[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 01 Aug 2021 13:10:35 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c160d7ee by security tracker role at 2021-08-01T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-37762
+       RESERVED
+CVE-2021-37761
+       RESERVED
 CVE-2021-37760 (A Session ID leak in the audit log in Graylog before 4.1.2 
allows atta ...)
        - graylog2 <itp> (bug #652273)
 CVE-2021-37759 (A Session ID leak in the DEBUG log file in Graylog before 
4.1.2 allows ...)
@@ -2029,7 +2033,7 @@ CVE-2020-36428 (matio (aka MAT File I/O Library) 1.5.18 
through 1.5.21 has a hea
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421
        NOTE: 
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2020-799.yaml
 CVE-2019-25051 (objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow 
in acom ...)
-       {DLA-2720-1}
+       {DSA-4948-1 DLA-2720-1}
        - aspell 0.60.8-3 (bug #991307)
        NOTE: 
https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a
        NOTE: 
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml
@@ -12901,8 +12905,7 @@ CVE-2021-32068
        RESERVED
 CVE-2021-32067
        RESERVED
-CVE-2021-32066 [A StartTLS stripping vulnerability in Net::IMAP]
-       RESERVED
+CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 
2.7.3, an ...)
        - ruby2.7 2.7.4-1 (bug #990815)
        - ruby2.5 <removed>
        - ruby2.3 <removed>
@@ -122242,6 +122245,7 @@ CVE-2019-18825 (Barco ClickShare Huddle CS-100 
devices before 1.9.0 and CSE-200
 CVE-2019-18824 (Barco ClickShare Button R9861500D01 devices before 1.10.0.13 
have Miss ...)
        NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
 CVE-2019-18823 (HTCondor up to and including stable series 8.8.6 and 
development serie ...)
+       {DLA-2724-1}
        - condor <unfixed> (bug #963777)
        NOTE: 
https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0003.html
        NOTE: 
https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html
@@ -128923,7 +128927,7 @@ CVE-2019-17545 (GDAL through 3.0.1 has a poolDestroy 
double free in OGRExpatReal
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
        NOTE: 
https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb
 CVE-2019-17544 (libaspell.a in GNU Aspell before 0.60.8 has a stack-based 
buffer over- ...)
-       {DLA-2720-1 DLA-1966-1}
+       {DSA-4948-1 DLA-2720-1 DLA-1966-1}
        - aspell 0.60.8-1 (low)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109
        NOTE: 
https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c160d7eea5fae8db78376c4c062be4cbcadab1ea

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c160d7eea5fae8db78376c4c062be4cbcadab1ea
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to