[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sun, 25 Apr 2021 01:10:47 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6785f406 by security tracker role at 2021-04-25T08:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2021-31795 (The PowerVR GPU kernel driver in pvrsrvkm.ko through 
2021-04-24 for th ...)
        NOT-FOR-US: PowerVR GPU kernel driver (OOT)
-CVE-2021-31794
-       RESERVED
+CVE-2021-31794 (Settings.aspx?view=About in Directum 5.8.2 allows XSS via the 
HTTP Use ...)
+       TODO: check
 CVE-2021-31793
        RESERVED
 CVE-2021-31792
@@ -172,8 +172,8 @@ CVE-2021-31714
        RESERVED
 CVE-2021-31713
        RESERVED
-CVE-2021-31712
-       RESERVED
+CVE-2021-31712 (react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 
allows a j ...)
+       TODO: check
 CVE-2021-31711
        RESERVED
 CVE-2021-31710
@@ -2736,8 +2736,8 @@ CVE-2021-30504
        RESERVED
 CVE-2021-30503 (The unofficial GLSL Linting extension before 1.4.0 for Visual 
Studio C ...)
        NOT-FOR-US: GLSL Linting extension for Visual Studio Code
-CVE-2021-30502
-       RESERVED
+CVE-2021-30502 (The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell 
Compiler) ...)
+       TODO: check
 CVE-2021-3495
        RESERVED
 CVE-2021-3494
@@ -20788,6 +20788,7 @@ CVE-2021-22698 (A CWE-434: Unrestricted Upload of File 
with Dangerous Type vulne
 CVE-2021-22697 (A CWE-434: Unrestricted Upload of File with Dangerous Type 
vulnerabili ...)
        NOT-FOR-US: EcoStruxure Power Build
 CVE-2020-36189 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the 
interact ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2996
@@ -20795,6 +20796,7 @@ CVE-2020-36189 (FasterXML jackson-databind 2.x before 
2.9.10.8 mishandles the in
        NOTE: but still an issue when Default Typing is enabled.
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4
 CVE-2020-36188 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the 
interact ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2996
@@ -20802,6 +20804,7 @@ CVE-2020-36188 (FasterXML jackson-databind 2.x before 
2.9.10.8 mishandles the in
        NOTE: but still an issue when Default Typing is enabled.
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4
 CVE-2020-36187 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the 
interact ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2997
@@ -20809,6 +20812,7 @@ CVE-2020-36187 (FasterXML jackson-databind 2.x before 
2.9.10.8 mishandles the in
        NOTE: but still an issue when Default Typing is enabled.
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1
 CVE-2020-36186 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the 
interact ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2997
@@ -20816,6 +20820,7 @@ CVE-2020-36186 (FasterXML jackson-databind 2.x before 
2.9.10.8 mishandles the in
        NOTE: but still an issue when Default Typing is enabled.
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1
 CVE-2020-36185 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the 
interact ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2998
@@ -20823,6 +20828,7 @@ CVE-2020-36185 (FasterXML jackson-databind 2.x before 
2.9.10.8 mishandles the in
        NOTE: but still an issue when Default Typing is enabled.
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a
 CVE-2020-36184 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the 
interact ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2998
@@ -20830,6 +20836,7 @@ CVE-2020-36184 (FasterXML jackson-databind 2.x before 
2.9.10.8 mishandles the in
        NOTE: but still an issue when Default Typing is enabled.
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a
 CVE-2020-36183 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the 
interact ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/3003
@@ -20837,6 +20844,7 @@ CVE-2020-36183 (FasterXML jackson-databind 2.x before 
2.9.10.8 mishandles the in
        NOTE: but still an issue when Default Typing is enabled.
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/1cddeaf9524e903d08a91fdd9f3dde46d2a68536
 CVE-2020-36182 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the 
interact ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
@@ -20844,6 +20852,7 @@ CVE-2020-36182 (FasterXML jackson-databind 2.x before 
2.9.10.8 mishandles the in
        NOTE: but still an issue when Default Typing is enabled.
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
 CVE-2020-36181 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the 
interact ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
@@ -20851,6 +20860,7 @@ CVE-2020-36181 (FasterXML jackson-databind 2.x before 
2.9.10.8 mishandles the in
        NOTE: but still an issue when Default Typing is enabled.
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
 CVE-2020-36180 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the 
interact ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
@@ -20858,6 +20868,7 @@ CVE-2020-36180 (FasterXML jackson-databind 2.x before 
2.9.10.8 mishandles the in
        NOTE: but still an issue when Default Typing is enabled.
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
 CVE-2020-36179 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the 
interact ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
@@ -24532,6 +24543,7 @@ CVE-2020-35730 (An XSS issue was discovered in 
Roundcube Webmail before 1.2.13,
 CVE-2020-35729 (KLog Server 2.4.1 allows OS command injection via shell 
metacharacters ...)
        NOT-FOR-US: KLog Server
 CVE-2020-35728 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the 
interact ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2999
@@ -28210,6 +28222,7 @@ CVE-2021-20191
        NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227
        NOTE: 
https://github.com/ansible-collections/cisco.nxos/commit/120956963f47502151a358e4a7bc2a87f71813aa
 CVE-2021-20190 (A flaw was found in jackson-databind before 2.9.10.7. 
FasterXML mishan ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2854
@@ -28723,6 +28736,7 @@ CVE-2020-35492 (A flaw was found in cairo's 
image-compositor.c in all versions p
        NOTE: Additional meson support (test): 
https://gitlab.freedesktop.org/cairo/cairo/-/commit/0677e0a94968447e132c69f58cb04e5377e0c828
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1898396
 CVE-2020-35491 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the 
interact ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2986
@@ -28730,6 +28744,7 @@ CVE-2020-35491 (FasterXML jackson-databind 2.x before 
2.9.10.8 mishandles the in
        NOTE: but still an issue when Default Typing is enabled.
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d
 CVE-2020-35490 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the 
interact ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2986
@@ -46589,6 +46604,7 @@ CVE-2020-24752
 CVE-2020-24751
        RESERVED
 CVE-2020-24750 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the 
interact ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2798
@@ -46883,6 +46899,7 @@ CVE-2020-24618 (In JetBrains YouTrack versions before 
2020.3.4313, 2020.2.11008,
 CVE-2020-24617 (Mailtrain through 1.24.1 allows SQL Injection in 
statsClickedSubscribe ...)
        NOT-FOR-US: Mailtrain
 CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the 
interact ...)
+       {DLA-2638-1}
        - jackson-databind 2.12.1-1
        [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2814
@@ -74311,6 +74328,7 @@ CVE-2020-12462 (The ninja-forms plugin before 3.4.24.2 
for WordPress allows CSRF
 CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection because maincore.php 
has an in ...)
        NOT-FOR-US: PHP-Fusion
 CVE-2020-12460 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has 
improper nul ...)
+       {DLA-2639-1}
        - opendmarc 1.4.0~beta1+dfsg-3 (bug #966464)
        [buster] - opendmarc <no-dsa> (Minor issue)
        NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/64



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6785f406a08df6ade848cf353b5ace8e5f318688

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6785f406a08df6ade848cf353b5ace8e5f318688
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to