[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 27 Mar 2021 01:10:33 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b640d99d by security tracker role at 2021-03-27T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2021-29270
+       RESERVED
+CVE-2021-29269
+       RESERVED
+CVE-2021-29268
+       RESERVED
+CVE-2021-29267
+       RESERVED
+CVE-2021-29266 (An issue was discovered in the Linux kernel before 5.11.9. 
drivers/vho ...)
+       TODO: check
+CVE-2021-29265 (An issue was discovered in the Linux kernel before 5.11.7. 
usbip_sockf ...)
+       TODO: check
+CVE-2021-29264 (An issue was discovered in the Linux kernel through 5.11.10. 
drivers/n ...)
+       TODO: check
+CVE-2021-29263
+       RESERVED
 CVE-2021-3471
        RESERVED
 CVE-2021-3470
@@ -32,8 +48,8 @@ CVE-2021-29251
        RESERVED
 CVE-2021-29250
        RESERVED
-CVE-2021-29249
-       RESERVED
+CVE-2021-29249 (BTCPay Server before 1.0.6.0, when the payment button is used, 
has a p ...)
+       TODO: check
 CVE-2021-29248
        RESERVED
 CVE-2021-29247
@@ -16099,8 +16115,8 @@ CVE-2021-22196
        RESERVED
 CVE-2021-22195
        RESERVED
-CVE-2021-22194
-       RESERVED
+CVE-2021-22194 (In all versions of GitLab starting from 13.7, marshalled 
session keys  ...)
+       TODO: check
 CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions 
starting ...)
        - gitlab <unfixed>
 CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
@@ -16128,8 +16144,8 @@ CVE-2021-22186 (An authorization issue in GitLab CE/EE 
version 9.4 and up allowe
 CVE-2021-22185 (Insufficient input sanitization in wikis in GitLab version 
13.8 and up ...)
        - gitlab <not-affected> (Only affects 13.8)
        NOTE: 
https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
-CVE-2021-22184
-       RESERVED
+CVE-2021-22184 (An information disclosure issue in GitLab starting from 
version 12.8 a ...)
+       TODO: check
 CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions 
starting ...)
        [experimental] - gitlab 13.6.6-1
        - gitlab <unfixed>
@@ -16138,8 +16154,8 @@ CVE-2021-22182 (An issue has been discovered in GitLab 
affecting all versions st
        - gitlab <not-affected> (Affected version never uploaded to unstable)
 CVE-2021-22181
        RESERVED
-CVE-2021-22180
-       RESERVED
+CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions 
starting ...)
+       TODO: check
 CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. 
GitLab  ...)
        - gitlab <unfixed>
 CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions 
starting ...)
@@ -18983,8 +18999,8 @@ CVE-2021-21413
        RESERVED
 CVE-2021-21412
        RESERVED
-CVE-2021-21411
-       RESERVED
+CVE-2021-21411 (OAuth2-Proxy is an open source reverse proxy that provides 
authenticat ...)
+       TODO: check
 CVE-2021-21410
        RESERVED
 CVE-2021-21409
@@ -19015,8 +19031,8 @@ CVE-2021-21398
        RESERVED
 CVE-2021-21397
        RESERVED
-CVE-2021-21396
-       RESERVED
+CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure 
collaboratio ...)
+       TODO: check
 CVE-2021-21395
        RESERVED
 CVE-2021-21394
@@ -19029,8 +19045,8 @@ CVE-2021-21391
        RESERVED
 CVE-2021-21390 (MinIO is an open-source high performance object storage 
service and it ...)
        NOT-FOR-US: MinIO
-CVE-2021-21389
-       RESERVED
+CVE-2021-21389 (BuddyPress is an open source WordPress plugin to build a 
community sit ...)
+       TODO: check
 CVE-2021-21388
        RESERVED
 CVE-2021-21387 (Wrongthink peer-to-peer, end-to-end encrypted messenger with 
PeerJS an ...)
@@ -19060,12 +19076,12 @@ CVE-2021-21375 (PJSIP is a free and open source 
multimedia communication library
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
        NOTE: 
https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365
        TODO: check, might affect sc:ring
-CVE-2021-21374
-       RESERVED
-CVE-2021-21373
-       RESERVED
-CVE-2021-21372
-       RESERVED
+CVE-2021-21374 (Nimble is a package manager for the Nim programming language. 
In Nim r ...)
+       TODO: check
+CVE-2021-21373 (Nimble is a package manager for the Nim programming language. 
In Nim r ...)
+       TODO: check
+CVE-2021-21372 (Nimble is a package manager for the Nim programming language. 
In Nim r ...)
+       TODO: check
 CVE-2021-21371 (Tenable for Jira Cloud is an open source project designed to 
pull Tena ...)
        NOT-FOR-US: Tenable for Jira Cloud
 CVE-2021-21370 (TYPO3 is an open source PHP based web content management 
system. In TY ...)
@@ -19156,10 +19172,10 @@ CVE-2021-21335 (In the SPNEGO HTTP Authentication 
Module for nginx (spnego-http-
 CVE-2021-21334 (In containerd (an industry-standard container runtime) before 
versions ...)
        - containerd 1.4.4~ds1-1
        NOTE: 
https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
-CVE-2021-21333
-       RESERVED
-CVE-2021-21332
-       RESERVED
+CVE-2021-21333 (Synapse is a Matrix reference homeserver written in python 
(pypi packa ...)
+       TODO: check
+CVE-2021-21332 (Synapse is a Matrix reference homeserver written in python 
(pypi packa ...)
+       TODO: check
 CVE-2021-21331 (The Java client for the Datadog API before version 
1.0.0-beta.9 has a  ...)
        NOT-FOR-US: Java client for Datadog API
 CVE-2021-21330 (aiohttp is an asynchronous HTTP client/server framework for 
asyncio an ...)
@@ -22052,8 +22068,7 @@ CVE-2021-20208
        RESERVED
 CVE-2021-20207
        REJECTED
-CVE-2021-20206
-       RESERVED
+CVE-2021-20206 (An improper limitation of path name flaw was found in 
containernetwork ...)
        - golang-github-appc-cni 0.8.1-1 (bug #983659)
        [buster] - golang-github-appc-cni <no-dsa> (Minor issue; can be fixed 
via point release)
        NOTE: https://github.com/containernetworking/cni/pull/808
@@ -38581,16 +38596,16 @@ CVE-2020-25584
        RESERVED
 CVE-2020-25583
        RESERVED
-CVE-2020-25582
-       RESERVED
-CVE-2020-25581
-       RESERVED
-CVE-2020-25580
-       RESERVED
-CVE-2020-25579
-       RESERVED
-CVE-2020-25578
-       RESERVED
+CVE-2020-25582 (In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before 
r369335, 12. ...)
+       TODO: check
+CVE-2020-25581 (In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before 
r369313, 12. ...)
+       TODO: check
+CVE-2020-25580 (In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before 
r369345, 12. ...)
+       TODO: check
+CVE-2020-25579 (In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before 
r369047, 12. ...)
+       TODO: check
+CVE-2020-25578 (In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before 
r369047, 12. ...)
+       TODO: check
 CVE-2020-25577
        RESERVED
 CVE-2020-25572
@@ -82439,22 +82454,22 @@ CVE-2020-7470 (Sonoff TH 10 and 16 devices with 
firmware 6.6.0.21 allows XSS via
        NOT-FOR-US: Sonoff TH 10 and 16 devices
 CVE-2020-7469
        RESERVED
-CVE-2020-7468
-       RESERVED
-CVE-2020-7467
-       RESERVED
+CVE-2020-7468 (In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before 
r365773, 12. ...)
+       TODO: check
+CVE-2020-7467 (In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before 
r365769, 12. ...)
+       TODO: check
 CVE-2020-7466 (The PPP implementation of MPD before 5.9 allows a remote 
attacker who  ...)
        NOT-FOR-US: MPD (FreeBSD PPP daemon)
 CVE-2020-7465 (The L2TP implementation of MPD before 5.9 allows a remote 
attacker who ...)
        NOT-FOR-US: MPD (FreeBSD PPP daemon)
-CVE-2020-7464
-       RESERVED
-CVE-2020-7463
-       RESERVED
-CVE-2020-7462
-       RESERVED
-CVE-2020-7461
-       RESERVED
+CVE-2020-7464 (In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before 
r365738, 12. ...)
+       TODO: check
+CVE-2020-7463 (In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before 
r364651, 12. ...)
+       TODO: check
+CVE-2020-7462 (In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, 
imprope ...)
+       TODO: check
+CVE-2020-7461 (In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before 
r365011, 12. ...)
+       TODO: check
 CVE-2020-7460 (In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 
11.4-ST ...)
        NOT-FOR-US: FreeBSD
 CVE-2020-7459 (In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 
11.4-ST ...)
@@ -115013,7 +115028,7 @@ CVE-2019-14847 (A flaw was found in samba 4.0.0 
before samba 4.9.15 and samba 4.
        [stretch] - samba <no-dsa> (Minor issue)
        [jessie] - samba <no-dsa> (Minor issue)
        NOTE: https://www.samba.org/samba/security/CVE-2019-14847.html
-CVE-2019-14846 (Ansible, all ansible_engine-2.x versions and 
ansible_engine-3.x up to  ...)
+CVE-2019-14846 (In Ansible, all Ansible Engine versions up to ansible-engine 
2.8.5, an ...)
        {DLA-2535-1 DLA-2202-1}
        - ansible 2.8.6+dfsg-1 (low; bug #942188)
        [buster] - ansible <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b640d99d4302aee08a1a77f128c1ddb03a3bc809

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b640d99d4302aee08a1a77f128c1ddb03a3bc809
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to