[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff (@jmm) Fri, 02 Jul 2021 12:14:51 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e2c8733c by Moritz Muehlenhoff at 2021-07-02T21:01:21+02:00
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -112,6 +112,7 @@ CVE-2021-36084 (The CIL compiler in SELinux 3.2 has a 
use-after-free in __cil_ve
 CVE-2021-36083 (KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based 
buffer overf ...)
        [experimental] - kimageformats 5.83.0-1
        - kimageformats 5.78.0-5 (bug #990527)
+       [buster] - kimageformats <no-dsa> (Minor issue)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33742
        NOTE: 
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/kimageformats/OSV-2021-695.yaml
        NOTE: 
https://invent.kde.org/frameworks/kimageformats/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f
@@ -122,6 +123,7 @@ CVE-2021-36082 (ntop nDPI 3.4 has a stack-based buffer 
overflow in processClient
        NOTE: 
https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3
 CVE-2021-36081 (Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict 
use-after-fr ...)
        - tesseract <unfixed> (bug #990529)
+       [buster] - tesseract <no-dsa> (Minor issue)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698
        NOTE: 
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tesseract-ocr/OSV-2021-211.yaml
        NOTE: 
https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55
@@ -49914,6 +49916,7 @@ CVE-2020-27782 (A flaw was found in the Undertow AJP 
connector. Malicious reques
        NOTE: 
https://github.com/undertow-io/undertow/commit/fdac349cbcd1da41fe8b9d4e7ebbab6879990c2a
 (2.2.4.Final)
 CVE-2020-27781 (User credentials can be manipulated and stolen by Native 
CephFS consum ...)
        - ceph 14.2.16-1 (bug #985670)
+       [buster] - ceph <no-dsa> (Minor issue)
        NOTE: https://bugs.launchpad.net/manila/+bug/1904015
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1900109
        NOTE: 
https://github.com/ceph/ceph/commit/1b8a634fdcd94dfb3ba650793fb1b6d09af65e05 
(octopus)
@@ -55452,6 +55455,7 @@ CVE-2020-25679
        RESERVED
 CVE-2020-25678 (A flaw was found in ceph in versions prior to 16.y.z where 
ceph stores ...)
        - ceph 14.2.18-1
+       [buster] - ceph <no-dsa> (Minor issue)
        NOTE: https://tracker.ceph.com/issues/37503
        NOTE: https://github.com/ceph/ceph/pull/38614 (v14.2.17)
 CVE-2020-25677 (A flaw was found in Ceph-ansible v4.0.41 where it creates an 
/etc/ceph ...)
@@ -86845,6 +86849,7 @@ CVE-2020-12060
        RESERVED
 CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request 
with an ...)
        - ceph 14.2.4-1
+       [buster] - ceph <no-dsa> (Minor issue)
        [stretch] - ceph <not-affected> (Vulnerable code introduced later)
        [jessie] - ceph <not-affected> (Vulnerable code introduced later)
        NOTE: https://tracker.ceph.com/issues/44967
@@ -91777,6 +91782,7 @@ CVE-2020-10754 (It was found that nmcli, a command line 
interface to NetworkMana
        NOTE: plugin).
 CVE-2020-10753 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph 
Object Gate ...)
        - ceph 14.2.15-1 (bug #975300)
+       [buster] - ceph <no-dsa> (Minor issue)
        [jessie] - ceph <no-dsa> (Minor issue)
        NOTE: https://github.com/ceph/ceph/pull/35773
        NOTE: Fix: 
https://github.com/ceph/ceph/commit/1524d3c0c5cb11775313ea1e2bb36a93257947f2
@@ -115964,6 +115970,7 @@ CVE-2020-1761 (A flaw was found in the OpenShift web 
console, where the access t
 CVE-2020-1760 (A flaw was found in the Ceph Object Gateway, where it supports 
request ...)
        {DLA-2171-1}
        - ceph 14.2.9-1 (bug #956142)
+       [buster] - ceph <no-dsa> (Minor issue)
        NOTE: Introduced with: 
https://github.com/ceph/ceph-ci/commit/f4a0b2d9260a4523745875e3977a8a1ef9dc5e2e
        NOTE: Fixed by: 
https://github.com/ceph/ceph-ci/commit/8aa1f77363ec32bdc57744a143035033291ab5e1
        NOTE: Fixed by: 
https://github.com/ceph/ceph-ci/commit/18eb4d918b27d362312c29a3bbd57a421897c0a5



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2c8733c0ac638662e2d56f0c43271638191f077

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2c8733c0ac638662e2d56f0c43271638191f077
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster triage

Reply via email to