[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 13 Mar 2021 12:10:48 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2a7b9502 by security tracker role at 2021-03-13T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-28361 (An issue was discovered in Storage Performance Development Kit 
(SPDK)  ...)
+       TODO: check
+CVE-2021-28360
+       RESERVED
+CVE-2021-28359
+       RESERVED
 CVE-2021-28358
        RESERVED
 CVE-2021-28357
@@ -10538,7 +10544,7 @@ CVE-2021-3115 (Go before 1.14.14 and 1.15.x before 
1.15.7 on Windows is vulnerab
        NOTE: explicitly in PATH and running 'go get' outside of a module or 
with module
        NOTE: mode disabled.
 CVE-2021-3114 (In Go before 1.14.14 and 1.15.x before 1.15.7, 
crypto/elliptic/p224.go ...)
-       {DSA-4848-1}
+       {DSA-4848-1 DLA-2592-1 DLA-2591-1}
        - golang-1.15 1.15.7-1
        - golang-1.11 <removed>
        - golang-1.8 <removed>
@@ -16687,8 +16693,8 @@ CVE-2020-35684
        RESERVED
 CVE-2020-35683
        RESERVED
-CVE-2020-35682
-       RESERVED
+CVE-2020-35682 (Zoho ManageEngine ServiceDesk Plus before 11134 allows an 
Authenticati ...)
+       TODO: check
 CVE-2020-35681 (Django Channels 3.x before 3.0.3 allows remote attackers to 
obtain sen ...)
        - python-django-channels 3.0.3-1 (bug #979376)
        [buster] - python-django-channels <no-dsa> (Minor issue)
@@ -104240,7 +104246,7 @@ CVE-2017-1002201 (In haml versions prior to version 
5.0.0.beta.2, when using use
        NOTE: https://snyk.io/vuln/SNYK-RUBY-HAML-20362
        NOTE: 
https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2
 CVE-2019-17596 (Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an 
attempt to ...)
-       {DSA-4551-1}
+       {DSA-4551-1 DLA-2592-1 DLA-2591-1}
        - golang-1.13 1.13.3-1 (bug #942628)
        - golang-1.12 1.12.12-1 (bug #942629)
        - golang-1.11 <removed>
@@ -108006,7 +108012,7 @@ CVE-2019-16319 (In Wireshark 3.0.0 to 3.0.3 and 2.6.0 
to 2.6.10, the Gryphon dis
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16020
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=02ddd49885c6a09e936a76aceb726ed06539704a
 CVE-2019-16276 (Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request 
Smugglin ...)
-       {DSA-4534-1}
+       {DSA-4534-1 DLA-2592-1 DLA-2591-1}
        - golang-1.13 1.13.1-1
        - golang-1.12 1.12.10-1 (bug #941173)
        - golang-1.11 <removed>
@@ -129746,7 +129752,7 @@ CVE-2019-9743 (An issue was discovered on PHOENIX 
CONTACT RAD-80211-XD and RAD-8
 CVE-2019-9742 (gdwfpcd.sys in G Data Total Security before 2019-02-22 allows 
an attac ...)
        NOT-FOR-US: G Data Total Security
 CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF 
injection is po ...)
-       {DLA-1749-1}
+       {DLA-2592-1 DLA-2591-1 DLA-1749-1}
        - golang-1.12 1.12-1
        - golang-1.11 1.11.6-1 (bug #924630)
        - golang-1.8 <removed>
@@ -163552,6 +163558,7 @@ CVE-2018-16875 (The crypto/x509 package of Go before 
1.10.6 and 1.11.x before 1.
        NOTE: 
https://github.com/golang/go/commit/df523969435b8945d939c7e2a849b50910ef4c25 
(1.11.3)
        NOTE: 
https://github.com/golang/go/commit/0a4a37f1f0a36e55d8ae5c34210a79499f9f2a9d 
(1.10.6)
 CVE-2018-16874 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" 
command is  ...)
+       {DLA-2592-1 DLA-2591-1}
        - golang-1.11 1.11.3-1
        - golang-1.10 1.10.6-1
        - golang-1.8 <removed>
@@ -163559,6 +163566,7 @@ CVE-2018-16874 (In Go before 1.10.6 and 1.11.x before 
1.11.3, the "go get" comma
        NOTE: https://github.com/golang/go/issues/29231
        NOTE: See CVE-2018-16873 for patches and regression fix
 CVE-2018-16873 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" 
command is  ...)
+       {DLA-2592-1 DLA-2591-1}
        - golang-1.11 1.11.3-1
        - golang-1.10 1.10.6-1
        - golang-1.8 <removed>
@@ -217601,7 +217609,7 @@ CVE-2017-15042 (An unintended cleartext issue exists 
in Go before 1.8.4 and 1.9.
        NOTE: https://golang.org/cl/68210
        NOTE: 
https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
 CVE-2017-15041 (Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote 
command  ...)
-       {DLA-1148-1}
+       {DLA-2592-1 DLA-2591-1 DLA-1148-1}
        - golang-1.9 1.9.1-1
        - golang-1.8 1.8.4-1
        - golang-1.7 <removed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a7b9502eb7bc07f29dec21abd912fda5b01ffc2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a7b9502eb7bc07f29dec21abd912fda5b01ffc2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to