Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8c660d04 by Salvatore Bonaccorso at 2021-11-03T06:59:12+01:00
Add new trafficserver issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1360,8 +1360,10 @@ CVE-2015-10001 (The WP-Stats WordPress plugin before
2.52 does not have CSRF che
NOT-FOR-US: WordPress plugin
CVE-2021-43083
RESERVED
-CVE-2021-43082
+CVE-2021-43082 [heap-buffer-overflow with stats-over-http plugin]
RESERVED
+ - trafficserver <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
CVE-2021-3915
RESERVED
CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is
lacking ...)
@@ -6025,8 +6027,10 @@ CVE-2021-3828 (nltk is vulnerable to Inefficient Regular
Expression Complexity .
[stretch] - nltk <no-dsa> (Minor issue)
NOTE:
https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6
NOTE: https://github.com/nltk/nltk/pull/2816
-CVE-2021-41585
+CVE-2021-41585 [ATS stops accepting connections on FreeBSD]
RESERVED
+ - trafficserver <not-affected> (Only affects FreeBSD)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized
viewing of a ...)
NOT-FOR-US: Gradle Enterprise
CVE-2021-41583 (vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14,
as packa ...)
@@ -14227,8 +14231,12 @@ CVE-2021-38163 (SAP NetWeaver (Visual Composer 7.0 RT)
versions - 7.30, 7.31, 7.
NOT-FOR-US: SAP
CVE-2021-38162 (SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81,
KRNL64NUC - 7.22 ...)
NOT-FOR-US: SAP
-CVE-2021-38161
+CVE-2021-38161 [Not validating origin TLS certificate]
RESERVED
+ - trafficserver 9.1.0+ds-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: Mark first 9.x version as the fixed version as workaround, the
issue does
+ NOTE: not affect the 9.x series.
CVE-2021-38166 (In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8,
there is a ...)
{DSA-4978-1}
- linux 5.14.6-1
@@ -16610,12 +16618,18 @@ CVE-2021-37159 (hso_free_net_device in
drivers/net/usb/hso.c in the Linux kernel
NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html
CVE-2021-37150
RESERVED
-CVE-2021-37149
+CVE-2021-37149 [Request Smuggling - multiple attacks]
RESERVED
-CVE-2021-37148
+ - trafficserver <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+CVE-2021-37148 [Request Smuggling - transfer encoding validation]
RESERVED
-CVE-2021-37147
+ - trafficserver <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+CVE-2021-37147 [Request Smuggling - LF line ending]
RESERVED
+ - trafficserver <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in
ROS Melodi ...)
[experimental] - ros-ros-comm 1.15.13+ds1-1
- ros-ros-comm 1.15.13+ds1-2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c660d0417487c62570724834ad43869a059adb3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c660d0417487c62570724834ad43869a059adb3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
