Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 12d7286f by Moritz Mühlenhoff at 2021-04-20T20:50:32+02:00 nim fixed in sid (was apparently meant to target experimental, though) various bugs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2149,13 +2149,13 @@ CVE-2021-30500 NOTE: https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc CVE-2021-30499 RESERVED - - libcaca <unfixed> + - libcaca <unfixed> (bug #987278) [buster] - libcaca <no-dsa> (Minor issue) [stretch] - libcaca <postponed> (Minor issue; can be fixed in next update) NOTE: https://github.com/cacalabs/libcaca/issues/54 CVE-2021-30498 RESERVED - - libcaca <unfixed> + - libcaca <unfixed> (bug #987278) [buster] - libcaca <no-dsa> (Minor issue) [stretch] - libcaca <postponed> (Minor issue; can be fixed in next update) NOTE: https://github.com/cacalabs/libcaca/issues/53 @@ -4519,12 +4519,14 @@ CVE-2021-29460 CVE-2021-29459 RESERVED CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - - exiv2 <unfixed> + - exiv2 <unfixed> (bug #987277) + [buster] - exiv2 <no-dsa> (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5 NOTE: https://github.com/Exiv2/exiv2/issues/1530 NOTE: https://github.com/Exiv2/exiv2/pull/1536 CVE-2021-29457 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - - exiv2 <unfixed> + - exiv2 <unfixed> (bug #987277) + [buster] - exiv2 <no-dsa> (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm NOTE: https://github.com/Exiv2/exiv2/issues/1529 NOTE: https://github.com/Exiv2/exiv2/pull/1534 @@ -4826,7 +4828,7 @@ CVE-2021-29340 CVE-2021-29339 RESERVED CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash t ...) - - openjpeg2 <unfixed> + - openjpeg2 <unfixed> (bug #987276) [buster] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1338 CVE-2021-29337 @@ -7118,7 +7120,7 @@ CVE-2021-28307 (An issue was discovered in the fltk crate before 0.15.3 for Rust CVE-2021-28306 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...) NOT-FOR-US: Rust craste fltk CVE-2021-28305 (An issue was discovered in the diesel crate before 1.4.6 for Rust. The ...) - - rust-diesel <unfixed> + - rust-diesel <unfixed> (bug #987275) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0037.html CVE-2021-28304 RESERVED @@ -19753,7 +19755,7 @@ CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, NOTE: https://github.com/rails/rails/commit/eddda4d8fb6b6508e11196b14494ceac37b57339 (main) NOTE: https://github.com/rails/rails/commit/879d02107b5b3eb7aeaad1cd1f259bb41f17286b (v6.0.3.5) CVE-2021-22879 (Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource inje ...) - - nextcloud-desktop <unfixed> + - nextcloud-desktop <unfixed> (bug #987274) [buster] - nextcloud-desktop <no-dsa> (Minor issue) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2021-008 NOTE: https://github.com/nextcloud/desktop/pull/2906 @@ -22162,7 +22164,7 @@ CVE-2021-21785 CVE-2021-21784 (An out-of-bounds write vulnerability exists in the JPG format SOF mark ...) NOT-FOR-US: Accusoft ImageGear CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing plugin func ...) - - gsoap <unfixed> + - gsoap <unfixed> (bug #987273) [buster] - gsoap <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245 CVE-2021-21782 (An out-of-bounds write vulnerability exists in the SGI format buffer s ...) @@ -24270,17 +24272,17 @@ CVE-2021-21375 (PJSIP is a free and open source multimedia communication library NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp NOTE: https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365 CVE-2021-21374 (Nimble is a package manager for the Nim programming language. In Nim r ...) - - nim <unfixed> + - nim 1.4.6-1 (bug #987272) [buster] - nim <no-dsa> (Minor issue) [stretch] - nim <postponed> (Minor issue; can be fixed in next update) NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/ CVE-2021-21373 (Nimble is a package manager for the Nim programming language. In Nim r ...) - - nim <unfixed> + - nim 1.4.6-1 (bug #987272) [buster] - nim <no-dsa> (Minor issue) [stretch] - nim <postponed> (Minor issue; can be fixed in next update) NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/ CVE-2021-21372 (Nimble is a package manager for the Nim programming language. In Nim r ...) - - nim <unfixed> + - nim 1.4.6-1 (bug #987272) [buster] - nim <no-dsa> (Minor issue) [stretch] - nim <postponed> (Minor issue; can be fixed in next update) NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12d7286f1f101e0db3666fa358270b43deb2b378 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12d7286f1f101e0db3666fa358270b43deb2b378 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits