Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6dc6ad06 by Moritz Muehlenhoff at 2021-07-29T23:32:20+02:00
neomutt NMU
various bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6685,7 +6685,7 @@ CVE-2021-3605 [Heap buffer overflow in the rleUncompress
function]
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/3204008c0bd4c8d7599a052b304d1b44c4511283
(v2.5)
NOTE: not to be confused with CVE-2020-11760 whose fix is similar but
applied around 10 lines above, in the other branch of the 'if'
CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a vulnerability that can
result in ...)
- - libphp-phpmailer <unfixed>
+ - libphp-phpmailer <unfixed> (bug #991666)
[bullseye] - libphp-phpmailer <no-dsa> (Minor issue)
[buster] - libphp-phpmailer <no-dsa> (Minor issue)
[stretch] - libphp-phpmailer <postponed> (Minor issue, fix along with
next DLA)
@@ -10822,7 +10822,7 @@ CVE-2021-32926 (When an authenticated password change
request takes place, this
NOT-FOR-US: Rockwell Automation
CVE-2021-3551
RESERVED
- - dogtag-pki <unfixed>
+ - dogtag-pki <unfixed> (bug #991665)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959971
NOTE:
https://github.com/dogtagpki/pki/commit/0c2f3b84499584bb6029f5ba3988ed3cb081e548
NOTE:
https://github.com/dogtagpki/pki/commit/b01cd8cc7d3e391e69ed2c8161f7e15fa84553e6
@@ -12971,7 +12971,7 @@ CVE-2021-32055 (Mutt 1.11.0 through 2.0.x before 2.0.7
(and NeoMutt 2019-10-25 t
- mutt 2.0.5-4.1 (bug #988106)
[buster] - mutt <not-affected> (Vulnerable code introduced later)
[stretch] - mutt <not-affected> (Vulnerable code introduced later)
- - neomutt <unfixed> (bug #988107)
+ - neomutt 20201127+dfsg.1-1.2 (bug #988107)
[buster] - neomutt <not-affected> (Vulnerable code introduced later)
NOTE:
https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5
NOTE:
https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc
@@ -19546,7 +19546,7 @@ CVE-2021-29501 (Ticketer is a command based ticket
system cog (plugin) for the r
CVE-2021-29500 (bubble fireworks is an open source java package relating to
Spring Fra ...)
NOT-FOR-US: bubble fireworks
CVE-2021-29499 (SIF is an open source implementation of the Singularity
Container Imag ...)
- - golang-github-sylabs-sif <unfixed>
+ - golang-github-sylabs-sif <unfixed> (bug #991664)
[bullseye] - golang-github-sylabs-sif <no-dsa> (Minor issue)
NOTE:
https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg
CVE-2021-29498
@@ -32503,7 +32503,7 @@ CVE-2021-24118
CVE-2021-24117 (In Rust SGX 1.1.3, a side-channel vulnerability in base64 PEM
file dec ...)
NOT-FOR-US: Rust SGX
CVE-2021-24116 (In wolfSSL through 4.6.0, a side-channel vulnerability in
base64 PEM f ...)
- - wolfssl <unfixed>
+ - wolfssl <unfixed> (bug #991663)
[bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
CVE-2021-24115 (In Botan before 2.17.3, constant-time computations are not
used for ce ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dc6ad068fd2ad425abdc8a5bd5c437e1d5d0601
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dc6ad068fd2ad425abdc8a5bd5c437e1d5d0601
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
