[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 28 Nov 2021 12:10:35 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
802df9f8 by security tracker role at 2021-11-28T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2021-4025
+       RESERVED
 CVE-2021-44235
        RESERVED
 CVE-2021-44234
@@ -12129,7 +12131,7 @@ CVE-2021-40529 (The ElGamal implementation in Botan 
through 2.18.1, as used in T
        NOTE: Fixed by: 
https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2
        NOTE: 
https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
        NOTE: 
https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
-CVE-2021-33560
+CVE-2021-33560 (Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles 
ElGamal encry ...)
        - libgcrypt20 1.9.4-2
        [bullseye] - libgcrypt20 <no-dsa> (Minor issue)
        [buster] - libgcrypt20 <no-dsa> (Minor issue)
@@ -28835,7 +28837,7 @@ CVE-2021-33562 (A reflected cross-site scripting (XSS) 
vulnerability in Shopizer
        NOT-FOR-US: Shopizer
 CVE-2021-33561 (A stored cross-site scripting (XSS) vulnerability in Shopizer 
before 2 ...)
        NOT-FOR-US: Shopizer
-CVE-2021-40528
+CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows 
plaintext  ...)
        {DLA-2691-1}
        - libgcrypt20 1.8.7-6
        [buster] - libgcrypt20 1.8.4-5+deb10u1
@@ -88701,7 +88703,7 @@ CVE-2020-21915
 CVE-2020-21914
        RESERVED
 CVE-2020-21913 (International Components for Unicode (ICU-20850) v66.1 was 
discovered  ...)
-       {DLA-2784-1}
+       {DSA-5014-1 DLA-2784-1}
        - icu 67.1-2
        NOTE: https://github.com/unicode-org/icu/pull/886
        NOTE: https://unicode-org.atlassian.net/browse/ICU-20850
@@ -150109,7 +150111,7 @@ CVE-2019-17457
 CVE-2019-17456
        RESERVED
 CVE-2019-17455 (Libntlm through 1.5 relies on a fixed buffer size for 
tSmbNtlmAuthRequ ...)
-       {DLA-2207-1}
+       {DLA-2831-1 DLA-2207-1}
        - libntlm 1.6-1 (bug #942145)
        [buster] - libntlm 1.5-1+deb10u1
        NOTE: https://gitlab.com/jas/libntlm/issues/2
@@ -191798,7 +191800,7 @@ CVE-2018-20483 (set_file_metadata in xattr.c in GNU 
Wget before 1.20.1 stores a
        NOTE: Don't use extended attributes by default: 
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c125d24762962d91050d925fbbd9e6f30b2302f8
        NOTE: Introduced by: 
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=a933bdd31eee9c956a3b5cc142f004ef1fa94cb3
 (v1.19)
 CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file 
shrinkage ...)
-       {DLA-1623-1}
+       {DLA-2830-1 DLA-1623-1}
        - tar 1.30+dfsg-3.1 (bug #917377)
        NOTE: 
https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug
        NOTE: https://news.ycombinator.com/item?id=18745431



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/802df9f872183b74059e7e2b0e2620375fe69384

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/802df9f872183b74059e7e2b0e2620375fe69384
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to