[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 12 Nov 2021 12:10:35 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
42f5886f by security tracker role at 2021-11-12T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-43582
+       RESERVED
+CVE-2021-43581
+       RESERVED
+CVE-2021-43580
+       RESERVED
+CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC 
before 1. ...)
+       TODO: check
+CVE-2021-3950
+       RESERVED
 CVE-2022-21220
        RESERVED
 CVE-2022-21207
@@ -18,14 +28,11 @@ CVE-2022-21125
        RESERVED
 CVE-2022-21123
        RESERVED
-CVE-2021-43578
-       RESERVED
+CVE-2021-43578 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and 
earlier  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2021-43577
-       RESERVED
+CVE-2021-43577 (Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does 
not confi ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2021-43576
-       RESERVED
+CVE-2021-43576 (Jenkins pom2config Plugin 1.2 and earlier does not configure 
its XML p ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2021-42744
        RESERVED
@@ -189,8 +196,8 @@ CVE-2021-3936
        RESERVED
 CVE-2021-3935
        RESERVED
-CVE-2021-3934
-       RESERVED
+CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special 
Elements u ...)
+       TODO: check
 CVE-2021-3933
        RESERVED
        - openexr <unfixed>
@@ -254,16 +261,16 @@ CVE-2021-43498
        RESERVED
 CVE-2021-43497
        RESERVED
-CVE-2021-43496
-       RESERVED
+CVE-2021-43496 (Clustering master branch as of commit 
53e663e259bcfc8cdecb56c0bb255bd7 ...)
+       TODO: check
 CVE-2021-43495
        RESERVED
-CVE-2021-43494
-       RESERVED
-CVE-2021-43493
-       RESERVED
-CVE-2021-43492
-       RESERVED
+CVE-2021-43494 (OpenCV-REST-API master branch as of commit 
69be158c05d4dd5a4aff38fdc68 ...)
+       TODO: check
+CVE-2021-43493 (ServerManagement master branch as of commit 
49491cc6f94980e6be7791d17b ...)
+       TODO: check
+CVE-2021-43492 (AlquistManager branch as of commit 
280d99f43b11378212652e75f6f3159cde9 ...)
+       TODO: check
 CVE-2021-43491
        RESERVED
 CVE-2021-43490
@@ -688,7 +695,7 @@ CVE-2021-3924 (grav is vulnerable to Improper Limitation of 
a Pathname to a Rest
        NOT-FOR-US: Grav CMS
 CVE-2021-23222
        RESERVED
-       {DSA-5007-1 DSA-5006-1}
+       {DSA-5007-1 DSA-5006-1 DLA-2817-1}
        - postgresql-14 14.1-1
        - postgresql-13 <unfixed>
        - postgresql-11 <removed>
@@ -696,7 +703,7 @@ CVE-2021-23222
        NOTE: 
https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
 CVE-2021-23214
        RESERVED
-       {DSA-5007-1 DSA-5006-1}
+       {DSA-5007-1 DSA-5006-1 DLA-2817-1}
        - postgresql-14 14.1-1
        - postgresql-13 <unfixed>
        - postgresql-11 <removed>
@@ -4915,6 +4922,7 @@ CVE-2021-3886
 CVE-2021-3885
        RESERVED
 CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 
10.1.0-M5, ...)
+       {DSA-5009-1}
        - tomcat9 9.0.54-1
        [buster] - tomcat9 <not-affected> (Vulnerable code introduced later)
        - tomcat8 <removed>
@@ -6018,8 +6026,8 @@ CVE-2021-3857
        RESERVED
 CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request 
may cau ...)
        NOT-FOR-US: Apache MINA
-CVE-2021-41972
-       RESERVED
+CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database 
connect ...)
+       TODO: check
 CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with 
ENABLE_ ...)
        NOT-FOR-US: Apache Superset
 CVE-2021-3856
@@ -7659,8 +7667,8 @@ CVE-2021-41266
        RESERVED
 CVE-2021-41265
        RESERVED
-CVE-2021-41264
-       RESERVED
+CVE-2021-41264 (OpenZeppelin Contracts is a library for smart contract 
development. In ...)
+       TODO: check
 CVE-2021-41263
        RESERVED
 CVE-2021-41262
@@ -7669,8 +7677,8 @@ CVE-2021-41261
        RESERVED
 CVE-2021-41260
        RESERVED
-CVE-2021-41259
-       RESERVED
+CVE-2021-41259 (Nim is a systems programming language with a focus on 
efficiency, expr ...)
+       TODO: check
 CVE-2021-41258
        RESERVED
 CVE-2021-41257
@@ -7679,8 +7687,8 @@ CVE-2021-41256
        RESERVED
 CVE-2021-41255
        RESERVED
-CVE-2021-41254
-       RESERVED
+CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in 
running  ...)
+       TODO: check
 CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis 
versions v ...)
        - zydis <unfixed> (bug #999431)
        NOTE: 
https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g
@@ -13108,8 +13116,8 @@ CVE-2021-38987
        RESERVED
 CVE-2021-38986
        RESERVED
-CVE-2021-38985
-       RESERVED
+CVE-2021-38985 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 
receives inp ...)
+       TODO: check
 CVE-2021-38984
        RESERVED
 CVE-2021-38983
@@ -13132,10 +13140,10 @@ CVE-2021-38975
        RESERVED
 CVE-2021-38974
        RESERVED
-CVE-2021-38973
-       RESERVED
-CVE-2021-38972
-       RESERVED
+CVE-2021-38973 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 
receives inp ...)
+       TODO: check
+CVE-2021-38972 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 
receives inp ...)
+       TODO: check
 CVE-2021-38971
        RESERVED
 CVE-2021-38970
@@ -55479,14 +55487,11 @@ CVE-2021-21702 (In PHP versions 7.3.x below 7.3.27, 
7.4.x below 7.4.15 and 8.0.x
        - php7.0 <removed>
        NOTE: Fixed in PHP 8.0.2, 7.4.15, 7.3.27
        NOTE: PHP Bug: https://bugs.php.net/80672
-CVE-2021-21701
-       RESERVED
+CVE-2021-21701 (Jenkins Performance Plugin 3.20 and earlier does not configure 
its XML ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2021-21700
-       RESERVED
+CVE-2021-21700 (Jenkins Scriptler Plugin 3.3 and earlier does not escape the 
name of s ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2021-21699
-       RESERVED
+CVE-2021-21699 (Jenkins Active Choices Plugin 2.5.6 and earlier does not 
escape the pa ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2021-21698 (Jenkins Subversion Plugin 2.15.0 and earlier does not restrict 
the nam ...)
        NOT-FOR-US: Jenkins plugin
@@ -130973,8 +130978,8 @@ CVE-2020-4148
        RESERVED
 CVE-2020-4147
        RESERVED
-CVE-2020-4146
-       RESERVED
+CVE-2020-4146 (IBM Security SiteProtector System 3.1.1 could allow a remote 
attacker  ...)
+       TODO: check
 CVE-2020-4145
        RESERVED
 CVE-2020-4144
@@ -130985,8 +130990,8 @@ CVE-2020-4142
        RESERVED
 CVE-2020-4141
        RESERVED
-CVE-2020-4140
-       RESERVED
+CVE-2020-4140 (IBM Security SiteProtector System 3.1.1 is vulnerable to 
cross-site sc ...)
+       TODO: check
 CVE-2020-4139
        RESERVED
 CVE-2020-4138



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42f5886f6ec71dd9e568391cfcfcc2a8d0ea679f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42f5886f6ec71dd9e568391cfcfcc2a8d0ea679f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to