[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 02 Aug 2021 01:10:37 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
af4de5be by security tracker role at 2021-08-02T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,155 @@
+CVE-2021-37838
+       RESERVED
+CVE-2021-37837
+       RESERVED
+CVE-2021-37836
+       RESERVED
+CVE-2021-37835
+       RESERVED
+CVE-2021-37834
+       RESERVED
+CVE-2021-37833
+       RESERVED
+CVE-2021-37832
+       RESERVED
+CVE-2021-37831
+       RESERVED
+CVE-2021-37830
+       RESERVED
+CVE-2021-37829
+       RESERVED
+CVE-2021-37828
+       RESERVED
+CVE-2021-37827
+       RESERVED
+CVE-2021-37826
+       RESERVED
+CVE-2021-37825
+       RESERVED
+CVE-2021-37824
+       RESERVED
+CVE-2021-37823
+       RESERVED
+CVE-2021-37822
+       RESERVED
+CVE-2021-37821
+       RESERVED
+CVE-2021-37820
+       RESERVED
+CVE-2021-37819
+       RESERVED
+CVE-2021-37818
+       RESERVED
+CVE-2021-37817
+       RESERVED
+CVE-2021-37816
+       RESERVED
+CVE-2021-37815
+       RESERVED
+CVE-2021-37814
+       RESERVED
+CVE-2021-37813
+       RESERVED
+CVE-2021-37812
+       RESERVED
+CVE-2021-37811
+       RESERVED
+CVE-2021-37810
+       RESERVED
+CVE-2021-37809
+       RESERVED
+CVE-2021-37808
+       RESERVED
+CVE-2021-37807
+       RESERVED
+CVE-2021-37806
+       RESERVED
+CVE-2021-37805
+       RESERVED
+CVE-2021-37804
+       RESERVED
+CVE-2021-37803
+       RESERVED
+CVE-2021-37802
+       RESERVED
+CVE-2021-37801
+       RESERVED
+CVE-2021-37800
+       RESERVED
+CVE-2021-37799
+       RESERVED
+CVE-2021-37798
+       RESERVED
+CVE-2021-37797
+       RESERVED
+CVE-2021-37796
+       RESERVED
+CVE-2021-37795
+       RESERVED
+CVE-2021-37794
+       RESERVED
+CVE-2021-37793
+       RESERVED
+CVE-2021-37792
+       RESERVED
+CVE-2021-37791
+       RESERVED
+CVE-2021-37790
+       RESERVED
+CVE-2021-37789
+       RESERVED
+CVE-2021-37788
+       RESERVED
+CVE-2021-37787
+       RESERVED
+CVE-2021-37786
+       RESERVED
+CVE-2021-37785
+       RESERVED
+CVE-2021-37784
+       RESERVED
+CVE-2021-37783
+       RESERVED
+CVE-2021-37782
+       RESERVED
+CVE-2021-37781
+       RESERVED
+CVE-2021-37780
+       RESERVED
+CVE-2021-37779
+       RESERVED
+CVE-2021-37778
+       RESERVED
+CVE-2021-37777
+       RESERVED
+CVE-2021-37776
+       RESERVED
+CVE-2021-37775
+       RESERVED
+CVE-2021-37774
+       RESERVED
+CVE-2021-37773
+       RESERVED
+CVE-2021-37772
+       RESERVED
+CVE-2021-37771
+       RESERVED
+CVE-2021-37770
+       RESERVED
+CVE-2021-37769
+       RESERVED
+CVE-2021-37768
+       RESERVED
+CVE-2021-37767
+       RESERVED
+CVE-2021-37766
+       RESERVED
+CVE-2021-37765
+       RESERVED
+CVE-2021-37764
+       RESERVED
+CVE-2021-37763
+       RESERVED
 CVE-2021-37762
        RESERVED
 CVE-2021-37761
@@ -5084,8 +5236,7 @@ CVE-2021-35479 (Nagios Log Server before 2.1.9 contains 
Stored XSS in the custom
        NOT-FOR-US: Nagios Log Server
 CVE-2021-35478 (Nagios Log Server before 2.1.9 contains Reflected XSS in the 
dropdown  ...)
        NOT-FOR-US: Nagios Log Server
-CVE-2021-35477
-       RESERVED
+CVE-2021-35477 (In the Linux kernel through 5.13.7, an unprivileged BPF 
program can ob ...)
        - linux <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3
 CVE-2021-35476
@@ -7173,8 +7324,7 @@ CVE-2021-34558 (The crypto/tls package of Go through 
1.16.5 does not properly as
        NOTE: https://github.com/golang/go/issues/47143
        NOTE: 
https://github.com/golang/go/commit/58bc454a11d4b3dbc03f44dfcabb9068a9c076f4 
(1.16.x)
        NOTE: key_agreement.go also bundled in various other packages
-CVE-2021-34556
-       RESERVED
+CVE-2021-34556 (In the Linux kernel through 5.13.7, an unprivileged BPF 
program can ob ...)
        - linux <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3
 CVE-2021-34555 (OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a 
denial  ...)
@@ -26876,8 +27026,8 @@ CVE-2021-3353
        RESERVED
 CVE-2021-3352
        RESERVED
-CVE-2021-3351
-       RESERVED
+CVE-2021-3351 (OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the 
Device ...)
+       TODO: check
 CVE-2021-3350 (deleteaccount.php in the Delete Account plugin 1.4 for MyBB 
allows XSS ...)
        NOT-FOR-US: Delete Account plugin for MyBB
 CVE-2021-3349 (** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid 
signat ...)
@@ -202525,6 +202675,7 @@ CVE-2018-11498 (In Lizard v1.0 and LZ5 v2.0 (the 
prior release, before the produ
 CVE-2018-11497
        RESERVED
 CVE-2018-11496 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free 
in read ...)
+       {DLA-2725-1}
        - lrzip 0.631+git180528-1
        [jessie] - lrzip <no-dsa> (Minor issue)
        NOTE: https://github.com/ckolivas/lrzip/issues/96
@@ -204951,6 +205102,7 @@ CVE-2018-10687
 CVE-2018-10686 (An issue was discovered in Vesta Control Panel 0.9.8-20. There 
is Refl ...)
        NOT-FOR-US: Vesta Control Panel
 CVE-2018-10685 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free 
in the  ...)
+       {DLA-2725-1}
        - lrzip 0.631+git180517-1 (low; bug #897645)
        [jessie] - lrzip <no-dsa> (Minor issue)
        [wheezy] - lrzip <ignored> (Minor issue)
@@ -216577,8 +216729,8 @@ CVE-2017-18115
        RESERVED
 CVE-2017-18114
        RESERVED
-CVE-2017-18113
-       RESERVED
+CVE-2017-18113 (The DefaultOSWorkflowConfigurator class in Jira Server and 
Jira Data C ...)
+       TODO: check
 CVE-2017-18112 (Affected versions of Atlassian Fisheye allow remote attackers 
to view  ...)
        NOT-FOR-US: Atlassian
 CVE-2017-18111 (The OAuthHelper in Atlassian Application Links before version 
5.0.10,  ...)
@@ -218931,6 +219083,7 @@ CVE-2018-5787 (An issue was discovered in Extreme 
Networks ExtremeWireless WiNG
 CVE-2017-18044 (A Command Injection issue was discovered in 
ContentStore/Base/CVDataPi ...)
        NOT-FOR-US: Commvault
 CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop 
and app ...)
+       {DLA-2725-1}
        - lrzip 0.631+git180517-1 (bug #888506)
        [jessie] - lrzip <no-dsa> (Minor issue)
        [wheezy] - lrzip <no-dsa> (Minor issue)
@@ -219106,6 +219259,7 @@ CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows 
attackers to cause a denial
        NOTE: 
https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html
        NOTE: 
https://libvirt.org/git/?p=libvirt.git;a=commit;h=bc251ea91bcfddd2622fce6bce701a438b2e7276
 CVE-2018-5747 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free 
in the  ...)
+       {DLA-2725-1}
        - lrzip 0.631+git180517-1 (bug #898451)
        [jessie] - lrzip <no-dsa> (Minor issue)
        [wheezy] - lrzip <no-dsa> (Minor issue)
@@ -219460,6 +219614,7 @@ CVE-2018-5652 (An issue was discovered in the 
dark-mode plugin 1.6 for WordPress
 CVE-2018-5651 (An issue was discovered in the dark-mode plugin 1.6 for 
WordPress. XSS ...)
        NOT-FOR-US: dark-mode plugin for WordPress
 CVE-2018-5650 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop 
and app ...)
+       {DLA-2725-1}
        - lrzip 0.631+git180517-1 (bug #887065)
        [jessie] - lrzip <no-dsa> (Minor issue)
        [wheezy] - lrzip <no-dsa> (Minor issue)
@@ -255719,11 +255874,13 @@ CVE-2017-9931 (Cross-Site Scripting (XSS) exists in 
Green Packet DX-350 Firmware
 CVE-2017-9930 (Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 
Firmwa ...)
        NOT-FOR-US: Green Packet
 CVE-2017-9929 (In lrzip 0.631, a stack buffer overflow was found in the 
function get_ ...)
+       {DLA-2725-1}
        - lrzip 0.631+git180517-1 (bug #866020)
        [jessie] - lrzip <no-dsa> (Minor issue)
        [wheezy] - lrzip <no-dsa> (Minor issue)
        NOTE: https://github.com/ckolivas/lrzip/issues/75
 CVE-2017-9928 (In lrzip 0.631, a stack buffer overflow was found in the 
function get_ ...)
+       {DLA-2725-1}
        - lrzip 0.631+git180517-1 (bug #866022)
        [jessie] - lrzip <no-dsa> (Minor issue)
        [wheezy] - lrzip <no-dsa> (Minor issue)
@@ -260913,6 +261070,7 @@ CVE-2017-8847 (The bufRead::get() function in 
libzpaq/libzpaq.h in liblrzip.so i
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/
        NOTE: Crash in CLI tool, no security implications
 CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 
0.631 all ...)
+       {DLA-2725-1}
        - lrzip 0.631+git180517-1 (bug #863150)
        [jessie] - lrzip <no-dsa> (Minor issue)
        [wheezy] - lrzip <no-dsa> (Minor issue)
@@ -260925,6 +261083,7 @@ CVE-2017-8845 (The lzo1x_decompress function in 
lzo1x_d.ch in LZO 2.08, as used
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/07/lrzip-invalid-memory-read-in-lzo_decompress_buf-stream-c/
        NOTE: Crash in CLI tool, no security implications
 CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 
allows  ...)
+       {DLA-2725-1}
        - lrzip 0.631+git180517-1 (bug #863153)
        [jessie] - lrzip <no-dsa> (Minor issue)
        [wheezy] - lrzip <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af4de5be5cf72de9225070493f9358332815a904

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af4de5be5cf72de9225070493f9358332815a904
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to