[Git][security-tracker-team/security-tracker][master] various bugs filed

Moritz Muehlenhoff Mon, 12 Apr 2021 02:53:54 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c687d49c by Moritz Mühlenhoff at 2021-04-12T11:53:19+02:00
various bugs filed
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -674,7 +674,7 @@ CVE-2021-30186
 CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host 
header in a ...)
        NOT-FOR-US: CERN Indico
 CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via 
crafted ...)
-       - gnuchess <unfixed>
+       - gnuchess <unfixed> (bug #986801)
        NOTE: 
https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html
        NOTE: 
https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html
 CVE-2021-30183
@@ -727,11 +727,9 @@ CVE-2021-30166
 CVE-2021-30165
        RESERVED
 CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers 
to bypass ...)
-       - redmine <unfixed>
-       TODO: check fixing commit, fixed in 4.0.8
+       - redmine <unfixed> (bug #986800)
 CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers 
to discov ...)
-       - redmine <unfixed>
-       TODO: check fixing commit, fixed in 4.0.8
+       - redmine <unfixed> (bug #986800)
 CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 
4.4 throu ...)
        NOT-FOR-US: LG mobile devices
 CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 
11 softwa ...)
@@ -771,16 +769,12 @@ CVE-2020-36309 (ngx_http_lua_module (aka 
lua-nginx-module) before 0.10.16 in Ope
        NOTE: https://github.com/openresty/lua-nginx-module/pull/1654
 CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers 
to discov ...)
        - redmine 4.0.7-1
-       TODO: check fixing commit, fixed in 4.0.7
 CVE-2020-36307 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via 
textile ...)
        - redmine 4.0.7-1
-       TODO: check fixing commit, fixed in 4.0.7
 CVE-2020-36306 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the 
back_url f ...)
        - redmine 4.0.7-1
-       TODO: check fixing commit, fixed in 4.0.7
 CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup 
data duri ...)
        - redmine 4.0.6-1
-       TODO: check fixing commit, fixed in 4.0.6
 CVE-2021-30160
        RESERVED
 CVE-2021-30159 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x 
through ...)
@@ -1259,7 +1253,7 @@ CVE-2021-3482 (A flaw was found in Exiv2 in versions 
before and including 0.27.4
        NOTE: https://github.com/Exiv2/exiv2/issues/1522
 CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted 
svg file]
        RESERVED
-       - qtsvg-opensource-src <unfixed>
+       - qtsvg-opensource-src <unfixed> (bug #986798)
        [buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
        - qt4-x11 <removed>
        [buster] - qt4-x11 <no-dsa> (Minor issue)
@@ -4155,7 +4149,7 @@ CVE-2021-3447 (A flaw was found in several ansible 
modules, where parameters con
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939349
        NOTE: check, details on upstream status not yet clear
 CVE-2021-3446 (A flaw was found in libtpms in versions before 0.8.2. The 
commonly use ...)
-       - libtpms <unfixed>
+       - libtpms <unfixed> (bug #986799)
        NOTE: 
https://github.com/stefanberger/libtpms/commit/32c159ab53db703749a8f90430cdc7b20b00975e
 CVE-2021-28650 (autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used 
by GNOM ...)
        [experimental] - gnome-autoar 0.3.1-1
@@ -4181,7 +4175,7 @@ CVE-2017-20002 (The Debian shadow package before 1:4.5-1 
for Shadow incorrectly
        NOTE: Introduced in attempt to address #830255 in 1:4.4-2
 CVE-2021-3445
        RESERVED
-       - libdnf <unfixed>
+       - libdnf <unfixed> (bug #986802)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932079
 CVE-2021-28644
        RESERVED
@@ -21806,11 +21800,11 @@ CVE-2020-35628 (A code execution vulnerability exists 
in the Nef polygon-parsing
        - cgal 5.2-3 (bug #985671)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
 CVE-2021-21433 (Discord Recon Server is a bot that allows you to do your 
reconnaissanc ...)
-       TODO: check
+       NOT-FOR-US: Discord Recon Server
 CVE-2021-21432 (Vela is a Pipeline Automation (CI/CD) framework built on Linux 
contain ...)
-       TODO: check
+       NOT-FOR-US: Vela
 CVE-2021-21431 (sopel-channelmgnt is a channelmgnt plugin for sopel. In 
versions prior ...)
-       TODO: check
+       NOT-FOR-US: sopel-channelmgnt
 CVE-2021-21430
        RESERVED
 CVE-2021-21429
@@ -21847,7 +21841,7 @@ CVE-2021-21415
 CVE-2021-21414
        RESERVED
 CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to 
v8's Iso ...)
-       TODO: check
+       NOT-FOR-US: Node isolated-vm
 CVE-2021-21412 (Potential for arbitrary code execution in npm package 
@thi.ng/egf `#gp ...)
        NOT-FOR-US: Node @thi.ng/egf
 CVE-2021-21411 (OAuth2-Proxy is an open source reverse proxy that provides 
authenticat ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c687d49c54143317a3d04da680a7ec6bef86924e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c687d49c54143317a3d04da680a7ec6bef86924e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] various bugs filed

Reply via email to