisco
IOS XE ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34722 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software
could all ...)
NOT-FOR-US: Cisco
CVE-2021-34721 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software
could all ...)
@@ -15765,11 +15765,11 @@ CVE-2021-34716 (A vulnerability in the web-based
management interface of Cisco E
CVE-2021-34715 (A vulnerability in the image verification function of Cisco
Expressway ...)
NOT-FOR-US: Cisco
CVE-2021-34714 (A vulnerability in the Unidirectional Link Detection (UDLD)
feature of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34713 (A vulnerability in the Layer 2 punt code of Cisco IOS XR
Software runn ...)
NOT-FOR-US: Cisco
CVE-2021-34712 (A vulnerability in the web-based management interface of Cisco
SD-WAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34711
RESERVED
CVE-2021-34710
@@ -15783,11 +15783,11 @@ CVE-2021-34707 (A vulnerability in the REST API of
Cisco Evolved Programmable Ne
CVE-2021-34706
RESERVED
CVE-2021-34705 (A vulnerability in the Voice Telephony Service Provider (VTSP)
service ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34704
RESERVED
CVE-2021-34703 (A vulnerability in the Link Layer Discovery Protocol (LLDP)
message pa ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34702
RESERVED
CVE-2021-34701
@@ -15795,13 +15795,13 @@ CVE-2021-34701
CVE-2021-34700 (A vulnerability in the CLI interface of Cisco SD-WAN vManage
Software ...)
NOT-FOR-US: Cisco
CVE-2021-34699 (A vulnerability in the TrustSec CLI parser of Cisco IOS and
Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34698
RESERVED
CVE-2021-34697 (A vulnerability in the Protection Against Distributed Denial
of Servic ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-34696 (A vulnerability in the access control list (ACL) programming
of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-3605 (There's a flaw in OpenEXR's rleUncompress functionality in
versions pr ...)
{DLA-2732-1}
- openexr 2.5.7-1 (bug #990899)
@@ -58935,35 +58935,35 @@ CVE-2020-28640
CVE-2020-28639
RESERVED
CVE-2021-1625 (A vulnerability in the Zone-Based Policy Firewall feature of
Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1624 (A vulnerability in the Rate Limiting Network
[Git][security-tracker-team/security-tracker][master] add status update for ffmpeg
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5a5cecf8 by Moritz Muehlenhoff at 2021-09-23T10:19:51+02:00 add status update for ffmpeg - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -25,6 +25,7 @@ chromium djvulibre -- ffmpeg/oldstable (jmm) + 4.1.7 fixes a number of bugs, but several further one in the 4.1 branch, reaching out for a 4.1.8 release date -- icu -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a5cecf8d89f4585e41ef14d2a0a4e46e86754ea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a5cecf8d89f4585e41ef14d2a0a4e46e86754ea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a695e6a by security tracker role at 2021-09-23T08:10:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2021-41570 + RESERVED +CVE-2021-41569 + RESERVED +CVE-2021-3826 + RESERVED CVE-2021-41568 RESERVED CVE-2021-41567 @@ -15646,14 +15652,14 @@ CVE-2021-34772 RESERVED CVE-2021-34771 (A vulnerability in the Cisco IOS XR Software CLI could allow an authen ...) NOT-FOR-US: Cisco -CVE-2021-34770 - RESERVED -CVE-2021-34769 - RESERVED -CVE-2021-34768 - RESERVED -CVE-2021-34767 - RESERVED +CVE-2021-34770 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) + TODO: check +CVE-2021-34769 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) + TODO: check +CVE-2021-34768 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) + TODO: check +CVE-2021-34767 (A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Co ...) + TODO: check CVE-2021-34766 RESERVED CVE-2021-34765 (A vulnerability in the web UI for Cisco Nexus Insights could allow an ...) @@ -15706,8 +15712,8 @@ CVE-2021-34742 RESERVED CVE-2021-34741 RESERVED -CVE-2021-34740 - RESERVED +CVE-2021-34740 (A vulnerability in the WLAN Control Protocol (WCP) implementation for ...) + TODO: check CVE-2021-34739 RESERVED CVE-2021-34738 @@ -15728,20 +15734,20 @@ CVE-2021-34731 RESERVED CVE-2021-34730 (A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco ...) NOT-FOR-US: Cisco -CVE-2021-34729 - RESERVED +CVE-2021-34729 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco I ...) + TODO: check CVE-2021-34728 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) NOT-FOR-US: Cisco -CVE-2021-34727 - RESERVED -CVE-2021-34726 - RESERVED -CVE-2021-34725 - RESERVED -CVE-2021-34724 - RESERVED -CVE-2021-34723 - RESERVED +CVE-2021-34727 (A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software ...) + TODO: check +CVE-2021-34726 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) + TODO: check +CVE-2021-34725 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) + TODO: check +CVE-2021-34724 (A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an ...) + TODO: check +CVE-2021-34723 (A vulnerability in a specific CLI command that is run on Cisco IOS XE ...) + TODO: check CVE-2021-34722 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) NOT-FOR-US: Cisco CVE-2021-34721 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) @@ -15758,12 +15764,12 @@ CVE-2021-34716 (A vulnerability in the web-based management interface of Cisco E NOT-FOR-US: Cisco CVE-2021-34715 (A vulnerability in the image verification function of Cisco Expressway ...) NOT-FOR-US: Cisco -CVE-2021-34714 - RESERVED +CVE-2021-34714 (A vulnerability in the Unidirectional Link Detection (UDLD) feature of ...) + TODO: check CVE-2021-34713 (A vulnerability in the Layer 2 punt code of Cisco IOS XR Software runn ...) NOT-FOR-US: Cisco -CVE-2021-34712 - RESERVED +CVE-2021-34712 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) + TODO: check CVE-2021-34711 RESERVED CVE-2021-34710 @@ -15776,26 +15782,26 @@ CVE-2021-34707 (A vulnerability in the REST API of Cisco Evolved Programmable Ne NOT-FOR-US: Cisco CVE-2021-34706 RESERVED -CVE-2021-34705 - RESERVED +CVE-2021-34705 (A vulnerability in the Voice Telephony Service Provider (VTSP) service ...) + TODO: check CVE-2021-34704 RESERVED -CVE-2021-34703 - RESERVED +CVE-2021-34703 (A vulnerability in the Link Layer Discovery Protocol (LLDP) message pa ...) + TODO: check CVE-2021-34702 RESERVED CVE-2021-34701 RESERVED CVE-2021-34700 (A vulnerability in the CLI interface of Cisco SD-WAN vManage Software ...) NOT-FOR-US: Cisco -CVE-2021-34699 - RESERVED +CVE-2021-34699 (A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS ...) + TODO: check CVE-2021-34698 RESERVED -CVE-2021-34697 - RESERVED -CVE-2021-34696 - RESERVED +CVE-2021-34697 (A vulnerability in the Protection Against Distributed Denial of Servic ...) + TODO: check +CVE-2021-34696 (A vulnerability in the access control list (ACL) programming of Cisco ...) + TODO: check CVE-2021-3605 (There's a flaw in OpenEXR's rleUncompress
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-20315/gnome-shell
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e3b70e89 by Salvatore Bonaccorso at 2021-09-23T08:22:50+02:00
Add CVE-2021-20315/gnome-shell
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -52463,8 +52463,11 @@ CVE-2021-20317
RESERVED
CVE-2021-20316
RESERVED
-CVE-2021-20315
+CVE-2021-20315 [locking protection bypass allow unauthorized user to kill
existing applications or start new ones]
RESERVED
+ - gnome-shell
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006285
+ TODO: check, possibly Red Hat specific as issue introduced of
backporting features to CentOS 8 Streams
CVE-2021-20314 (Stack buffer overflow in libspf2 versions below 1.2.11 when
processing ...)
{DSA-4955-1 DLA-2739-1}
- libspf2 1.2.10-7.1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3b70e8924f7abe11a23855b5d49c1d739bca3db
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3b70e8924f7abe11a23855b5d49c1d739bca3db
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
