Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c3d41057 by Salvatore Bonaccorso at 2021-02-18T21:19:13+01:00
Add CVE-2021-27379/xen
- - - - -
7f652621 by Salvatore Bonaccorso at 2021-02-18T21:22:09+01:00
CVE-2021-26933: Update end-of-life entry
As the referenced commit leads to a 404 on gitlab.com. This is in sync
with previous markings as well.
- - - - -
a8771e09 by Salvatore Bonaccorso at 2021-02-18T21:28:56+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43,7 +43,8 @@ CVE-2021-27381
CVE-2021-27380
RESERVED
CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86
Intel HVM ...)
- TODO: check
+ - xen <unfixed>
+ NOTE: https://xenbits.xen.org/xsa/advisory-366.html
CVE-2021-27378 (An issue was discovered in the rand_core crate before 0.6.2
for Rust. ...)
- rust-rand-core <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0023.html
@@ -134,7 +135,7 @@ CVE-2021-27337
CVE-2021-27336
RESERVED
CVE-2021-27335 (KollectApps before 4.8.16c is affected by insecure Java
deserializatio ...)
- TODO: check
+ NOT-FOR-US: KollectApps
CVE-2021-27334
RESERVED
CVE-2021-27333
@@ -146,7 +147,7 @@ CVE-2021-27331
CVE-2021-27330
RESERVED
CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS
lookups or ...)
- TODO: check
+ NOT-FOR-US: Friendica
CVE-2021-27328
RESERVED
CVE-2021-27327
@@ -995,7 +996,7 @@ CVE-2021-26934 (An issue was discovered in the Linux kernel
4.18 through 5.10.16
NOTE: update SUPPORT.md to explicitly document the fact.
CVE-2021-26933 (An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a
guest is ...)
- xen <unfixed>
- [stretch] - xen <end-of-life> (not supported; see
https://gitlab.com/freexian-lts/debian-lts/-/commit/1b701a243a893d6cce6e59778b525407d560ab91)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-364.html
CVE-2021-26932 (An issue was discovered in the Linux kernel 3.2 through
5.10.16, as us ...)
- linux <unfixed>
@@ -1058,7 +1059,7 @@ CVE-2021-26913 (NetMotion Mobility before 11.73 and 12.x
before 12.02 allows una
CVE-2021-26912 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows
unauthent ...)
NOT-FOR-US: NetMotion Mobility
CVE-2021-26911 (core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has
Missing SSL ...)
- TODO: check
+ NOT-FOR-US: Canary Mail
CVE-2021-26909
RESERVED
CVE-2021-26908
@@ -2596,7 +2597,7 @@ CVE-2020-36235 (Affected versions of Atlassian Jira
Server and Data Center allow
CVE-2020-36234 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
NOT-FOR-US: Atlassian
CVE-2020-36233 (The Microsoft Windows Installer for Atlassian Bitbucket Server
and Dat ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2020-36232
RESERVED
CVE-2020-36231 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
@@ -3102,7 +3103,7 @@ CVE-2021-26070
CVE-2021-26069
RESERVED
CVE-2021-26068 (An endpoint in Atlassian Jira Server for Slack plugin from
version 0.0 ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2021-26067 (Affected versions of Atlassian Bamboo allow an unauthenticated
remote ...)
NOT-FOR-US: Atlassian
CVE-2021-26066
@@ -15380,7 +15381,7 @@ CVE-2020-35579 (tindy2013 subconverter 0.6.4 has a
/sub?target=%TARGET%&url=
CVE-2020-35578 (An issue was discovered in the Manage Plugins page in Nagios
XI before ...)
NOT-FOR-US: Nagios XI
CVE-2020-35577 (In Endalia Selection Portal before 4.205.0, an Insecure Direct
Object ...)
- TODO: check
+ NOT-FOR-US: Endalia Selection Portal
CVE-2020-35576 (A Command Injection issue in the traceroute feature on TP-Link
TL-WR84 ...)
NOT-FOR-US: TP-Link
CVE-2020-35575 (A password-disclosure issue in the web interface on certain
TP-Link de ...)
@@ -21270,7 +21271,7 @@ CVE-2020-29455 (A cross-Site Scripting (XSS)
vulnerability in this.showInvalid a
CVE-2020-29454 (Editors/LogViewerController.cs in Umbraco through 8.9.1 allows
a user ...)
NOT-FOR-US: Umbraco CMS
CVE-2020-29453 (The CachingResourceDownloadRewriteRule class in Jira Server
and Jira D ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2020-29452
RESERVED
CVE-2020-29451 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
@@ -21280,7 +21281,7 @@ CVE-2020-29450 (Affected versions of Atlassian
Confluence Server and Data Center
CVE-2020-29449
RESERVED
CVE-2020-29448 (The ConfluenceResourceDownloadRewriteRule class in Confluence
Server a ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2020-29447 (Affected versions of Atlassian Crucible allow remote attackers
to impa ...)
NOT-FOR-US: Atlassian
CVE-2020-29446 (Affected versions of Atlassian Fisheye & Crucible allow
remote att ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e6bb94e7cc19858d4206ec6ac826fff95c76a3ca...a8771e097369549ff415a97ef3d757c36b4c0142
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e6bb94e7cc19858d4206ec6ac826fff95c76a3ca...a8771e097369549ff415a97ef3d757c36b4c0142
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
