Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f9b37f0c by security tracker role at 2021-08-08T08:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,133 @@
+CVE-2021-38196 (An issue was discovered in the better-macro crate through
2021-07-22 f ...)
+ TODO: check
+CVE-2021-38195 (An issue was discovered in the libsecp256k1 crate before 0.5.0
for Rus ...)
+ TODO: check
+CVE-2021-38194 (An issue was discovered in the ark-r1cs-std crate before 0.3.1
for Rus ...)
+ TODO: check
+CVE-2021-38193 (An issue was discovered in the ammonia crate before 3.1.0 for
Rust. XS ...)
+ TODO: check
+CVE-2021-38192 (An issue was discovered in the prost-types crate before 0.8.0
for Rust ...)
+ TODO: check
+CVE-2021-38191 (An issue was discovered in the tokio crate before 1.8.1 for
Rust. Upon ...)
+ TODO: check
+CVE-2021-38190 (An issue was discovered in the nalgebra crate before 0.27.1
for Rust. ...)
+ TODO: check
+CVE-2021-38189 (An issue was discovered in the lettre crate before 0.9.6 for
Rust. In ...)
+ TODO: check
+CVE-2021-38188 (An issue was discovered in the iced-x86 crate through 1.10.3
for Rust. ...)
+ TODO: check
+CVE-2021-38187 (An issue was discovered in the anymap crate through 0.12.1 for
Rust. I ...)
+ TODO: check
+CVE-2021-38186 (An issue was discovered in the comrak crate before 0.10.1 for
Rust. It ...)
+ TODO: check
+CVE-2021-38185 (GNU cpio through 2.13 allows attackers to execute arbitrary
code via a ...)
+ TODO: check
+CVE-2021-38184
+ RESERVED
+CVE-2021-38183
+ RESERVED
+CVE-2021-38182
+ RESERVED
+CVE-2021-38181
+ RESERVED
+CVE-2021-38180
+ RESERVED
+CVE-2021-38179
+ RESERVED
+CVE-2021-38178
+ RESERVED
+CVE-2021-38177
+ RESERVED
+CVE-2021-38176
+ RESERVED
+CVE-2021-38175
+ RESERVED
+CVE-2021-38174
+ RESERVED
+CVE-2021-3689
+ RESERVED
+CVE-2020-36472 (An issue was discovered in the max7301 crate before 0.2.0 for
Rust. Th ...)
+ TODO: check
+CVE-2020-36471 (An issue was discovered in the generator crate before 0.7.0
for Rust. ...)
+ TODO: check
+CVE-2020-36470 (An issue was discovered in the disrustor crate through
2020-12-17 for ...)
+ TODO: check
+CVE-2020-36469 (An issue was discovered in the appendix crate through
2020-11-15 for R ...)
+ TODO: check
+CVE-2020-36468 (An issue was discovered in the cgc crate through 2020-12-10
for Rust. ...)
+ TODO: check
+CVE-2020-36467 (An issue was discovered in the cgc crate through 2020-12-10
for Rust. ...)
+ TODO: check
+CVE-2020-36466 (An issue was discovered in the cgc crate through 2020-12-10
for Rust. ...)
+ TODO: check
+CVE-2020-36465 (An issue was discovered in the generic-array crate before
0.13.3 for R ...)
+ TODO: check
+CVE-2020-36464 (An issue was discovered in the heapless crate before 0.6.1 for
Rust. T ...)
+ TODO: check
+CVE-2020-36463 (An issue was discovered in the multiqueue crate through
2020-12-25 for ...)
+ TODO: check
+CVE-2020-36462 (An issue was discovered in the syncpool crate before 0.1.6 for
Rust. T ...)
+ TODO: check
+CVE-2020-36461 (An issue was discovered in the noise_search crate through
2020-12-10 f ...)
+ TODO: check
+CVE-2020-36460 (An issue was discovered in the model crate through 2020-11-10
for Rust ...)
+ TODO: check
+CVE-2020-36459 (An issue was discovered in the dces crate through 2020-12-09
for Rust. ...)
+ TODO: check
+CVE-2020-36458 (An issue was discovered in the lexer crate through 2020-11-10
for Rust ...)
+ TODO: check
+CVE-2020-36457 (An issue was discovered in the lever crate before 0.1.1 for
Rust. Atom ...)
+ TODO: check
+CVE-2020-36456 (An issue was discovered in the toolshed crate through
2020-11-15 for R ...)
+ TODO: check
+CVE-2020-36455 (An issue was discovered in the slock crate through 2020-11-17
for Rust ...)
+ TODO: check
+CVE-2020-36454 (An issue was discovered in the parc crate through 2020-11-14
for Rust. ...)
+ TODO: check
+CVE-2020-36453 (An issue was discovered in the scottqueue crate through
2020-11-15 for ...)
+ TODO: check
+CVE-2020-36452 (An issue was discovered in the array-tools crate before 0.3.2
for Rust ...)
+ TODO: check
+CVE-2020-36451 (An issue was discovered in the rcu_cell crate through
2020-11-14 for R ...)
+ TODO: check
+CVE-2020-36450 (An issue was discovered in the bunch crate through 2020-11-12
for Rust ...)
+ TODO: check
+CVE-2020-36449 (An issue was discovered in the kekbit crate before 0.3.4 for
Rust. For ...)
+ TODO: check
+CVE-2020-36448 (An issue was discovered in the cache crate through 2020-11-24
for Rust ...)
+ TODO: check
+CVE-2020-36447 (An issue was discovered in the v9 crate through 2020-12-18 for
Rust. T ...)
+ TODO: check
+CVE-2020-36446 (An issue was discovered in the signal-simple crate through
2020-11-15 ...)
+ TODO: check
+CVE-2020-36445 (An issue was discovered in the convec crate through 2020-11-24
for Rus ...)
+ TODO: check
+CVE-2020-36444 (An issue was discovered in the async-coap crate through
2020-12-08 for ...)
+ TODO: check
+CVE-2020-36443 (An issue was discovered in the libp2p-deflate crate before
0.27.1 for ...)
+ TODO: check
+CVE-2020-36442 (An issue was discovered in the beef crate before 0.5.0 for
Rust. beef: ...)
+ TODO: check
+CVE-2020-36441 (An issue was discovered in the abox crate before 0.4.1 for
Rust. It im ...)
+ TODO: check
+CVE-2020-36440 (An issue was discovered in the libsbc crate before 0.1.5 for
Rust. For ...)
+ TODO: check
+CVE-2020-36439 (An issue was discovered in the ticketed_lock crate before
0.3.0 for Ru ...)
+ TODO: check
+CVE-2020-36438 (An issue was discovered in the tiny_future crate before 0.4.0
for Rust ...)
+ TODO: check
+CVE-2020-36437 (An issue was discovered in the conqueue crate before 0.4.0 for
Rust. T ...)
+ TODO: check
+CVE-2020-36436 (An issue was discovered in the unicycle crate before 0.7.1 for
Rust. P ...)
+ TODO: check
+CVE-2020-36435 (An issue was discovered in the ruspiro-singleton crate before
0.4.1 fo ...)
+ TODO: check
+CVE-2020-36434 (An issue was discovered in the sys-info crate before 0.8.0 for
Rust. s ...)
+ TODO: check
+CVE-2020-36433 (An issue was discovered in the chunky crate through 2020-08-25
for Rus ...)
+ TODO: check
+CVE-2020-36432 (An issue was discovered in the alg_ds crate through 2020-08-25
for Rus ...)
+ TODO: check
CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the
mishandlin ...)
- btrbk 0.27.1-2
NOTE: Fixed by:
https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584
(v0.31.2)
@@ -37,7 +167,7 @@ CVE-2021-38156
CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x
before 17.0.1 ...)
- keystone <unfixed>
NOTE: https://launchpad.net/bugs/1688137
-CVE-2021-38165 (HTParse in Lynx through 2.8.9 mishandles the userinfo
subcomponent of ...)
+CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a
URI, whic ...)
[experimental] - lynx 2.9.0dev.9-1
- lynx <unfixed> (bug #991971)
NOTE:
https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
@@ -4258,8 +4388,7 @@ CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the
Key Distribution Center
[stretch] - krb5 <not-affected> (Vulnerable code (k5memdup0())
introduced later)
NOTE:
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=9007
-CVE-2021-36221
- RESERVED
+CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race
condition that c ...)
- golang-1.16 1.16.7-1
- golang-1.15 <unfixed> (bug #991961)
- golang-1.11 <removed>
@@ -11213,7 +11342,7 @@ CVE-2021-33200 (kernel/bpf/verifier.c in the Linux
kernel through 5.12.7 enforce
NOTE: Issue introduced due to fixes applied for CVE-2021-29155
CVE-2021-33199
RESERVED
-CVE-2021-33198 (Go before 1.15.12 and 1.16.x before 1.16.5 attempts to
allocate excess ...)
+CVE-2021-33198 (In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a
panic fo ...)
- golang-1.16 1.16.5-1
- golang-1.15 1.15.9-5
- golang-1.11 <removed>
@@ -11224,7 +11353,7 @@ CVE-2021-33198 (Go before 1.15.12 and 1.16.x before
1.16.5 attempts to allocate
NOTE: https://github.com/golang/go/issues/45910
NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
NOTE: Introduced by
https://github.com/golang/go/commit/e4ba40030f9ba4b61bb28dbf78bb41a7b14e6788
(go1.13beta1)
-CVE-2021-33197 (Go before 1.15.12 and 1.16.x before 1.16.5 acts as an
Unintended Proxy ...)
+CVE-2021-33197 (In Go before 1.15.13 and 1.16.x before 1.16.5, some
configurations of ...)
- golang-1.16 1.16.5-1
- golang-1.15 1.15.9-5
- golang-1.11 <removed>
@@ -11236,7 +11365,7 @@ CVE-2021-33197 (Go before 1.15.12 and 1.16.x before
1.16.5 acts as an Unintended
NOTE: https://github.com/golang/go/issues/46313
NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
NOTE:
https://github.com/golang/go/commit/cbd1ca84453fecf3825a6bb9f985823e8bc32b76
(1.15)
-CVE-2021-33196 (Go before 1.15.12 and 1.16.x before 1.16.5 attempts to
allocate excess ...)
+CVE-2021-33196 (In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5,
a crafte ...)
- golang-1.16 1.16.5-1 (bug #989492)
- golang-1.15 1.15.9-4
- golang-1.11 <removed>
@@ -11249,7 +11378,7 @@ CVE-2021-33196 (Go before 1.15.12 and 1.16.x before
1.16.5 attempts to allocate
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912
NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
NOTE:
https://github.com/golang/go/commit/c92adf420a3d9a5510f9aea382d826f0c9216a10
(1.15)
-CVE-2021-33195 (Go before 1.15.12 and 1.16.x before 1.16.5 allows injection.
...)
+CVE-2021-33195 (Go before 1.15.13 and 1.16.x before 1.16.5 has functions for
DNS looku ...)
- golang-1.16 1.16.5-1
- golang-1.15 1.15.9-5
- golang-1.11 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9b37f0c89330e6e1b596b7f4396970a01c76e3b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9b37f0c89330e6e1b596b7f4396970a01c76e3b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
