[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 05 Apr 2021 01:10:32 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3b30ccab by security tracker role at 2021-04-05T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1890,8 +1890,8 @@ CVE-2021-3468 [Local DoS by event-busy-loop from writing 
long lines to /run/avah
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3
 CVE-2021-29262
        RESERVED
-CVE-2021-29261
-       RESERVED
+CVE-2021-29261 (The unofficial Svelte extension before 104.8.0 for Visual 
Studio Code  ...)
+       TODO: check
 CVE-2021-29260
        RESERVED
 CVE-2021-29259
@@ -2820,8 +2820,8 @@ CVE-2021-28834 (Kramdown before 2.3.1 does not restrict 
Rouge formatters to the
        NOTE: Fixed by: 
https://github.com/gettalong/kramdown/commit/d6a1cbcb2caa2f8a70927f176070d126b2422760
 CVE-2021-28833
        RESERVED
-CVE-2021-28832
-       RESERVED
+CVE-2021-28832 (VSCodeVim before 1.19.0 allows attackers to execute arbitrary 
code via ...)
+       TODO: check
 CVE-2021-28831 (decompress_gunzip.c in BusyBox through 1.32.1 mishandles the 
error bit ...)
        {DLA-2614-1}
        - busybox <unfixed> (bug #985674)
@@ -9213,9 +9213,11 @@ CVE-2021-26122
 CVE-2021-26121
        RESERVED
 CVE-2021-26120 (Smarty before 3.1.39 allows code injection via an unexpected 
function  ...)
+       {DLA-2618-1}
        - smarty3 3.1.39-1
        NOTE: 
https://github.com/smarty-php/smarty/commit/4f634c0097ab4a8b2adc2a97caacd1676e88f9c8
 CVE-2021-26119 (Smarty before 3.1.39 allows a Sandbox Escape because 
$smarty.template_ ...)
+       {DLA-2618-1}
        - smarty3 3.1.39-1
        NOTE: 
https://github.com/smarty-php/smarty/commit/c9272058d972045dda9c99c64a82acb21c93c6ad
 CVE-2021-26118 (While investigating ARTEMIS-2964 it was found that the 
creation of adv ...)
@@ -175632,6 +175634,7 @@ CVE-2018-13984
 CVE-2018-13983 (ImpressCMS 1.3.10 has XSS via the PATH_INFO to 
htdocs/install/index.ph ...)
        NOT-FOR-US: ImpressCMS
 CVE-2018-13982 (Smarty_Security::isTrustedResourceDir() in Smarty before 
3.1.33 is pro ...)
+       {DLA-2618-1}
        - smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1
        [stretch] - smarty3 <no-dsa> (Minor issue; can be fixed via point 
release)
        [jessie] - smarty3 <not-affected> (vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b30ccab87b0656e4d96b0842ca7364981df68d6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b30ccab87b0656e4d96b0842ca7364981df68d6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to