[Git][security-tracker-team/security-tracker][master] more dovecot references

Mon, 28 Jun 2021 03:58:25 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
889678c2 by Moritz Muehlenhoff at 2021-06-28T12:57:46+02:00
more dovecot references

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4478,6 +4478,7 @@ CVE-2021-33515 [SMTP Submission service STARTTLS 
injection]
        - dovecot <unfixed>
        [stretch] - dovecot <not-affected> (Vulnerable code 
(smtp_server_command queue) introduced later)
        NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html
+       NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/2
 CVE-2021-33514 (Certain NETGEAR devices are affected by command injection by 
an unauth ...)
        NOT-FOR-US: Netgear
 CVE-2021-33513 (Plone through 5.2.4 allows XSS via the inline_diff methods in 
Products ...)
@@ -15050,6 +15051,7 @@ CVE-2021-29157 [oauth2 JWT local validation path 
traversal]
        [buster] - dovecot <not-affected> (Vulnerable code introduced later)
        [stretch] - dovecot <not-affected> (Vulnerable code introduced later)
        NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html
+       NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/1
 CVE-2021-29156 (ForgeRock OpenAM before 13.5.1 allows LDAP injection via the 
Webfinger ...)
        NOT-FOR-US: ForgeRock OpenAM
 CVE-2021-29155 (An issue was discovered in the Linux kernel through 5.11.x. 
kernel/bpf ...)
@@ -47257,6 +47259,7 @@ CVE-2020-28200 [Sieve excessive resource usage]
        - dovecot <unfixed>
        [stretch] - dovecot <no-dsa> (Minor issue)
        NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html
+       NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/3
 CVE-2020-28199 (best it Amazon Pay Plugin before 9.4.2 for Shopware exposes 
Sensitive  ...)
        NOT-FOR-US: Amazon Pay Plugin for Shopware
 CVE-2020-28198 (** UNSUPPORTED WHEN ASSIGNED ** The 'id' parameter of IBM 
Tivoli Stora ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/889678c2f4131cd5727bfcb1c18b2d96fba4bdf3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/889678c2f4131cd5727bfcb1c18b2d96fba4bdf3
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to