[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 28 Jul 2021 13:10:43 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3e56625c by security tracker role at 2021-07-28T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,18 @@
-CVE-2021-37600 [integer overflow in ipcutils.c]
+CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery 
by an a ...)
+       TODO: check
+CVE-2021-37605
+       RESERVED
+CVE-2021-37604
+       RESERVED
+CVE-2021-37603
+       RESERVED
+CVE-2021-37602
+       RESERVED
+CVE-2021-37599
+       RESERVED
+CVE-2021-3668
+       RESERVED
+CVE-2021-37600 (An integer overflow in util-linux through 2.37.1 can 
potentially cause ...)
        - util-linux <unfixed> (bug #991619)
        NOTE: https://github.com/karelzak/util-linux/issues/1395
        NOTE: 
https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
@@ -404,7 +418,7 @@ CVE-2021-23208
        RESERVED
 CVE-2021-23183
        RESERVED
-CVE-2021-37601 [Remote Information Disclosure]
+CVE-2021-37601 (muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote 
attackers t ...)
        - prosody 0.11.9-2
        NOTE: https://prosody.im/security/advisory_20210722/
 CVE-2021-37404
@@ -7671,10 +7685,10 @@ CVE-2021-34168
        RESERVED
 CVE-2021-34167
        RESERVED
-CVE-2021-34166
-       RESERVED
-CVE-2021-34165
-       RESERVED
+CVE-2021-34166 (A SQL INJECTION vulnerability in Sourcecodester Simple Food 
Website 1. ...)
+       TODO: check
+CVE-2021-34165 (A SQL Injection vulnerability in Sourcecodester Basic Shopping 
Cart 1. ...)
+       TODO: check
 CVE-2021-34164
        RESERVED
 CVE-2021-34163
@@ -12824,10 +12838,10 @@ CVE-2021-32003
        RESERVED
 CVE-2021-32002
        RESERVED
-CVE-2021-32001
-       RESERVED
-CVE-2021-32000
-       RESERVED
+CVE-2021-32001 (A Missing Encryption of Sensitive Data vulnerability in k3s, 
kde2 of S ...)
+       TODO: check
+CVE-2021-32000 (A UNIX Symbolic Link (Symlink) Following vulnerability in the 
clone-ma ...)
+       TODO: check
 CVE-2021-31999 (A Reliance on Untrusted Inputs in a Security Decision 
vulnerability in ...)
        NOT-FOR-US: Rancher
 CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging 
of inn  ...)
@@ -15784,6 +15798,7 @@ CVE-2021-30800
        RESERVED
 CVE-2021-30799
        RESERVED
+       {DSA-4945-1}
        - webkit2gtk 2.32.3-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        - wpewebkit 2.32.3-1
@@ -15792,6 +15807,7 @@ CVE-2021-30798
        RESERVED
 CVE-2021-30797
        RESERVED
+       {DSA-4945-1}
        - webkit2gtk 2.32.3-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        - wpewebkit 2.32.3-1
@@ -15800,6 +15816,7 @@ CVE-2021-30796
        RESERVED
 CVE-2021-30795
        RESERVED
+       {DSA-4945-1}
        - webkit2gtk 2.32.3-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        - wpewebkit 2.32.3-1
@@ -15888,6 +15905,7 @@ CVE-2021-30759
        RESERVED
 CVE-2021-30758
        RESERVED
+       {DSA-4945-1}
        - webkit2gtk 2.32.2-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        - wpewebkit 2.32.2-1
@@ -15910,6 +15928,7 @@ CVE-2021-30750
        RESERVED
 CVE-2021-30749
        RESERVED
+       {DSA-4945-1}
        - webkit2gtk 2.32.3-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        - wpewebkit 2.32.3-1
@@ -15924,6 +15943,7 @@ CVE-2021-30745
        RESERVED
 CVE-2021-30744
        RESERVED
+       {DSA-4945-1}
        - webkit2gtk 2.32.3-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        - wpewebkit 2.32.3-1
@@ -15948,6 +15968,7 @@ CVE-2021-30735
        RESERVED
 CVE-2021-30734
        RESERVED
+       {DSA-4945-1}
        - webkit2gtk 2.32.3-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        - wpewebkit 2.32.3-1
@@ -15980,6 +16001,7 @@ CVE-2021-30721
        RESERVED
 CVE-2021-30720
        RESERVED
+       {DSA-4945-1}
        - webkit2gtk 2.32.3-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        - wpewebkit 2.32.3-1
@@ -16046,6 +16068,7 @@ CVE-2021-30690
        RESERVED
 CVE-2021-30689
        RESERVED
+       {DSA-4945-1}
        - webkit2gtk 2.32.3-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        - wpewebkit 2.32.3-1
@@ -16108,6 +16131,7 @@ CVE-2021-30666
        NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30665
        RESERVED
+       {DSA-4945-1}
        - webkit2gtk 2.32.3-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        - wpewebkit 2.32.3-1
@@ -16116,6 +16140,7 @@ CVE-2021-30664
        RESERVED
 CVE-2021-30663
        RESERVED
+       {DSA-4945-1}
        - webkit2gtk 2.32.3-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        - wpewebkit 2.32.3-1
@@ -29987,8 +30012,8 @@ CVE-2021-25202 (SQL injection vulnerability in 
SourceCodester Sales and Inventor
        NOT-FOR-US: SourceCodester Sales and Inventory System
 CVE-2021-25201 (SQL injection vulnerability in Learning Management System v 
1.0 allows ...)
        NOT-FOR-US: Learning Management System
-CVE-2021-25200
-       RESERVED
+CVE-2021-25200 (Arbitrary file upload vulnerability in SourceCodester Learning 
Managem ...)
+       TODO: check
 CVE-2021-25199
        RESERVED
 CVE-2021-25198
@@ -33884,14 +33909,14 @@ CVE-2021-23419
        RESERVED
 CVE-2021-23418
        RESERVED
-CVE-2021-23417
-       RESERVED
-CVE-2021-23416
-       RESERVED
-CVE-2021-23415
-       RESERVED
-CVE-2021-23414
-       RESERVED
+CVE-2021-23417 (All versions of package deepmergefn are vulnerable to 
Prototype Pollut ...)
+       TODO: check
+CVE-2021-23416 (This affects all versions of package curly-bracket-parser. 
When used a ...)
+       TODO: check
+CVE-2021-23415 (This affects the package elFinder.AspNet before 1.1.1. The 
user-contro ...)
+       TODO: check
+CVE-2021-23414 (This affects the package video.js before 7.14.3. The src 
attribute of  ...)
+       TODO: check
 CVE-2021-23413 (This affects the package jszip before 3.7.0. Crafting a new 
zip file w ...)
        - node-jszip 3.5.0+dfsg-2
        NOTE: https://github.com/Stuk/jszip/pull/766
@@ -37563,6 +37588,7 @@ CVE-2021-21781
 CVE-2021-21780
        RESERVED
 CVE-2021-21779 (A use-after-free vulnerability exists in the way 
Webkit&#8217;s Graphi ...)
+       {DSA-4945-1}
        - webkit2gtk 2.32.3-1
        [bullseye] - webkit2gtk <postponed> (Fix along with next update round)
        [buster] - webkit2gtk <postponed> (Fix along with next update round)
@@ -37577,6 +37603,7 @@ CVE-2021-21777 (An information disclosure vulnerability 
exists in the Ethernet/I
 CVE-2021-21776 (An out-of-bounds write vulnerability exists in the SGI Format 
Buffer S ...)
        NOT-FOR-US: ImageGear
 CVE-2021-21775 (A use-after-free vulnerability exists in the way certain 
events are pr ...)
+       {DSA-4945-1}
        - webkit2gtk 2.32.3-1
        [bullseye] - webkit2gtk <postponed> (Fix along with next update round)
        [buster] - webkit2gtk <postponed> (Fix along with next update round)
@@ -67884,8 +67911,8 @@ CVE-2020-21856
        RESERVED
 CVE-2020-21855
        RESERVED
-CVE-2020-21854
-       RESERVED
+CVE-2020-21854 (Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in 
the syste ...)
+       TODO: check
 CVE-2020-21853
        RESERVED
 CVE-2020-21852
@@ -96407,8 +96434,8 @@ CVE-2020-10592 (Tor before 0.3.5.10, 0.4.x before 
0.4.1.9, and 0.4.2.x before 0.
        NOTE: https://bugs.torproject.org/33120
 CVE-2020-10591 (An issue was discovered in Walmart Labs Concord before 1.44.0. 
CORS Ac ...)
        NOT-FOR-US: Walmart Labs Concord
-CVE-2020-10590
-       RESERVED
+CVE-2020-10590 (Replicated Classic 2.x versions have an improperly secured API 
that ex ...)
+       TODO: check
 CVE-2020-10589 (v2rayL 2.1.3 allows local users to achieve root access because 
/etc/v2 ...)
        NOT-FOR-US: v2rayL
 CVE-2020-10588 (v2rayL 2.1.3 allows local users to achieve root access because 
/etc/v2 ...)
@@ -110798,8 +110825,8 @@ CVE-2020-5006
        RESERVED
 CVE-2020-5005
        RESERVED
-CVE-2020-5004
-       RESERVED
+CVE-2020-5004 (IBM Jazz Foundation products are vulnerable to cross-site 
scripting. T ...)
+       TODO: check
 CVE-2020-5003 (IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML 
Extern ...)
        NOT-FOR-US: IBM
 CVE-2020-5002
@@ -110858,8 +110885,8 @@ CVE-2020-4976 (IBM DB2 for Linux, UNIX and Windows 
(includes DB2 Connect Server)
        NOT-FOR-US: IBM
 CVE-2020-4975 (IBM Engineering products are vulnerable to cross-site 
scripting. This  ...)
        NOT-FOR-US: IBM
-CVE-2020-4974
-       RESERVED
+CVE-2020-4974 (IBM Jazz Foundation products are vulnerable to server side 
request for ...)
+       TODO: check
 CVE-2020-4973
        RESERVED
 CVE-2020-4972



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e56625c2e68d142561ff5b9ed2553f9381a5f7c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e56625c2e68d142561ff5b9ed2553f9381a5f7c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to