[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 27 Nov 2021 12:10:38 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f493ecaa by security tracker role at 2021-11-27T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -150,8 +150,8 @@ CVE-2021-44221
        RESERVED
 CVE-2021-4021
        RESERVED
-CVE-2021-4020
-       RESERVED
+CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input 
During ...)
+       TODO: check
 CVE-2021-4019
        RESERVED
 CVE-2021-44220
@@ -714,11 +714,13 @@ CVE-2021-3975 [segmentation fault during VM shutdown can 
lead to vdsm hung]
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024326
        NOTE: Fixed by: 
https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7
 (v7.1.0-rc2)
 CVE-2021-44025 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to 
XSS in han ...)
+       {DSA-5013-1}
        - roundcube 1.5.0+dfsg.1-1 (bug #1000156)
        NOTE: https://github.com/roundcube/roundcubemail/issues/8193
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a
 (1.4.12)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7
 (1.3.17)
 CVE-2021-44026 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a 
potentia ...)
+       {DSA-5013-1}
        - roundcube 1.5.0+dfsg.1-1 (bug #1000156)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1
 (1.4.12)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa
 (1.3.17)
@@ -10470,6 +10472,7 @@ CVE-2021-41231
 CVE-2021-41230 (Pomerium is an open source identity-aware access proxy. In 
affected ve ...)
        NOT-FOR-US: Pomerium
 CVE-2021-41229 (BlueZ is a Bluetooth protocol stack for Linux. In affected 
versions a  ...)
+       {DLA-2827-1}
        - bluez <unfixed> (bug #1000262)
        [bullseye] - bluez <no-dsa> (Minor issue)
        [buster] - bluez <no-dsa> (Minor issue)
@@ -177534,11 +177537,13 @@ CVE-2019-8923 (XAMPP through 5.6.8 and previous 
allows SQL injection via the cds
        NOT-FOR-US: XAMPP
 CVE-2019-8922
        RESERVED
+       {DLA-2827-1}
        - bluez 5.54-1
        NOTE: 
https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/
        NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6c7243fb6ab90b7b855cead98c66394fedea135f
 (5.51)
 CVE-2019-8921
        RESERVED
+       {DLA-2827-1}
        - bluez 5.54-1
        NOTE: 
https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/
        NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7bf67b32709d828fafa26256b4c78331760c6e93
 (5.51)
@@ -226528,14 +226533,14 @@ CVE-2018-10395
 CVE-2018-10394
        RESERVED
 CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a 
stack-b ...)
-       {DLA-2013-1}
+       {DLA-2828-1 DLA-2013-1}
        - libvorbis 1.3.6-2 (bug #876780)
        [wheezy] - libvorbis <ignored> (Minor issue)
        NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2334
        NOTE: Fixed by: 
https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
        NOTE: Same patch as for CVE-2017-14160
 CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 
does not va ...)
-       {DLA-2013-1}
+       {DLA-2828-1 DLA-2013-1}
        - libvorbis 1.3.6-2 (bug #876780)
        [wheezy] - libvorbis <ignored> (Minor issue)
        NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335
@@ -265646,7 +265651,7 @@ CVE-2017-14165 (The ReadSUNImage function in 
coders/sun.c in GraphicsMagick 1.3.
        NOTE: https://www.openwall.com/lists/oss-security/2017/09/06/4
        NOTE: https://sourceforge.net/p/graphicsmagick/bugs/442/
 CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org 
libvorbis 1.3.5  ...)
-       {DLA-2013-1}
+       {DLA-2828-1 DLA-2013-1}
        - libvorbis 1.3.6-2 (bug #876780)
        [wheezy] - libvorbis <postponed> (Minor issue, can be revisited once 
fixed upstream)
        NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f493ecaa6238070df4ad0747cb8beb9f537c8666

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f493ecaa6238070df4ad0747cb8beb9f537c8666
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to