[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 30 Oct 2021 01:10:30 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0e8ad1d5 by security tracker role at 2021-10-30T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -65383,18 +65383,18 @@ CVE-2021-1125
        RESERVED
 CVE-2021-1124
        RESERVED
-CVE-2021-1123
-       RESERVED
-CVE-2021-1122
-       RESERVED
-CVE-2021-1121
-       RESERVED
-CVE-2021-1120
-       RESERVED
-CVE-2021-1119
-       RESERVED
-CVE-2021-1118
-       RESERVED
+CVE-2021-1123 (NVIDIA vGPU software contains a vulnerability in the Virtual 
GPU Manag ...)
+       TODO: check
+CVE-2021-1122 (NVIDIA vGPU software contains a vulnerability in the Virtual 
GPU Manag ...)
+       TODO: check
+CVE-2021-1121 (NVIDIA vGPU software contains a vulnerability in the Virtual 
GPU Manag ...)
+       TODO: check
+CVE-2021-1120 (NVIDIA vGPU software contains a vulnerability in the Virtual 
GPU Manag ...)
+       TODO: check
+CVE-2021-1119 (NVIDIA vGPU software contains a vulnerability in the Virtual 
GPU Manag ...)
+       TODO: check
+CVE-2021-1118 (NVIDIA vGPU software contains a vulnerability in the Virtual 
GPU Manag ...)
+       TODO: check
 CVE-2021-1117 (Windows contains a vulnerability in the kernel mode layer 
(nvlddmkm.sy ...)
        TODO: check
 CVE-2021-1116 (NVIDIA GPU Display Driver for Windows contains a vulnerability 
in the  ...)
@@ -74238,8 +74238,8 @@ CVE-2020-25883
        RESERVED
 CVE-2020-25882
        RESERVED
-CVE-2020-25881
-       RESERVED
+CVE-2020-25881 (A vulnerability was discovered in the filename parameter in 
pathindex. ...)
+       TODO: check
 CVE-2020-25880
        RESERVED
 CVE-2020-25879 (A stored cross site scripting (XSS) vulnerability in the 
'Manage Users ...)
@@ -74254,10 +74254,10 @@ CVE-2020-25875 (A stored cross site scripting (XSS) 
vulnerability in the 'Smiley
        NOT-FOR-US: Codoforum
 CVE-2020-25874
        RESERVED
-CVE-2020-25873
-       RESERVED
-CVE-2020-25872
-       RESERVED
+CVE-2020-25873 (A directory traversal vulnerability in the component 
system/manager/cl ...)
+       TODO: check
+CVE-2020-25872 (A vulnerability exists within the FileManagerController.php 
function i ...)
+       TODO: check
 CVE-2020-25871
        RESERVED
 CVE-2020-25870
@@ -114195,6 +114195,7 @@ CVE-2020-10003 (An issue existed within the path 
validation logic for symlinks.
 CVE-2020-10002 (A logic issue was addressed with improved state management. 
This issue ...)
        NOT-FOR-US: Apple
 CVE-2020-10001 (An input validation issue was addressed with improved memory 
handling. ...)
+       {DLA-2800-1}
        - cups 2.3.3op2-1
        [buster] - cups <no-dsa> (Minor issue)
        NOTE: 
https://github.com/OpenPrinting/cups/commit/efbea1742bd30f842fbbfb87a473e5c84f4162f9
 (v2.3.3op2)
@@ -148885,6 +148886,7 @@ CVE-2019-15941 (OpenID Connect Issuer in 
LemonLDAP::NG 2.x through 2.0.5 may all
 CVE-2019-15940 (Victure PC530 devices allow unauthenticated TELNET access as 
root. ...)
        NOT-FOR-US: Victure PC530 devices
 CVE-2019-15939 (An issue was discovered in OpenCV 4.1.0. There is a 
divide-by-zero err ...)
+       {DLA-2799-1}
        - opencv 4.1.2+dfsg-3
        [buster] - opencv <no-dsa> (Minor issue)
        [jessie] - opencv <no-dsa> (Minor issue)
@@ -153711,6 +153713,7 @@ CVE-2019-14494 (An issue was discovered in Poppler 
through 0.78.0. There is a di
        NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317
        NOTE: 
https://gitlab.freedesktop.org/poppler/poppler/commit/b224e2f5739fe61de9fa69955d016725b2a4b78d
 CVE-2019-14493 (An issue was discovered in OpenCV before 4.1.1. There is a 
NULL pointe ...)
+       {DLA-2799-1}
        [experimental] - opencv 4.1.1+dfsg-1
        - opencv 4.1.2+dfsg-3
        [buster] - opencv <no-dsa> (Minor issue)
@@ -235934,13 +235937,13 @@ CVE-2018-5271 (** DISPUTED ** In Malwarebytes 
Premium 3.3.1.2183, the driver fil
 CVE-2018-5270 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver 
file (FA ...)
        NOT-FOR-US: Malwarebytes Premium
 CVE-2018-5269 (In OpenCV 3.3.1, an assertion failure happens in 
cv::RBaseStream::setP ...)
-       {DLA-1438-1 DLA-1354-1}
+       {DLA-2799-1 DLA-1438-1 DLA-1354-1}
        [experimental] - opencv 3.4.4+dfsg-1~exp1
        - opencv 3.2.0+dfsg-6 (bug #886675)
        NOTE: https://github.com/opencv/opencv/issues/10540
        NOTE: 2.4 backport: 
https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
 CVE-2018-5268 (In OpenCV 3.3.1, a heap-based buffer overflow happens in 
cv::Jpeg2KDec ...)
-       {DLA-1438-1 DLA-1354-1}
+       {DLA-2799-1 DLA-1438-1 DLA-1354-1}
        [experimental] - opencv 3.4.4+dfsg-1~exp1
        - opencv 3.2.0+dfsg-6 (bug #886674)
        NOTE: https://github.com/opencv/opencv/issues/10541
@@ -239588,7 +239591,7 @@ CVE-2017-1000452 (An XML Signature Wrapping 
vulnerability exists in Samlify 2.2.
 CVE-2017-1000451 (fs-git is a file system like api for git repository. The 
fs-git versio ...)
        NOT-FOR-US: fs-git
 CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions 
FillUniColor and  ...)
-       {DLA-1438-1 DLA-1235-1}
+       {DLA-2799-1 DLA-1438-1 DLA-1235-1}
        [experimental] - opencv 3.4.4+dfsg-1~exp1
        - opencv 3.2.0+dfsg-6 (bug #886282)
        NOTE: https://github.com/opencv/opencv/issues/9723
@@ -241113,7 +241116,7 @@ CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based 
buffer over-read in read_c
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853
        NOTE: Crash in desktop tool, no/negligible security impact
 CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the 
cv::PxMDecoder::readData fun ...)
-       {DLA-1438-1 DLA-1235-1}
+       {DLA-2799-1 DLA-1438-1 DLA-1235-1}
        [experimental] - opencv 3.4.4+dfsg-1~exp1
        - opencv 3.2.0+dfsg-6 (bug #885843)
        NOTE: https://github.com/opencv/opencv/issues/10351
@@ -264284,17 +264287,17 @@ CVE-2017-12865 (Stack-based buffer overflow in 
"dnsproxy.c" in connman 1.34 and
        - connman 1.35-1 (bug #872844)
        NOTE: 
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71
 (1.35)
 CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function 
ReadNumber did ...)
-       {DLA-1438-1 DLA-1117-1}
+       {DLA-2799-1 DLA-1438-1 DLA-1117-1}
        [experimental] - opencv 3.4.4+dfsg-1~exp1
        - opencv 3.2.0+dfsg-6 (bug #875345)
        NOTE: https://github.com/opencv/opencv/issues/9372
 CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function 
PxMDecoder::re ...)
-       {DLA-1438-1 DLA-1117-1}
+       {DLA-2799-1 DLA-1438-1 DLA-1117-1}
        [experimental] - opencv 3.4.4+dfsg-1~exp1
        - opencv 3.2.0+dfsg-6 (bug #875344)
        NOTE: https://github.com/opencv/opencv/issues/9371
 CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer 
AutoBuffe ...)
-       {DLA-1438-1 DLA-1117-1}
+       {DLA-2799-1 DLA-1438-1 DLA-1117-1}
        [experimental] - opencv 3.4.4+dfsg-1~exp1
        - opencv 3.2.0+dfsg-6 (bug #875342)
        NOTE: https://github.com/opencv/opencv/issues/9370
@@ -265116,22 +265119,22 @@ CVE-2017-12607 (A vulnerability in OpenOffice's PPT 
file parser before 4.1.4, an
 CVE-2016-10404 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted 
redirect  ...)
        NOT-FOR-US: Liferay Portal
 CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has 
an out-of ...)
-       {DLA-1438-1 DLA-1117-1}
+       {DLA-2799-1 DLA-1438-1 DLA-1117-1}
        [experimental] - opencv 3.4.4+dfsg-1~exp1
        - opencv 3.2.0+dfsg-6 (bug #872044)
        NOTE: https://github.com/opencv/opencv/issues/9309
 CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has 
an out-of ...)
-       {DLA-1438-1 DLA-1117-1}
+       {DLA-2799-1 DLA-1438-1 DLA-1117-1}
        [experimental] - opencv 3.4.4+dfsg-1~exp1
        - opencv 3.2.0+dfsg-6 (bug #872044)
        NOTE: https://github.com/opencv/opencv/issues/9309
 CVE-2017-12604 (OpenCV (Open Source Computer Vision Library) through 3.3 has 
an out-of ...)
-       {DLA-1438-1 DLA-1117-1}
+       {DLA-2799-1 DLA-1438-1 DLA-1117-1}
        [experimental] - opencv 3.4.4+dfsg-1~exp1
        - opencv 3.2.0+dfsg-6 (bug #872044)
        NOTE: https://github.com/opencv/opencv/issues/9309
 CVE-2017-12603 (OpenCV (Open Source Computer Vision Library) through 3.3 has 
an invali ...)
-       {DLA-1438-1 DLA-1117-1}
+       {DLA-2799-1 DLA-1438-1 DLA-1117-1}
        [experimental] - opencv 3.4.4+dfsg-1~exp1
        - opencv 3.2.0+dfsg-6 (bug #872044)
        NOTE: https://github.com/opencv/opencv/issues/9309
@@ -265143,7 +265146,7 @@ CVE-2017-12602 (OpenCV (Open Source Computer Vision 
Library) through 3.3 has a d
        [wheezy] - opencv <ignored> (Minor issue)
        NOTE: https://github.com/opencv/opencv/issues/9311
 CVE-2017-12601 (OpenCV (Open Source Computer Vision Library) through 3.3 has a 
buffer  ...)
-       {DLA-1438-1 DLA-1117-1}
+       {DLA-2799-1 DLA-1438-1 DLA-1117-1}
        [experimental] - opencv 3.4.4+dfsg-1~exp1
        - opencv 3.2.0+dfsg-6 (bug #872044)
        NOTE: https://github.com/opencv/opencv/issues/9309
@@ -265155,17 +265158,17 @@ CVE-2017-12600 (OpenCV (Open Source Computer Vision 
Library) through 3.3 has a d
        [wheezy] - opencv <ignored> (Minor issue)
        NOTE: https://github.com/opencv/opencv/issues/9311
 CVE-2017-12599 (OpenCV (Open Source Computer Vision Library) through 3.3 has 
an out-of ...)
-       {DLA-1438-1 DLA-1117-1}
+       {DLA-2799-1 DLA-1438-1 DLA-1117-1}
        [experimental] - opencv 3.4.4+dfsg-1~exp1
        - opencv 3.2.0+dfsg-6 (bug #872044)
        NOTE: https://github.com/opencv/opencv/issues/9309
 CVE-2017-12598 (OpenCV (Open Source Computer Vision Library) through 3.3 has 
an out-of ...)
-       {DLA-1438-1 DLA-1117-1}
+       {DLA-2799-1 DLA-1438-1 DLA-1117-1}
        [experimental] - opencv 3.4.4+dfsg-1~exp1
        - opencv 3.2.0+dfsg-6 (bug #872044)
        NOTE: https://github.com/opencv/opencv/issues/9309
 CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has 
an out-of ...)
-       {DLA-1438-1 DLA-1117-1}
+       {DLA-2799-1 DLA-1438-1 DLA-1117-1}
        [experimental] - opencv 3.4.4+dfsg-1~exp1
        - opencv 3.2.0+dfsg-6 (bug #872044)
        NOTE: https://github.com/opencv/opencv/issues/9309
@@ -328439,7 +328442,7 @@ CVE-2016-1517 (OpenCV 3.0.0 allows remote attackers 
to cause a denial of service
        NOTE: https://arxiv.org/pdf/1701.04739.pdf
        NOTE: https://github.com/opencv/opencv/issues/5956
 CVE-2016-1516 (OpenCV 3.0.0 has a double free issue that allows attackers to 
execute  ...)
-       {DLA-1438-1 DLA-1117-1}
+       {DLA-2799-1 DLA-1438-1 DLA-1117-1}
        [experimental] - opencv 3.4.4+dfsg-1~exp1
        - opencv 3.2.0+dfsg-6 (bug #872043)
        NOTE: https://arxiv.org/pdf/1701.04739.pdf



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e8ad1d51f339c1d7509227e33794d8adea679f1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e8ad1d51f339c1d7509227e33794d8adea679f1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to