Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
152b18bb by Moritz Mühlenhoff at 2021-05-18T20:58:34+02:00
various bugs filed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3051,7 +3051,7 @@ CVE-2021-31831
CVE-2021-31830
RESERVED
CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through
Phar Des ...)
- - libphp-phpmailer <unfixed>
+ - libphp-phpmailer <unfixed> (bug #988732)
[buster] - libphp-phpmailer <not-affected> (Regression introduced in
6.1.8)
[stretch] - libphp-phpmailer <not-affected> (Regression introduced in
6.1.8)
NOTE: Introduced by:
https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9
(6.1.8)
@@ -3085,7 +3085,7 @@ CVE-2021-3515
NOTE:
https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5
CVE-2021-3514 [sync_repl NULL pointer dereference in
sync_create_state_control()]
RESERVED
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #988727)
NOTE: https://github.com/389ds/389-ds-base/issues/4711
CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1
performs unde ...)
- linux <unfixed>
@@ -8168,7 +8168,7 @@ CVE-2020-36284 (Union Pay up to 3.4.93.4.9, for android,
contains a CWE-347: Imp
NOT-FOR-US: Union Pay
CVE-2021-3480
RESERVED
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #988727)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1944640
NOTE:
https://pagure.io/slapi-nis/c/c7417ea2d534712e559b56ed45baa91c5d3d44db?branch=master
CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in
versions bef ...)
@@ -14798,7 +14798,7 @@ CVE-2020-36242 (In the cryptography package before
3.3.2 for Python, certain seq
[stretch] - python-cryptography <not-affected> (Vulnerable code
introduced later)
NOTE: https://github.com/pyca/cryptography/issues/5615
CVE-2021-21299 (hyper is an open-source HTTP library for Rust (crates.io). In
hyper fr ...)
- - rust-hyper <unfixed>
+ - rust-hyper <unfixed> (bug #988729)
NOTE:
https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0020.html
CVE-2021-27218 (An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x
before ...)
@@ -39152,7 +39152,7 @@ CVE-2020-28498 (The package elliptic before 6.5.4 are
vulnerable to Cryptographi
CVE-2020-28497
RESERVED
CVE-2020-28496 (This affects the package three before 0.125.0. This can happen
when ha ...)
- - three.js <unfixed>
+ - three.js <unfixed> (bug #988726)
[buster] - three.js <no-dsa> (Minor issue)
[stretch] - three.js <no-dsa> (can be fixed along in next DLA)
NOTE:
https://github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e
@@ -51218,7 +51218,7 @@ CVE-2020-24394 (In the Linux kernel before 5.7.8,
fs/nfsd/vfs.c (in the NFS serv
CVE-2020-24393 (TweetStream 2.6.1 uses the library eventmachine in an insecure
way tha ...)
NOT-FOR-US: TweetStream
CVE-2020-24392 (In voloko twitter-stream 0.1.10, missing TLS hostname
validation allow ...)
- - ruby-twitter-stream <unfixed>
+ - ruby-twitter-stream <unfixed> (bug #988733)
[bullseye] - ruby-twitter-stream <no-dsa> (Minor issue)
[buster] - ruby-twitter-stream <no-dsa> (Minor issue)
[stretch] - ruby-twitter-stream <no-dsa> (Minor issue)
@@ -51280,7 +51280,7 @@ CVE-2020-24371 (lgc.c in Lua 5.4.0 mishandles the
interaction between barriers a
CVE-2020-24370 (ldebug.c in Lua 5.4.0 allows a negation overflow and
segmentation faul ...)
{DLA-2381-1}
- lua5.4 5.4.1-1 (bug #971613)
- - lua5.3 <unfixed>
+ - lua5.3 <unfixed> (bug #988734)
[buster] - lua5.3 <no-dsa> (Minor issue)
NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00324.html
NOTE: (lua5.4)
https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b
@@ -65098,7 +65098,7 @@ CVE-2020-17525 (Subversion's mod_authz_svn module will
crash if the server is us
CVE-2020-17524
REJECTED
CVE-2020-17523 (Apache Shiro before 1.7.1, when using Apache Shiro with
Spring, a spec ...)
- - shiro <unfixed>
+ - shiro <unfixed> (bug #988728)
[bullseye] - shiro <no-dsa> (Minor issue)
[buster] - shiro <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/01/3
@@ -65134,7 +65134,7 @@ CVE-2020-17512
CVE-2020-17511 (In Airflow versions prior to 1.10.13, when creating a user
using airfl ...)
- airflow <itp> (bug #819700)
CVE-2020-17510 (Apache Shiro before 1.7.0, when using Apache Shiro with
Spring, a spec ...)
- - shiro <unfixed>
+ - shiro <unfixed> (bug #988728)
[bullseye] - shiro <no-dsa> (Minor issue)
[buster] - shiro <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/7
@@ -79498,7 +79498,7 @@ CVE-2020-11990 (We have resolved a security issue in
the camera plugin that coul
NOT-FOR-US: Apache Cordova
CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring
dynamic ...)
{DLA-2273-1}
- - shiro <unfixed>
+ - shiro <unfixed> (bug #988728)
[bullseye] - shiro <no-dsa> (Minor issue)
[buster] - shiro <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/06/22/1
@@ -89070,7 +89070,7 @@ CVE-2020-8814
CVE-2018-21034 (In Argo versions prior to v1.5.0-rc1, it was possible for
authenticate ...)
NOT-FOR-US: Argo
CVE-2017-18641 (In LXC 2.0, many template scripts download code over cleartext
HTTP, a ...)
- - lxc-templates <unfixed>
+ - lxc-templates <unfixed> (bug #988730)
[buster] - lxc-templates <ignored> (Minor issue)
- lxc 1:3.0.3-1 (low)
[stretch] - lxc <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/152b18bbfa6b5ad2d6a8c75fbc4f2666d982ccef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/152b18bbfa6b5ad2d6a8c75fbc4f2666d982ccef
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
