Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
196496f6 by Moritz Muehlenhoff at 2021-03-02T15:26:26+01:00
linux n/a
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -206,7 +206,7 @@ CVE-2021-27806
CVE-2021-27805
RESERVED
CVE-2021-27804 (JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory
corruption. ...)
- TODO: check
+ - jpeg-xl <itp> (bug #948862)
CVE-2021-27802
RESERVED
CVE-2021-27801
@@ -3704,7 +3704,7 @@ CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the
GoDaddy node-config-shield
CVE-2021-26275
RESERVED
CVE-2020-36240 (The ResourceDownloadRewriteRule class in Crowd before version
4.0.4, a ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2020-36239
RESERVED
CVE-2020-36238
@@ -13304,7 +13304,8 @@ CVE-2021-21976 (vSphere Replication 8.3.x prior to
8.3.1.2, 8.2.x prior to 8.2.1
CVE-2021-21975
RESERVED
CVE-2021-21974 (OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7
before ESX ...)
- TODO: check
+ NOT-FOR-US: VMware
+ NOTE: Might affect src:openslp-dfsg, but removed years ago
CVE-2021-21973 (The vSphere Client (HTML5) contains an SSRF (Server Side
Request Forge ...)
NOT-FOR-US: VMware
CVE-2021-21972 (The vSphere Client (HTML5) contains a remote code execution
vulnerabil ...)
@@ -27478,22 +27479,22 @@ CVE-2021-0408
CVE-2021-0407
RESERVED
CVE-2021-0406 (In cameraisp, there is a possible out of bounds write due to a
missing ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2021-0405 (In performance driver, there is a possible out of bounds write
due to ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2021-0404 (In mobile_log_d, there is a possible information disclosure due
to imp ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2021-0403 (In netdiag, there is a possible information disclosure due to a
missin ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2021-0402 (In jpeg, there is a possible out of bounds write due to
improper input ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2021-0401 (In vow, there is a possible memory corruption due to a race
condition. ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2021-0400
RESERVED
CVE-2021-0399
RESERVED
- - linux <undetermined>
+ - linux <not-affected> (Android-specific xt_qtaguid code)
NOTE: https://source.android.com/security/bulletin/2021-03-01
CVE-2021-0398
RESERVED
@@ -27558,9 +27559,9 @@ CVE-2021-0369
CVE-2021-0368
RESERVED
CVE-2021-0367 (In vpu, there is a possible memory corruption due to a race
condition. ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2021-0366 (In vpu, there is a possible memory corruption due to a race
condition. ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2021-0365 (In display driver, there is a possible memory corruption due to
a use ...)
NOT-FOR-US: Mediatek components for Android
CVE-2021-0364 (In mobile_log_d, there is a possible command injection due to
improper ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/196496f6f05442ec470390e75cc73eb733ef0bf5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/196496f6f05442ec470390e75cc73eb733ef0bf5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
