[Git][security-tracker-team/security-tracker][master] bug nums

Thu, 01 Jul 2021 11:08:37 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4faea9f9 by Moritz Muehlenhoff at 2021-07-01T19:22:32+02:00
bug nums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,7 +61,7 @@ CVE-2020-36403 (HTSlib 1.10 through 1.10.2 allows 
out-of-bounds write access in
 CVE-2020-36402 (Solidity 0.7.5 has a stack-use-after-return issue in 
smtutil::CHCSmtLi ...)
        NOT-FOR-US: Solidity
 CVE-2020-36401 (mruby 2.1.2 has a double free in mrb_default_allocf (called 
from mrb_f ...)
-       - mruby <unfixed>
+       - mruby <unfixed> (bug #990540)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801
        NOTE: 
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml
        NOTE: 
https://github.com/mruby/mruby/commit/97319697c8f9f6ff27b32589947e1918e3015503
@@ -85,7 +85,7 @@ CVE-2019-25049 (LibreSSL 2.9.1 through 3.2.1 has an 
out-of-bounds read in asn1_i
 CVE-2019-25048 (LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read 
in do_p ...)
         - libressl <itp> (bug #754513)
 CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds 
write durin ...)
-       - unrar-nonfree <unfixed>
+       - unrar-nonfree <unfixed> (bug #990541)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845
        NOTE: 
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml
 CVE-2018-25017 (RawSpeed (aka librawspeed) 3.1 has a heap-based buffer 
overflow in Tab ...)
@@ -378,7 +378,7 @@ CVE-2021-35943
        RESERVED
 CVE-2021-35942 [Wild read in wordexp (parse_param)]
        RESERVED
-       - glibc <unfixed>
+       - glibc <unfixed> (bug #990542)
        [bullseye] - glibc <no-dsa> (Minor issue)
        [buster] - glibc <no-dsa> (Minor issue)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28011
@@ -401,19 +401,19 @@ CVE-2021-35940
        RESERVED
 CVE-2021-35939 [checks for unsafe symlinks are not performed for intermediary 
directories]
        RESERVED
-       - rpm <unfixed>
+       - rpm <unfixed> (bug #990543)
        [bullseye] - rpm <no-dsa> (Minor issue)
        [buster] - rpm <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964129
 CVE-2021-35938 [races with chown/chmod/capabilities calls during installation]
        RESERVED
-       - rpm <unfixed>
+       - rpm <unfixed> (bug #990543)
        [bullseye] - rpm <no-dsa> (Minor issue)
        [buster] - rpm <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964114
 CVE-2021-35937 [TOCTOU race in checks for unsafe symlinks]
        RESERVED
-       - rpm <unfixed>
+       - rpm <unfixed> (bug #990543)
        [bullseye] - rpm <no-dsa> (Minor issue)
        [buster] - rpm <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964125



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4faea9f9fd4ffe56ef1411a42339ef545ee85ea5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4faea9f9fd4ffe56ef1411a42339ef545ee85ea5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to