Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
946b1450 by Moritz Muehlenhoff at 2021-06-26T14:18:09+02:00
new manuskript issue
imagemagick n/a
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2021-35504
CVE-2021-35503
RESERVED
CVE-2021-35502
(app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2021-3622
RESERVED
CVE-2021-35501 (PandoraFMS <=7.54 allows Stored XSS by placing a payload in
the nam ...)
@@ -630,7 +630,7 @@ CVE-2021-35208
CVE-2021-35207
RESERVED
CVE-2021-35206 (Gitpod before 0.6.0 allows unvalidated redirects. ...)
- TODO: check
+ NOT-FOR-US: Gitpod
CVE-2021-35205
RESERVED
CVE-2021-35204
@@ -655,7 +655,10 @@ CVE-2021-35197
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/
NOTE: https://phabricator.wikimedia.org/T280226
CVE-2021-35196 (** DISPUTED ** Manuskript through 0.12.0 allows remote
attackers to ex ...)
- TODO: check
+ - manuskript <unfixed>
+ [bullseye] - manuskript <no-dsa> (Minor issue)
+ [buster] - manuskript <no-dsa> (Minor issue)
+ NOTE: https://github.com/olivierkes/manuskript/issues/891
CVE-2021-35195
RESERVED
CVE-2021-35194
@@ -970,9 +973,8 @@ CVE-2021-3611 [QEMU: intel-hda: segmentation fault due to
stack overflow]
NOTE: Introduced by:
https://git.qemu.org/?p=qemu.git;a=commit;h=a9d8ba2be58e067bdfbff830eb9ff438d8db7f10
(v5.0.0-rc0)
CVE-2021-3610 [heap-based buffer overflow in ReadTIFFImage() in coders/tiff.c]
RESERVED
- - imagemagick <undetermined>
+ - imagemagick <not-affected> (Specific to Imagemagick 7)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
- TODO: check
CVE-2021-35053
RESERVED
CVE-2021-35052
@@ -998,7 +1000,7 @@ CVE-2021-35043
CVE-2021-35042
RESERVED
CVE-2021-35041 (The blockchain node in FISCO-BCOS V2.7.2 may have a bug when
dealing w ...)
- TODO: check
+ NOT-FOR-US: FISCO-BCOS
CVE-2021-3609
RESERVED
- linux 5.10.46-1
@@ -1436,13 +1438,11 @@ CVE-2021-3608 [pvrdma: uninitialized memory unmap in
pvrdma_ring_init()]
- qemu <unfixed>
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973383
- TODO: check details, upstream report
CVE-2021-3607 [pvrdma: unchecked malloc size due to integer overflow in
init_dev_ring()]
RESERVED
- qemu <unfixed>
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973349
- TODO: check details, upstream report
CVE-2021-3606
RESERVED
CVE-2021-34826
@@ -2367,7 +2367,7 @@ CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40,
<= 10.0.2, <= 11.
NOTE:
https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6
NOTE: https://github.com/eclipse/jetty.project/issues/6277
CVE-2021-34427 (In Eclipse BIRT versions 4.8.0 and earlier, an attacker can
use query ...)
- TODO: check
+ NOT-FOR-US: Eclipse BIRT
CVE-2021-34426
RESERVED
CVE-2021-34425
@@ -2890,9 +2890,9 @@ CVE-2021-34187
CVE-2021-34186
RESERVED
CVE-2021-34185 (Miniaudio 0.10.35 has an integer-based buffer overflow caused
by an ou ...)
- TODO: check
+ NOT-FOR-US: Miniaudio
CVE-2021-34184 (Miniaudio 0.10.35 has a Double free vulnerability that could
cause a b ...)
- TODO: check
+ NOT-FOR-US: Miniaudio
CVE-2021-34183 (ImageMagick 7.0.11-14 has a memory leak in
AcquireSemaphoreMemory in s ...)
TODO: check
CVE-2021-34182
@@ -4215,7 +4215,7 @@ CVE-2021-33606
CVE-2021-33605
RESERVED
CVE-2021-33604 (URL encoding error in development mode handler in
com.vaadin:flow-serv ...)
- TODO: check
+ NOT-FOR-US: com.vaadin:flow-server
CVE-2021-33603
RESERVED
CVE-2021-33602
@@ -4376,11 +4376,11 @@ CVE-2021-33544
CVE-2021-33543
RESERVED
CVE-2021-33542 (Phoenix Contact Classic Automation Worx Software Suite in
Version 1.87 ...)
- TODO: check
+ NOT-FOR-US: Phoenix
CVE-2021-33541 (Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in
all vers ...)
- TODO: check
+ NOT-FOR-US: Phoenix
CVE-2021-33540 (In certain devices of the Phoenix Contact AXL F BK and IL BK
product f ...)
- TODO: check
+ NOT-FOR-US: Phoenix
CVE-2021-33539 (In Weidmueller Industrial WLAN devices in multiple versions an
exploit ...)
NOT-FOR-US: Weidmueller Industrial WLAN devices
CVE-2021-33538 (In Weidmueller Industrial WLAN devices in multiple versions an
exploit ...)
@@ -4809,7 +4809,7 @@ CVE-2021-33350
CVE-2021-33349
RESERVED
CVE-2021-33348 (An issue was discovered in JFinal framework v4.9.10 and below.
The "se ...)
- TODO: check
+ NOT-FOR-US: JFinal
CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are
XSS vuln ...)
NOT-FOR-US: JPress
CVE-2021-33346 (There is an arbitrary password modification vulnerability in a
D-LINK ...)
@@ -6251,7 +6251,7 @@ CVE-2021-32710 (Shopware is an open source eCommerce
platform. Potential session
CVE-2021-32709 (Shopware is an open source eCommerce platform. Creation of
order credi ...)
NOT-FOR-US: Shopware
CVE-2021-32708 (Flysystem is an open source file storage library for PHP. The
whitespa ...)
- TODO: check
+ NOT-FOR-US: Flysystem
CVE-2021-32707
RESERVED
CVE-2021-32706
@@ -6263,7 +6263,7 @@ CVE-2021-32704 (DHIS 2 is an information system for data
capture, management, va
CVE-2021-32703
RESERVED
CVE-2021-32702 (The Auth0 Next.js SDK is a library for implementing user
authenticatio ...)
- TODO: check
+ NOT-FOR-US: Auth0 Next.js SDK
CVE-2021-32701 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and
Access Cont ...)
NOT-FOR-US: ORY Oathkeeper
CVE-2021-32700 (Ballerina is an open source programming language and platform
for clou ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/946b14508edc4831ba34af2ee6023b2396a4596d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/946b14508edc4831ba34af2ee6023b2396a4596d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
