Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d993f7b4 by Moritz Muehlenhoff at 2021-05-20T10:46:51+02:00
new rlottie issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4914,23 +4914,31 @@ CVE-2021-31325
CVE-2021-31324 (The unprivileged user portal part of CentOS Web Panel is
affected by a ...)
NOT-FOR-US: CentOS Web Panel
CVE-2021-31323 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and
Telegram ...)
- TODO: check
+ - rlottie <unfixed>
+ NOTE:
https://www.shielder.it/advisories/telegram-rlottie-lottieparserimpl-parsedashproperty-heap-buffer-overflow/
CVE-2021-31322 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and
Telegram ...)
- TODO: check
+ - rlottie <unfixed>
+ NOTE:
https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-heap-buffer-overflow/
CVE-2021-31321 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and
Telegram ...)
- TODO: check
+ - rlottie <unfixed>
+ NOTE:
https://www.shielder.it/advisories/telegram-rlottie-gray_split_cubic-stack-buffer-overflow/
CVE-2021-31320 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and
Telegram ...)
- TODO: check
+ - rlottie <unfixed>
+ NOTE:
https://www.shielder.it/advisories/telegram-rlottie-vgradientcache-generategradientcolortable-heap-buffer-overflow/
CVE-2021-31319 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and
Telegram ...)
- TODO: check
+ - rlottie <unfixed>
+ NOTE:
https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-integer-overflow/
CVE-2021-31318 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and
Telegram ...)
- TODO: check
+ - rlottie <unfixed>
+ NOTE:
https://www.shielder.it/advisories/telegram-rlottie-lotcomplayeritem-lotcomplayeritem-type-confusion/
CVE-2021-31317 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and
Telegram ...)
- TODO: check
+ - rlottie <unfixed>
+ NOTE:
https://www.shielder.it/advisories/telegram-rlottie-vdasher-vdasher-type-confusion/
CVE-2021-31316 (The unprivileged user portal part of CentOS Web Panel is
affected by a ...)
NOT-FOR-US: CentOS Web Panel
CVE-2021-31315 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and
Telegram ...)
- TODO: check
+ - rlottie <unfixed>
+ NOTE:
https://www.shielder.it/advisories/telegram-rlottie-blit-stack-buffer-overflow/
CVE-2021-31314
RESERVED
CVE-2021-31313
@@ -7657,6 +7665,7 @@ CVE-2021-30152 (An issue was discovered in MediaWiki
before 1.31.13 and 1.32.x t
NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the
queue n ...)
- ruby-sidekiq <unfixed> (bug #987354)
+ [bullseye] - ruby-sidekiq <no-dsa> (Minor issue)
[buster] - ruby-sidekiq <no-dsa> (Minor issue)
[stretch] - ruby-sidekiq <no-dsa> (Minor issue)
NOTE: https://github.com/mperham/sidekiq/issues/4852
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d993f7b411cccf770de166197318b00644385b2a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d993f7b411cccf770de166197318b00644385b2a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
