Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6a87fe83 by security tracker role at 2021-04-10T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2021-30481 (Valve Steam through 2021-04-10, when a Source engine game is
installed ...)
+ TODO: check
CVE-2021-3492
RESERVED
CVE-2021-3491
@@ -735,14 +737,17 @@ CVE-2019-25026 (Redmine before 3.4.13 and 4.x before
4.0.6 mishandles markup dat
CVE-2021-30160
RESERVED
CVE-2021-30159 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x
through ...)
+ {DSA-4889-1}
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T272386
NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30158 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x
through ...)
+ {DSA-4889-1}
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T277009
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/670546
CVE-2021-30157 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x
through ...)
+ {DSA-4889-1}
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T278058
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674085
@@ -750,10 +755,12 @@ CVE-2021-30156 (An issue was discovered in MediaWiki
before 1.31.12 and 1.32.x t
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T276306
CVE-2021-30155 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x
through ...)
+ {DSA-4889-1}
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T270988
NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30154 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x
through ...)
+ {DSA-4889-1}
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T278014
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674083/
@@ -763,6 +770,7 @@ CVE-2021-30153
NOTE: https://phabricator.wikimedia.org/T270453
NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30152 (An issue was discovered in MediaWiki before 1.31.13 and 1.32.x
through ...)
+ {DSA-4889-1}
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T270713
NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
@@ -3676,6 +3684,7 @@ CVE-2021-28831 (decompress_gunzip.c in BusyBox through
1.32.1 mishandles the err
[buster] - busybox <no-dsa> (Minor issue)
NOTE:
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
CVE-2021-27851 [Local privilege escalation via guix-daemon and --keep-failed]
+ RESERVED
- guix 1.2.0-4 (bug #985467; unimportant)
NOTE: https://issues.guix.gnu.org/47229
NOTE:
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf
@@ -6233,6 +6242,7 @@ CVE-2021-27803 (A vulnerability was discovered in how
p2p/p2p_pd.c in wpa_suppli
CVE-2021-3417 (An internal product security audit of LXCO, prior to version
1.2.2, di ...)
NOT-FOR-US: Lenovo
CVE-2021-3416 (A potential stack overflow via infinite loop issue was found in
variou ...)
+ {DLA-2623-1}
- qemu 1:5.2+dfsg-9 (bug #984448)
[buster] - qemu <postponed> (Minor issue)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07431.html
@@ -7013,6 +7023,7 @@ CVE-2021-27381 (A vulnerability has been identified in
Solid Edge SE2020 (All Ve
CVE-2021-27380 (A vulnerability has been identified in Solid Edge SE2020 (All
Versions ...)
NOT-FOR-US: Solid Edge SE2020
CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86
Intel HVM ...)
+ {DSA-4888-1}
- xen 4.14.0+80-gd101b417b7-1
[stretch] - xen <not-affected> (Incomplete fix for CVE-2020-15565 not
applied)
NOTE: https://xenbits.xen.org/xsa/advisory-366.html
@@ -7215,7 +7226,7 @@ CVE-2021-27292 (ua-parser-js >= 0.7.14, fixed in
0.7.24, uses a regular expre
NOTE: https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76
NOTE:
https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566
CVE-2021-27291 (In pygments 1.1+, fixed in 2.7.4, the lexers used to parse
programming ...)
- {DSA-4878-1 DLA-2600-1}
+ {DSA-4889-1 DSA-4878-1 DLA-2600-1}
- pygments <unfixed> (bug #985574)
- mediawiki 1:1.35.2-1
NOTE: https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce
@@ -8026,6 +8037,7 @@ CVE-2021-26934 (An issue was discovered in the Linux
kernel 4.18 through 5.10.16
NOTE: Driver never was meant to be supported and the patch in src:xen
will only
NOTE: update SUPPORT.md to explicitly document the fact.
CVE-2021-26933 (An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a
guest is ...)
+ {DSA-4888-1}
- xen 4.14.1+11-gb0b734a8b3-1
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-364.html
@@ -8835,6 +8847,7 @@ CVE-2021-3393 (An information leak was discovered in
postgresql in versions befo
[buster] - postgresql-11 11.11-0+deb10u1
NOTE:
https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
CVE-2021-3392 (A use-after-free flaw was found in the MegaRAID emulator of
QEMU. This ...)
+ {DLA-2623-1}
- qemu <unfixed> (bug #984449)
[buster] - qemu <postponed> (Minor issue)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
@@ -24638,7 +24651,7 @@ CVE-2021-20271 (A flaw was found in RPM's signature
check functionality when rea
[stretch] - rpm <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1934125
CVE-2021-20270 (An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3
may lea ...)
- {DSA-4870-1 DLA-2590-1}
+ {DSA-4889-1 DSA-4870-1 DLA-2590-1}
- pygments 2.7.1+dfsg-2 (bug #984664)
- mediawiki 1:1.35.2-1
NOTE: https://github.com/pygments/pygments/issues/1625
@@ -24700,6 +24713,7 @@ CVE-2021-20258
RESERVED
CVE-2021-20257 [net: e1000: infinite loop while processing transmit
descriptors]
RESERVED
+ {DLA-2623-1}
- qemu 1:5.2+dfsg-9 (bug #984450)
[bullseye] - qemu <postponed> (Minor issue)
[buster] - qemu <postponed> (Minor issue)
@@ -24708,6 +24722,7 @@ CVE-2021-20257 [net: e1000: infinite loop while
processing transmit descriptors]
CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface
exposes the p ...)
NOT-FOR-US: Red Hat Satellite
CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was
found in ...)
+ {DLA-2623-1}
- qemu <unfixed> (bug #984451)
[bullseye] - qemu <postponed> (Minor issue)
[buster] - qemu <postponed> (Minor issue)
@@ -24978,6 +24993,7 @@ CVE-2021-20205 (Libjpeg-turbo versions 2.0.91 and
2.0.90 is vulnerable to a deni
CVE-2021-20204
RESERVED
CVE-2021-20203 (An integer overflow issue was found in the vmxnet3 NIC
emulator of the ...)
+ {DLA-2623-1}
- qemu <unfixed> (bug #984452)
[buster] - qemu <postponed> (Minor issue)
NOTE: https://bugs.launchpad.net/qemu/+bug/1913873
@@ -42600,6 +42616,7 @@ CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before
2020-08-03 allows XSS in
CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS
in applic ...)
NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2021-3409 (The patch for CVE-2020-17380/CVE-2020-25085 was found to be
ineffectiv ...)
+ {DLA-2623-1}
- qemu <unfixed>
[buster] - qemu <not-affected> (CVE-2020-17380/CVE-2020-25085 weren't
backported to Buster)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
@@ -58357,6 +58374,7 @@ CVE-2020-17382 (The MSI AmbientLink MsIo64 driver
1.0.0.8 has a Buffer Overflow
CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due
to insuff ...)
NOT-FOR-US: Ghisler Total Commander
CVE-2020-17380 (A heap-based buffer overflow was found in QEMU through 5.0.0
in the SD ...)
+ {DLA-2623-1}
- qemu <unfixed> (bug #970937)
[buster] - qemu <postponed> (Minor issue, fix along in future DSA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1862167
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a87fe83efa670dc0181cce9691675307d296b17
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a87fe83efa670dc0181cce9691675307d296b17
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
