Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4e4eaa15 by security tracker role at 2021-07-09T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2021-36366
+ RESERVED
+CVE-2021-36365
+ RESERVED
+CVE-2021-36364
+ RESERVED
+CVE-2021-36363
+ RESERVED
+CVE-2021-36362
+ RESERVED
+CVE-2021-36361
+ RESERVED
+CVE-2021-36360
+ RESERVED
+CVE-2021-36359
+ RESERVED
+CVE-2021-36358
+ RESERVED
+CVE-2021-36357
+ RESERVED
+CVE-2021-36356
+ RESERVED
+CVE-2021-36355
+ RESERVED
+CVE-2021-36354
+ RESERVED
+CVE-2021-36353
+ RESERVED
+CVE-2021-36352
+ RESERVED
+CVE-2021-36351
+ RESERVED
CVE-2021-3640
RESERVED
CVE-2021-3639
@@ -291,8 +323,7 @@ CVE-2021-36213
RESERVED
CVE-2021-36212 (app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows
stored X ...)
NOT-FOR-US: MISP
-CVE-2021-3637
- RESERVED
+CVE-2021-3637 (A flaw was found in keycloak-model-infinispan in keycloak
versions bef ...)
NOT-FOR-US: Keycloak
CVE-2021-36211
RESERVED
@@ -406,12 +437,12 @@ CVE-2021-36157
RESERVED
CVE-2021-36156
RESERVED
-CVE-2021-36155
- RESERVED
-CVE-2021-36154
- RESERVED
-CVE-2021-36153
- RESERVED
+CVE-2021-36155 (LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier
allocates ...)
+ TODO: check
+CVE-2021-36154 (HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier
allows remot ...)
+ TODO: check
+CVE-2021-36153 (Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC
Swift 1.1. ...)
+ TODO: check
CVE-2021-36152
RESERVED
CVE-2021-36151
@@ -2838,8 +2869,7 @@ CVE-2021-35068
RESERVED
CVE-2021-35067
RESERVED
-CVE-2021-3612 [joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()]
- RESERVED
+CVE-2021-3612 (An out-of-bounds memory write flaw was found in the Linux
kernel's joy ...)
- linux <unfixed>
NOTE: Introduced by:
https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/
CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before
2021.0.6.13 ...)
@@ -5708,14 +5738,14 @@ CVE-2021-3573
- linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2
-CVE-2021-33795
- RESERVED
+CVE-2021-33795 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4
produce incorr ...)
+ TODO: check
CVE-2021-33794
RESERVED
CVE-2021-33793
RESERVED
-CVE-2021-33792
- RESERVED
+CVE-2021-33792 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have
an out-of ...)
+ TODO: check
CVE-2021-3572 [Don't split git references on unicode separators #9827]
RESERVED
- python-pip 20.3.4-2
@@ -5726,16 +5756,14 @@ CVE-2021-3572 [Don't split git references on unicode
separators #9827]
NOTE:
https://github.com/pypa/pip/commit/ca832b2836e0bffa7cf95589acdcd71230f5834e
(21.1)
CVE-2021-33791
RESERVED
-CVE-2021-3571 [linuxptp: wrong length of one-step follow-up in transparent
clock]
- RESERVED
+CVE-2021-3571 (A flaw was found in the ptp4l program of the linuxptp package.
When pt ...)
- linuxptp 3.1-2.1 (bug #990749)
[buster] - linuxptp <not-affected> (Vulnerable code introduced later,
transparent clock implementation in v2.0)
[stretch] - linuxptp <not-affected> (Vulnerable code introduced later,
transparent clock implementation in v2.0)
NOTE:
https://github.com/richardcochran/linuxptp/commit/d61d77e163dbee247819f3d88593ba111577af15
(master)
NOTE:
https://github.com/richardcochran/linuxptp/commit/0b3ab45de6a96ca181a5cf62c3c2b97167e2ed20
(v3.1.1)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1
-CVE-2021-3570 [linuxptp: missing length check of forwarded messages]
- RESERVED
+CVE-2021-3570 (A flaw was found in the ptp4l program of the linuxptp package.
A missi ...)
- linuxptp 3.1-2.1 (bug #990748)
NOTE:
https://github.com/richardcochran/linuxptp/commit/a1e63aa3a7304647913707c4df01f3df430806ab
(master)
NOTE:
https://github.com/richardcochran/linuxptp/commit/ce15e4de5926724557e8642ec762a210632f15ca
(v3.1.1)
@@ -7033,8 +7061,8 @@ CVE-2021-33216 (An issue was discovered in CommScope
Ruckus IoT Controller 1.7.1
NOT-FOR-US: CommScope Ruckus IoT Controller
CVE-2021-33215 (An issue was discovered in CommScope Ruckus IoT Controller
1.7.1.0 and ...)
NOT-FOR-US: CommScope Ruckus IoT Controller
-CVE-2021-33214
- RESERVED
+CVE-2021-33214 (In HMS Ewon eCatcher through 6.6.4, weak filesystem
permissions could ...)
+ TODO: check
CVE-2021-33213
RESERVED
CVE-2021-33212
@@ -7565,8 +7593,8 @@ CVE-2021-33014
RESERVED
CVE-2021-33013
RESERVED
-CVE-2021-33012
- RESERVED
+CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a
remote, un ...)
+ TODO: check
CVE-2021-33011
RESERVED
CVE-2021-33010
@@ -7645,8 +7673,8 @@ CVE-2021-32974
RESERVED
CVE-2021-32973
RESERVED
-CVE-2021-32972
- RESERVED
+CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an
attacke ...)
+ TODO: check
CVE-2021-32971
RESERVED
CVE-2021-32970
@@ -8125,10 +8153,10 @@ CVE-2021-32755
RESERVED
CVE-2021-32754
RESERVED
-CVE-2021-32753
- RESERVED
-CVE-2021-32752
- RESERVED
+CVE-2021-32753 (EdgeX Foundry is an open source project for building a common
open fra ...)
+ TODO: check
+CVE-2021-32752 (Ether Logs is a package that allows one to check one's logs in
the Cra ...)
+ TODO: check
CVE-2021-32751
RESERVED
CVE-2021-32750
@@ -8147,8 +8175,8 @@ CVE-2021-32744
RESERVED
CVE-2021-32743
RESERVED
-CVE-2021-32742
- RESERVED
+CVE-2021-32742 (Vapor is a web framework for Swift. In versions 4.47.1 and
prior, bug ...)
+ TODO: check
CVE-2021-32741
RESERVED
CVE-2021-32740 (Addressable is an alternative implementation to the URI
implementation ...)
@@ -8466,7 +8494,7 @@ CVE-2021-3547
RESERVED
CVE-2021-32605 (zzzcms zzzphp before 2.0.4 allows remote attackers to execute
arbitrar ...)
NOT-FOR-US: zzzcms
-CVE-2021-32604 (SolarWinds Serv-U before 15.2.3 mishandles the user-supplied
SenderEma ...)
+CVE-2021-32604 (Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3
mishandles ...)
NOT-FOR-US: SolarWinds
CVE-2021-32603
RESERVED
@@ -8799,8 +8827,7 @@ CVE-2021-32490 (A flaw was found in djvulibre-3.5.28 and
earlier. An out of boun
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943408
NOTE:
https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/
(chunk #4 / Patch8)
-CVE-2021-3541
- RESERVED
+CVE-2021-3541 (A flaw was found in libxml2. Exponential entity expansion
attack its p ...)
{DLA-2669-1}
- libxml2 2.9.10+dfsg-6.7 (bug #988603)
[buster] - libxml2 2.9.4+dfsg1-7+deb10u2
@@ -10975,7 +11002,7 @@ CVE-2021-31620
CVE-2021-31619
RESERVED
CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol
checks rec ...)
- {DSA-4937-1}
+ {DSA-4937-1 DLA-2706-1}
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-5 (bug #989562)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618
@@ -13262,7 +13289,7 @@ CVE-2021-3496 (A heap-based buffer overflow was found
in jhead in version 3.06 i
NOTE: Fixed by:
https://github.com/Matthias-Wandel/jhead/commit/ca2973f4ce79279c15a09cf400648a757c1721b0
NOTE: Crash in CLI tool, no security impact
CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected
matching behav ...)
- {DSA-4937-1}
+ {DSA-4937-1 DLA-2706-1}
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
@@ -14357,8 +14384,8 @@ CVE-2021-30203
RESERVED
CVE-2021-30202
RESERVED
-CVE-2021-30201
- RESERVED
+CVE-2021-30201 (An XML External Entity (XXE) issue exists in Kaseya VSA before
9.5.6. ...)
+ TODO: check
CVE-2021-30200
RESERVED
CVE-2021-30199 (In filters/reframe_latm.c in GPAC 1.0.1 there is a Null
Pointer Derefe ...)
@@ -14685,18 +14712,18 @@ CVE-2021-30123 (FFmpeg <=4.3 contains a buffer
overflow vulnerability in liba
NOTE: Introduced in
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
CVE-2021-30122
RESERVED
-CVE-2021-30121
- RESERVED
-CVE-2021-30120
- RESERVED
-CVE-2021-30119
- RESERVED
-CVE-2021-30118
- RESERVED
-CVE-2021-30117
- RESERVED
-CVE-2021-30116
- RESERVED
+CVE-2021-30121 (Local file inclusion exists in Kaseya VSA before 9.5.6. ...)
+ TODO: check
+CVE-2021-30120 (Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA
requiremen ...)
+ TODO: check
+CVE-2021-30119 (Cross Site Scripting (XSS) exists in Kaseya VSA before 9.5.7.
...)
+ TODO: check
+CVE-2021-30118 (Kaseya VSA before 9.5.5 allows remote code execution. ...)
+ TODO: check
+CVE-2021-30117 (SQL injection exists in Kaseya VSA before 9.5.6. ...)
+ TODO: check
+CVE-2021-30116 (Kaseya VSA before 9.5.7 allows credential disclosure, as
exploited in ...)
+ TODO: check
CVE-2021-30115
RESERVED
CVE-2021-30114 (Web-School ERP V 5.0 contains a cross-site request forgery
(CSRF) vuln ...)
@@ -15571,8 +15598,8 @@ CVE-2021-29732
RESERVED
CVE-2021-29731
RESERVED
-CVE-2021-29730
- RESERVED
+CVE-2021-29730 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL
injection. ...)
+ TODO: check
CVE-2021-29729
RESERVED
CVE-2021-29728
@@ -15607,8 +15634,8 @@ CVE-2021-29714
RESERVED
CVE-2021-29713
RESERVED
-CVE-2021-29712
- RESERVED
+CVE-2021-29712 (IBM InfoSphere Information Server 11.7 is vulnerable to
cross-site scr ...)
+ TODO: check
CVE-2021-29711 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 ,
6.2.7.9, 7.0.3. ...)
NOT-FOR-US: IBM
CVE-2021-29710
@@ -22069,20 +22096,20 @@ CVE-2021-27041 (A maliciously crafted DWG file can be
used to write beyond the a
NOT-FOR-US: Autodesk
CVE-2021-27040 (A maliciously crafted DWG file can be forced to read beyond
allocated ...)
NOT-FOR-US: Autodesk
-CVE-2021-27039
- RESERVED
-CVE-2021-27038
- RESERVED
-CVE-2021-27037
- RESERVED
-CVE-2021-27036
- RESERVED
-CVE-2021-27035
- RESERVED
-CVE-2021-27034
- RESERVED
-CVE-2021-27033
- RESERVED
+CVE-2021-27039 (A maliciously crafted TIFF file in Autodesk 2018, 2017, 2013,
2012, 20 ...)
+ TODO: check
+CVE-2021-27038 (A Type Confusion vulnerability in Autodesk 2018, 2017, 2013,
2012, 201 ...)
+ TODO: check
+CVE-2021-27037 (A maliciously crafted PNG, PDF or DWF file in Autodesk 2018,
2017, 201 ...)
+ TODO: check
+CVE-2021-27036 (A maliciously crafted PDF, PICT or TIFF file can be used to
write beyo ...)
+ TODO: check
+CVE-2021-27035 (A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk
2018, 2 ...)
+ TODO: check
+CVE-2021-27034 (A heap-based buffer overflow could occur while parsing PICT or
TIFF fi ...)
+ TODO: check
+CVE-2021-27033 (A Double Free vulnerability allows remote attackers to execute
arbitra ...)
+ TODO: check
CVE-2021-27032 (Autodesk Licensing Installer was found to be vulnerable to
privilege e ...)
NOT-FOR-US: Autodesk
CVE-2021-27031 (A user may be tricked into opening a malicious FBX file which
may expl ...)
@@ -22920,13 +22947,13 @@ CVE-2021-26693
CVE-2021-26692
RESERVED
CVE-2021-26691 (In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially
crafted Ses ...)
- {DSA-4937-1}
+ {DSA-4937-1 DLA-2706-1}
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26691
NOTE:
https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b
CVE-2021-26690 (Apache HTTP Server versions 2.4.0 to 2.4.46 A specially
crafted Cookie ...)
- {DSA-4937-1}
+ {DSA-4937-1 DLA-2706-1}
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26690
@@ -24499,8 +24526,8 @@ CVE-2021-26108
RESERVED
CVE-2021-26107
RESERVED
-CVE-2021-26106
- RESERVED
+CVE-2021-26106 (An improper neutralization of special elements used in an OS
Command v ...)
+ TODO: check
CVE-2021-26105
RESERVED
CVE-2021-26104
@@ -24511,8 +24538,8 @@ CVE-2021-26102
RESERVED
CVE-2021-26101
RESERVED
-CVE-2021-26100
- RESERVED
+CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption
service ...)
+ TODO: check
CVE-2021-26099
RESERVED
CVE-2021-26098
@@ -29280,8 +29307,8 @@ CVE-2021-24022
RESERVED
CVE-2021-24021
RESERVED
-CVE-2021-24020
- RESERVED
+CVE-2021-24020 (A missing cryptographic step in the implementation of the hash
digest ...)
+ TODO: check
CVE-2021-24019
RESERVED
CVE-2021-24018
@@ -29306,8 +29333,8 @@ CVE-2021-24009
RESERVED
CVE-2021-24008
RESERVED
-CVE-2021-24007
- RESERVED
+CVE-2021-24007 (Multiple improper neutralization of special elements of SQL
commands v ...)
+ TODO: check
CVE-2021-24006
RESERVED
CVE-2021-24005 (Usage of hard-coded cryptographic keys to encrypt
configuration files ...)
@@ -30762,8 +30789,8 @@ CVE-2021-23407
RESERVED
CVE-2021-23406
RESERVED
-CVE-2021-23405
- RESERVED
+CVE-2021-23405 (This affects the package pimcore/pimcore before 10.0.7. This
issue exi ...)
+ TODO: check
CVE-2021-23404
RESERVED
CVE-2021-23403 (All versions of package ts-nodash are vulnerable to Prototype
Pollutio ...)
@@ -33646,8 +33673,8 @@ CVE-2021-22131
RESERVED
CVE-2021-22130 (A stack-based buffer overflow vulnerability in FortiProxy
physical app ...)
NOT-FOR-US: FortiProxy (FortiGuard)
-CVE-2021-22129
- RESERVED
+CVE-2021-22129 (Multiple instances of incorrect calculation of buffer size in
the Webm ...)
+ TODO: check
CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN
portal ...)
NOT-FOR-US: FortiProxy SSL VPN portal
CVE-2021-22127
@@ -40573,7 +40600,7 @@ CVE-2020-35454 (The Taidii Diibear Android application
2.4.0 and all its derivat
CVE-2020-35453 (HashiCorp Vault Enterprise’s Sentinel EGP policy feature
incorre ...)
NOT-FOR-US: HashiCorp Vault
CVE-2020-35452 (Apache HTTP Server versions 2.4.0 to 2.4.46 A specially
crafted Digest ...)
- {DSA-4937-1}
+ {DSA-4937-1 DLA-2706-1}
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-35452
@@ -44694,8 +44721,8 @@ CVE-2020-29016 (A stack-based buffer overflow
vulnerability in FortiWeb 6.3.0 th
NOT-FOR-US: Fortiguard
CVE-2020-29015 (A blind SQL injection in the user interface of FortiWeb 6.3.0
through ...)
NOT-FOR-US: Fortiguard
-CVE-2020-29014
- RESERVED
+CVE-2020-29014 (A concurrent execution using shared resource with improper
synchroniza ...)
+ TODO: check
CVE-2020-29013
RESERVED
CVE-2020-29012
@@ -63089,8 +63116,8 @@ CVE-2020-22537
RESERVED
CVE-2020-22536
RESERVED
-CVE-2020-22535
- RESERVED
+CVE-2020-22535 (Incorrect Access Control vulnerability in PbootCMS 2.0.6 via
the list ...)
+ TODO: check
CVE-2020-22534
RESERVED
CVE-2020-22533
@@ -65601,8 +65628,8 @@ CVE-2020-21335
RESERVED
CVE-2020-21334
RESERVED
-CVE-2020-21333
- RESERVED
+CVE-2020-21333 (Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to
get an ad ...)
+ TODO: check
CVE-2020-21332
RESERVED
CVE-2020-21331
@@ -115878,7 +115905,7 @@ CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30,
8.5.0 to 8.5.50 and 7.0.0 to
NOTE:
https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56
(8.5.51)
NOTE:
https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d
(7.0.100)
CVE-2020-1934 (In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use
uninitial ...)
- {DSA-4757-1}
+ {DSA-4757-1 DLA-2706-1}
- apache2 2.4.43-1 (low)
[jessie] - apache2 <ignored> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1934
@@ -115904,7 +115931,7 @@ CVE-2020-1929 (The Apache Beam MongoDB connector in
versions 2.10.0 to 2.16.0 ha
CVE-2020-1928 (An information disclosure vulnerability was found in Apache
NiFi 1.10. ...)
NOT-FOR-US: Apache NiFi
CVE-2020-1927 (In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured
with mod_r ...)
- {DSA-4757-1}
+ {DSA-4757-1 DLA-2706-1}
- apache2 2.4.43-1 (low)
[jessie] - apache2 <ignored> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1927
@@ -139559,7 +139586,7 @@ CVE-2019-13225 (A NULL Pointer Dereference in
match_at() in regexec.c in Oniguru
[jessie] - libonig <not-affected> (vulnerable code was introduced later)
NOTE:
https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c
CVE-2019-13224 (A use-after-free in onig_new_deluxe() in regext.c in Oniguruma
6.9.2 a ...)
- {DSA-4527-1 DLA-2431-1 DLA-1854-1}
+ {DSA-4529-1 DSA-4527-1 DLA-2431-1 DLA-1854-1}
- libonig 6.9.2-1 (low; bug #931878)
[buster] - libonig <no-dsa> (Minor issue)
- php7.0 <removed>
@@ -333813,7 +333840,7 @@ CVE-2015-1594 (Untrusted search path vulnerability in
Siemens SIMATIC ProSave be
CVE-2013-7427
RESERVED
CVE-2012-6688
- RESERVED
+ REJECTED
CVE-2015-XXXX [incorrect memory management in Gtk2::Gdk::Display::list_devices]
- libgtk2-perl 2:1.2492-4
[wheezy] - libgtk2-perl 2:1.244-1+deb7u1
@@ -386001,7 +386028,7 @@ CVE-2012-5634 (Xen 4.2.x, 4.1.x, and 4.0, when using
Intel VT-d for PCI passthro
CVE-2012-5633 (The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x
before 2.6 ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
CVE-2012-5632
- RESERVED
+ REJECTED
CVE-2012-5631 (ipa 3.0 does not properly check server identity before sending
credent ...)
NOT-FOR-US: FreeIPA
CVE-2012-5630 (libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use)
race co ...)
@@ -389145,7 +389172,7 @@ CVE-2012-4510 (cups-pk-helper before 0.2.3 does not
properly wrap the (1) cupsGe
{DSA-2562-1}
- cups-pk-helper 0.2.3-1
CVE-2012-4509
- RESERVED
+ REJECTED
CVE-2012-4508 (Race condition in fs/ext4/extents.c in the Linux kernel before
3.4.16 ...)
{DSA-2668-1}
- linux 3.2.35-1
@@ -393846,7 +393873,7 @@ CVE-2012-2690 (virt-edit in libguestfs before 1.18.0
does not preserve the permi
NOTE: https://www.openwall.com/lists/oss-security/2012/06/11/1
NOTE: https://www.openwall.com/lists/oss-security/2012/06/11/5
CVE-2012-2689
- RESERVED
+ REJECTED
CVE-2012-2688 (Unspecified vulnerability in the _php_stream_scandir function
in the s ...)
{DSA-2527-1}
- php5 5.4.4-4 (low; bug #683274)
@@ -393913,8 +393940,8 @@ CVE-2012-2667 (Session fixation vulnerability in
lib/user/sfBasicSecurityUser.cl
NOTE: http://symfony.com/blog/security-release-symfony-1-4-18-released
NOTE:
http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
NOTE:
http://trac.symfony-project.org/changeset/33466?format=diff&new=33466
-CVE-2012-2666
- RESERVED
+CVE-2012-2666 (golang/go in 1.0.2 fixes all.bash on shared machines. dotest()
in src/ ...)
+ TODO: check
CVE-2012-2665 (Multiple heap-based buffer overflows in the XML manifest
encryption ta ...)
{DSA-2520-1}
- libreoffice 1:3.5.4-7
@@ -393934,7 +393961,7 @@ CVE-2012-2660
(actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails b
- ruby-activerecord-3.2 3.2.6-1 (bug #675429)
NOTE: http://seclists.org/oss-sec/2012/q2/449
CVE-2012-2659
- RESERVED
+ REJECTED
CVE-2012-2658
- unixodbc 2.3.6-0.1 (unimportant; bug #675058)
NOTE: Only triggerable by trusted input, not a security issue
@@ -396636,7 +396663,7 @@ CVE-2012-1610 (Integer overflow in the
GetEXIFProperty function in magick/proper
{DSA-2462-1}
- imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-1609
- RESERVED
+ REJECTED
CVE-2012-1608 (The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through
4.4.13, 4.5 ...)
{DSA-2445-1}
- typo3-src 4.5.14+dfsg1-1
@@ -396891,8 +396918,7 @@ CVE-2012-1496 (Local file inclusion in WebCalendar
before 1.2.5. ...)
- webcalendar <removed>
CVE-2012-1495 (install/index.php in WebCalendar before 1.2.5 allows remote
attackers ...)
- webcalendar <removed>
-CVE-2012-1102 [XML::Atom Perl module XML entity expansion]
- RESERVED
+CVE-2012-1102 (It was discovered that the XML::Atom Perl module before version
0.39 d ...)
{DSA-2424-1}
- libxml-atom-perl 0.39-1 (medium)
CVE-2012-1494
@@ -398481,7 +398507,7 @@ CVE-2012-0834 (Cross-site scripting (XSS)
vulnerability in lib/QueryRender.php i
CVE-2012-0833 (The acllas__handle_group_entry function in
servers/plugins/acl/acllas. ...)
- 389-ds-base <not-affected> (Fixed before initial upload)
CVE-2012-0832
- RESERVED
+ REJECTED
CVE-2012-0831 (PHP before 5.3.10 does not properly perform a temporary change
to the ...)
{DSA-2408-1}
- php5 5.3.10-1
@@ -398527,7 +398553,7 @@ CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x
before 3.6.3 allows remote att
[squeeze] - samba <not-affected> (Only affects 3.6.x)
[lenny] - samba <not-affected> (Only affects 3.6.x)
CVE-2012-0816
- RESERVED
+ REJECTED
CVE-2012-0815 (The headerVerifyInfo function in lib/header.c in RPM before
4.9.1.3 al ...)
{DLA-140-1}
- rpm 4.9.1.3-1 (bug #667031)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e4eaa1515cb3025b37ed258ead1cb4fdbdc436e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e4eaa1515cb3025b37ed258ead1cb4fdbdc436e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
