[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 21 Apr 2021 01:10:45 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
65324cef by security tracker role at 2021-04-21T08:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-3510
+       RESERVED
+CVE-2021-3509
+       RESERVED
+CVE-2021-31521
+       RESERVED
+CVE-2021-31520
+       RESERVED
+CVE-2021-31519
+       RESERVED
+CVE-2021-31518
+       RESERVED
+CVE-2021-31517
+       RESERVED
 CVE-2021-3508 [infinite loop in get_xref_linear_skipped() in pdf.c]
        RESERVED
        - pdfresurrect <unfixed>
@@ -3433,6 +3447,7 @@ CVE-2021-29951
        RESERVED
 CVE-2021-29950
        RESERVED
+       {DSA-4876-1}
        - thunderbird 1:78.9.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-17/#CVE-2021-29950
        NOTE: Was fixed in 78.8.1 (typo in advisory title)
@@ -4533,15 +4548,14 @@ CVE-2021-29464
        RESERVED
 CVE-2021-29463
        RESERVED
-CVE-2021-29462 [DNS rebinding vulnerability in pupnp]
-       RESERVED
+CVE-2021-29462 (The Portable SDK for UPnP Devices is an SDK for development of 
UPnP de ...)
        - pupnp-1.8 <unfixed>
        - libupnp <removed>
        NOTE: 
https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg
        NOTE: 
https://github.com/pupnp/pupnp/commit/21fd85815da7ed2578d0de7cac4c433008f0ecd4
        NOTE: https://www.openwall.com/lists/oss-security/2021/04/20/4
-CVE-2021-29461
-       RESERVED
+CVE-2021-29461 (### Impact - This issue could be exploited to read internal 
files from ...)
+       TODO: check
 CVE-2021-29460
        RESERVED
 CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
@@ -4571,6 +4585,7 @@ CVE-2021-29452 (a12n-server is an npm package which aims 
to provide a simple aut
 CVE-2021-29451 (Portofino is an open source web development framework. 
Portofino befor ...)
        NOT-FOR-US: Portofino
 CVE-2021-29450 (Wordpress is an open source CMS. One of the blocks in the 
WordPress ed ...)
+       {DLA-2630-1}
        - wordpress 5.7.1+dfsg1-1 (bug #987065)
        NOTE: 
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
 CVE-2021-29449 (Pi-hole is a Linux network-level advertisement and Internet 
tracker bl ...)
@@ -4578,6 +4593,7 @@ CVE-2021-29449 (Pi-hole is a Linux network-level 
advertisement and Internet trac
 CVE-2021-29448 (Pi-hole is a Linux network-level advertisement and Internet 
tracker bl ...)
        NOT-FOR-US: Pi-hole
 CVE-2021-29447 (Wordpress is an open source CMS. A user with the ability to 
upload fil ...)
+       {DLA-2630-1}
        - wordpress 5.7.1+dfsg1-1 (unimportant)
        NOTE: 
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh
        NOTE: Only an issue when installation runs under PHP8.
@@ -5674,8 +5690,7 @@ CVE-2021-28967 (The unofficial MATLAB extension before 
2.0.1 for Visual Studio C
        NOT-FOR-US: MATLAB extenstion for vscode
 CVE-2021-28966
        RESERVED
-CVE-2021-28965
-       RESERVED
+CVE-2021-28965 (The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 
2.7.3, a ...)
        - ruby2.7 2.7.3-1 (bug #986807)
        - ruby2.5 <removed>
        [buster] - ruby2.5 <postponed> (Minor issue, can be fixed along with 
next update)
@@ -28624,8 +28639,8 @@ CVE-2020-35316
        RESERVED
 CVE-2020-35315
        RESERVED
-CVE-2020-35314
-       RESERVED
+CVE-2020-35314 (An OS command injection vulnerability in the 
installUpdateThemePluginA ...)
+       TODO: check
 CVE-2020-35313 (A server-side request forgery (SSRF) vulnerability in the 
addCustomThe ...)
        NOT-FOR-US: WonderCMS
 CVE-2020-35312
@@ -87203,8 +87218,8 @@ CVE-2020-7859
        RESERVED
 CVE-2020-7858
        RESERVED
-CVE-2020-7857
-       RESERVED
+CVE-2020-7857 (A vulnerability of XPlatform could allow an unauthenticated 
attacker t ...)
+       TODO: check
 CVE-2020-7856 (A vulnerability of Helpcom could allow an unauthenticated 
attacker to  ...)
        NOT-FOR-US: Helpcom
 CVE-2020-7855



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65324cef025f24f0cfa46b772e6ad893a15de39f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65324cef025f24f0cfa46b772e6ad893a15de39f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to