Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2065cb1a by security tracker role at 2021-10-29T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2021-43081
+ RESERVED
+CVE-2021-43080
+ RESERVED
+CVE-2021-43079
+ RESERVED
+CVE-2021-43078
+ RESERVED
+CVE-2021-43077
+ RESERVED
+CVE-2021-43076
+ RESERVED
+CVE-2021-43075
+ RESERVED
+CVE-2021-43074
+ RESERVED
+CVE-2021-43073
+ RESERVED
+CVE-2021-43072
+ RESERVED
+CVE-2021-43071
+ RESERVED
+CVE-2021-43070
+ RESERVED
+CVE-2021-43069
+ RESERVED
+CVE-2021-43068
+ RESERVED
+CVE-2021-43067
+ RESERVED
+CVE-2021-43066
+ RESERVED
+CVE-2021-43065
+ RESERVED
+CVE-2021-43064
+ RESERVED
+CVE-2021-43063
+ RESERVED
+CVE-2021-43062
+ RESERVED
CVE-2022-20621
RESERVED
CVE-2022-20620
@@ -683,6 +723,7 @@ CVE-2021-42764 (The Proof-of-Stake (PoS) Ethereum consensus
protocol through 202
CVE-2021-42763
RESERVED
CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before
2.34.1 allow ...)
+ {DSA-4996-1 DSA-4995-1}
- webkit2gtk 2.34.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.1-1
@@ -5475,8 +5516,8 @@ CVE-2021-41196
RESERVED
CVE-2021-41195
RESERVED
-CVE-2021-41194
- RESERVED
+CVE-2021-41194 (FirstUseAuthenticator is a JupyterHub authenticator that helps
new use ...)
+ TODO: check
CVE-2021-41193
RESERVED
CVE-2021-41192
@@ -16574,16 +16615,16 @@ CVE-2021-36553
RESERVED
CVE-2021-36552
RESERVED
-CVE-2021-36551
- RESERVED
-CVE-2021-36550
- RESERVED
+CVE-2021-36551 (TikiWiki v21.4 was discovered to contain a cross-site
scripting (XSS) ...)
+ TODO: check
+CVE-2021-36550 (TikiWiki v21.4 was discovered to contain a cross-site
scripting (XSS) ...)
+ TODO: check
CVE-2021-36549
RESERVED
-CVE-2021-36548
- RESERVED
-CVE-2021-36547
- RESERVED
+CVE-2021-36548 (A remote code execution (RCE) vulnerability in the component
/admin/in ...)
+ TODO: check
+CVE-2021-36547 (A remote code execution (RCE) vulnerability in the component
/codebase ...)
+ TODO: check
CVE-2021-36546
RESERVED
CVE-2021-36545
@@ -30462,6 +30503,7 @@ CVE-2021-30853 (This issue was addressed with improved
checks. This issue is fix
CVE-2021-30852 (A type confusion issue was addressed with improved memory
handling. Th ...)
TODO: check
CVE-2021-30851 (A memory corruption vulnerability was addressed with improved
locking. ...)
+ {DSA-4996-1 DSA-4995-1}
- webkit2gtk 2.34.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.1-1
@@ -30485,6 +30527,7 @@ CVE-2021-30848 (A memory corruption issue was addressed
with improved memory han
CVE-2021-30847 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2021-30846 (A memory corruption issue was addressed with improved memory
handling. ...)
+ {DSA-4996-1 DSA-4995-1}
- webkit2gtk 2.34.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.1-1
@@ -43604,8 +43647,7 @@ CVE-2021-25744
RESERVED
CVE-2021-25743
RESERVED
-CVE-2021-25742
- RESERVED
+CVE-2021-25742 (A security issue was discovered in ingress-nginx where a user
that can ...)
NOT-FOR-US: Kubernetes ingress-nginx component
CVE-2021-25741 (A security issue was discovered in Kubernetes where a user may
be able ...)
- kubernetes <unfixed>
@@ -44900,6 +44942,7 @@ CVE-2021-25221
CVE-2021-25220
RESERVED
CVE-2021-25219 (In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and
versions 9.9.3- ...)
+ {DSA-4994-1}
- bind9 1:9.17.19-1
NOTE: https://kb.isc.org/docs/cve-2021-25219
NOTE:
https://gitlab.isc.org/isc-projects/bind9/commit/8fe18c0566c41228a568157287f5a44f96d37662
(v9_16_22)
@@ -79753,14 +79796,14 @@ CVE-2020-23551
RESERVED
CVE-2020-23550
RESERVED
-CVE-2020-23549
- RESERVED
+CVE-2020-23549 (IrfanView 4.54 allows attackers to cause a denial of service
or possib ...)
+ TODO: check
CVE-2020-23548
RESERVED
CVE-2020-23547
RESERVED
-CVE-2020-23546
- RESERVED
+CVE-2020-23546 (IrfanView 4.54 allows attackers to cause a denial of service
or possib ...)
+ TODO: check
CVE-2020-23545
RESERVED
CVE-2020-23544
@@ -106216,6 +106259,7 @@ CVE-2020-12270 (** DISPUTED ** React Native Bluetooth
Scan in Bluezone 1.0.0 use
CVE-2020-12269
RESERVED
CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec
before 0.18 h ...)
+ {DLA-2796-1}
- jbig2dec 0.18-1
[buster] - jbig2dec <no-dsa> (Minor issue)
[jessie] - jbig2dec <no-dsa> (Minor issue)
@@ -200849,7 +200893,7 @@ CVE-2018-17939 (An issue was discovered in GitLab
Community and Enterprise Editi
CVE-2018-17938 (Zimbra Collaboration before 8.8.10 GA allows text content
spoofing via ...)
NOT-FOR-US: Zimbra
CVE-2018-17937 (gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3,
an open ...)
- {DLA-1738-1}
+ {DLA-2795-1 DLA-1738-1}
[experimental] - gpsd 3.18.1-1
- gpsd 3.17-6 (low; bug #925327)
NOTE:
http://git.savannah.nongnu.org/cgit/gpsd.git/commit/?id=7646cbd04055a50b157312ba6b376e88bd398c19
@@ -275184,6 +275228,7 @@ CVE-2017-9217 (systemd-resolved through 233 allows
remote attackers to cause a d
[wheezy] - systemd <not-affected> (vulnerable code introduced later)
NOTE: https://github.com/systemd/systemd/pull/5998
CVE-2017-9216 (libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and
Ghostscri ...)
+ {DLA-2796-1}
- jbig2dec 0.13-5 (bug #863279)
[jessie] - jbig2dec <no-dsa> (Minor issue)
[wheezy] - jbig2dec <no-dsa> (Minor issue, can be fixed in a future
update)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2065cb1a68aa369b72e6fc117d32f1ead5a53610
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2065cb1a68aa369b72e6fc117d32f1ead5a53610
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
