Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
38958deb by Salvatore Bonaccorso at 2021-12-18T10:51:34+01:00
Merge in changes accepted for bullseye 11.2
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1342,6 +1342,7 @@ CVE-2021-44717
RESERVED
- golang-1.17 1.17.5-1
- golang-1.15 1.15.15-5
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
- golang-1.11 <removed>
- golang-1.8 <removed>
- golang-1.7 <removed>
@@ -1353,6 +1354,7 @@ CVE-2021-44716
RESERVED
- golang-1.17 1.17.5-1
- golang-1.15 1.15.15-5
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
- golang-1.11 <removed>
- golang-1.8 <removed>
- golang-1.7 <removed>
@@ -1805,14 +1807,14 @@ CVE-2021-44543
RESERVED
{DLA-2844-1}
- privoxy 3.0.33-1
- [bullseye] - privoxy <no-dsa> (Minor issue)
+ [bullseye] - privoxy 3.0.32-2+deb11u1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
NOTE:
https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409cbf4ab8bf2d79be204bd4e81a00d85
(v_3_0_33)
CVE-2021-44542
RESERVED
- privoxy 3.0.33-1
- [bullseye] - privoxy <no-dsa> (Minor issue)
+ [bullseye] - privoxy 3.0.32-2+deb11u1
[buster] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
[stretch] - privoxy <not-affected> (Vulnerable code introduced in
3.0.29)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
@@ -1820,7 +1822,7 @@ CVE-2021-44542
CVE-2021-44541
RESERVED
- privoxy 3.0.33-1
- [bullseye] - privoxy <no-dsa> (Minor issue)
+ [bullseye] - privoxy 3.0.32-2+deb11u1
[buster] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
[stretch] - privoxy <not-affected> (Vulnerable code introduced in
3.0.29)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
@@ -1829,7 +1831,7 @@ CVE-2021-44540
RESERVED
{DLA-2844-1}
- privoxy 3.0.33-1
- [bullseye] - privoxy <no-dsa> (Minor issue)
+ [bullseye] - privoxy 3.0.32-2+deb11u1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
NOTE:
https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb07592c0912cf938a50fcd009fa29a0a
(v_3_0_33)
@@ -2175,7 +2177,7 @@ CVE-2021-44421
RESERVED
CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before
3.2.10, ...)
- python-django 2:3.2.10-1
- [bullseye] - python-django <no-dsa> (Minor issue)
+ [bullseye] - python-django 2:2.2.25-1~deb11u1
[buster] - python-django <no-dsa> (Minor issue)
[stretch] - python-django <not-affected> (Vulnerable code not present;
path converters added later)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/07/1
@@ -2724,7 +2726,7 @@ CVE-2021-4022
RESERVED
CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not
sufficiently re ...)
- keepalived 1:2.2.4-0.2
- [bullseye] - keepalived <no-dsa> (Minor issue)
+ [bullseye] - keepalived 1:2.1.5-0.2+deb11u1
[buster] - keepalived <no-dsa> (Minor issue)
[stretch] - keepalived <no-dsa> (Minor issue)
NOTE: https://github.com/acassen/keepalived/pull/2063
@@ -5213,7 +5215,7 @@ CVE-2021-43619
CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1
has an m ...)
{DLA-2837-1}
- gmp 2:6.2.1+dfsg-3 (bug #994405)
- [bullseye] - gmp <no-dsa> (Minor issue)
+ [bullseye] - gmp 2:6.2.1+dfsg-1+deb11u1
[buster] - gmp <no-dsa> (Minor issue)
NOTE:
https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
NOTE: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
@@ -5236,7 +5238,7 @@ CVE-2021-43613
CVE-2021-43612 [crash in SONMP decoder]
RESERVED
- lldpd 1.0.13-1
- [bullseye] - lldpd <no-dsa> (Minor issue)
+ [bullseye] - lldpd 1.0.11-1+deb11u1
[buster] - lldpd <no-dsa> (Minor issue)
[stretch] - lldpd <no-dsa> (Minor issue)
NOTE:
https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7
(1.0.13)
@@ -5321,6 +5323,7 @@ CVE-2021-43580
RESERVED
CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC
before 1. ...)
- htmldoc 1.9.13-1 (unimportant)
+ [bullseye] - htmldoc 1.9.11-4+deb11u1
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b
(v1.9.13)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/453
NOTE: Crash in CLI tool, no security impact
@@ -7414,7 +7417,7 @@ CVE-2021-43175 (The GOautodial API prior to commit
3c3a979 made on October 13th,
NOT-FOR-US: GOautodial API
CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification
of Obj ...)
- node-json-schema 0.4.0+~7.0.9-1 (bug #999765)
- [bullseye] - node-json-schema <no-dsa> (Minor issue)
+ [bullseye] - node-json-schema 0.3.0+~7.0.6-1+deb11u1
[buster] - node-json-schema <no-dsa> (Minor issue)
NOTE:
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
(v0.4.0)
CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including
0.10.1, suppo ...)
@@ -8040,7 +8043,7 @@ CVE-2021-42918
RESERVED
CVE-2021-42917 (Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows
attacker ...)
- kodi 2:19.3+dfsg1-1 (bug #998419)
- [bullseye] - kodi <no-dsa> (Minor issue)
+ [bullseye] - kodi 2:19.1+dfsg2-2+deb11u1
[buster] - kodi <no-dsa> (Minor issue)
[stretch] - kodi <postponed> (no point in fixing this when the more
severe CVE-2017-5982 is ignored)
- xbmc <removed>
@@ -12025,7 +12028,7 @@ CVE-2021-41771 (ImportedSymbols in debug/macho (for
Open or OpenFat) in Go befor
- golang-1.17 1.17.3-1
- golang-1.16 1.16.10-1
- golang-1.15 1.15.15-5
- [bullseye] - golang-1.15 <no-dsa> (Minor issue; will be fixed via point
release)
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
@@ -13373,17 +13376,20 @@ CVE-2021-41185 (Mycodo is an environmental monitoring
and regulation system. An
NOT-FOR-US: Mycodo
CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior
to vers ...)
- jqueryui 1.13.0+dfsg-1
+ [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
[stretch] - jqueryui <no-dsa> (Minor issue)
NOTE:
https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
NOTE:
https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior
to vers ...)
- jqueryui 1.13.0+dfsg-1
+ [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
[stretch] - jqueryui <no-dsa> (Minor issue)
NOTE:
https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
NOTE: https://bugs.jqueryui.com/ticket/15284
NOTE: https://github.com/jquery/jquery-ui/pull/1953
CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior
to vers ...)
- jqueryui 1.13.0+dfsg-1
+ [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
[stretch] - jqueryui <no-dsa> (Minor issue)
NOTE:
https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
NOTE:
https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce
@@ -13609,13 +13615,13 @@ CVE-2021-41093 (Wire is an open source secure
messenger. In affected versions if
NOT-FOR-US: Wire iOS
CVE-2021-41092 (Docker CLI is the command line interface for the docker
container runt ...)
- docker.io 20.10.10+dfsg1-1 (bug #998292)
- [bullseye] - docker.io <no-dsa> (Minor issue)
+ [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
[buster] - docker.io <no-dsa> (Minor issue)
NOTE:
https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
NOTE:
https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
CVE-2021-41091 (Moby is an open-source project created by Docker to enable
software co ...)
- docker.io 20.10.10+dfsg1-1
- [bullseye] - docker.io <no-dsa> (Minor issue)
+ [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
[buster] - docker.io <no-dsa> (Minor issue)
NOTE:
https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
NOTE:
https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
@@ -13623,7 +13629,7 @@ CVE-2021-41090 (Grafana Agent is a telemetry collector
for sending metrics, logs
NOT-FOR-US: Grafana Agent
CVE-2021-41089 (Moby is an open-source project created by Docker to enable
software co ...)
- docker.io 20.10.10+dfsg1-1
- [bullseye] - docker.io <no-dsa> (Minor issue)
+ [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
[buster] - docker.io <no-dsa> (Minor issue)
NOTE:
https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4
CVE-2021-41088 (Elvish is a programming language and interactive shell,
combined into ...)
@@ -13659,7 +13665,7 @@ CVE-2021-3803 (nth-check is vulnerable to Inefficient
Regular Expression Complex
CVE-2021-3802 (A vulnerability found in udisks2. This flaw allows an attacker
to inpu ...)
{DLA-2809-1}
- udisks2 2.9.4-1
- [bullseye] - udisks2 <no-dsa> (Minor issue)
+ [bullseye] - udisks2 2.9.2-2+deb11u1
[buster] - udisks2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2003649
NOTE:
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt
@@ -13877,6 +13883,7 @@ CVE-2021-3800
RESERVED
CVE-2021-40985 (Buffer overflow vulnerability in htmldoc before 1.9.12, allows
attacke ...)
- htmldoc 1.9.13-1 (unimportant)
+ [bullseye] - htmldoc 1.9.11-4+deb11u1
NOTE: https://github.com/michaelrsweet/htmldoc/issues/444
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/f12b9666e582a8e7b70f11b28e5ffc49ad625d43
(v1.9.13)
NOTE: Crash in CLI tool, no security impact
@@ -14154,7 +14161,7 @@ CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong
Operator in String Compari
NOT-FOR-US: Hestia Control Panel
CVE-2021-3796 (vim is vulnerable to Use After Free ...)
- vim 2:8.2.3455-1 (bug #994497)
- [bullseye] - vim <no-dsa> (Minor issue)
+ [bullseye] - vim 2:8.2.2434-3+deb11u1
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d/
@@ -14609,7 +14616,7 @@ CVE-2021-3779
RESERVED
CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.3455-1 (bug #994498)
- [bullseye] - vim <no-dsa> (Minor issue)
+ [bullseye] - vim 2:8.2.2434-3+deb11u1
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273
@@ -15010,7 +15017,7 @@ CVE-2021-40515
RESERVED
CVE-2021-3770 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.3455-1 (bug #994076)
- [bullseye] - vim <no-dsa> (Minor issue)
+ [bullseye] - vim 2:8.2.2434-3+deb11u1
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/
@@ -15306,7 +15313,7 @@ CVE-2021-40392
CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill
format T-code ...)
{DLA-2839-1}
- gerbv 2.7.1-1
- [bullseye] - gerbv <no-dsa> (Minor issue)
+ [bullseye] - gerbv 2.7.0-2+deb11u1
[buster] - gerbv <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1402
NOTE:
https://github.com/gerbv/gerbv/commit/9f83950b772b37b49ee188300e444546e6aab17e
@@ -17917,6 +17924,7 @@ CVE-2021-39293
- golang-1.17 1.17.1-1
- golang-1.16 1.16.8-1
- golang-1.15 1.15.15-2
+ [bullseye] - golang-1.15 1.15.15-1~deb11u1
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
@@ -19320,7 +19328,7 @@ CVE-2021-38715
CVE-2021-38714 (In Plib through 1.85, there is an integer overflow
vulnerability that ...)
{DLA-2775-1}
- plib 1.8.5-10 (bug #992973)
- [bullseye] - plib <no-dsa> (Minor issue)
+ [bullseye] - plib 1.8.5-8+deb11u1
[buster] - plib <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/plib/bugs/55/
CVE-2021-38713 (imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. ...)
@@ -20381,7 +20389,7 @@ CVE-2021-38297 (Go before 1.16.9 and 1.17.x before
1.17.2 has a Buffer Overflow
- golang-1.17 1.17.2-1
- golang-1.16 1.16.9-1
- golang-1.15 1.15.15-5
- [bullseye] - golang-1.15 <no-dsa> (Minor issue; will be fixed via point
release)
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <not-affected> (Vulnerable code not present)
@@ -20834,7 +20842,7 @@ CVE-2021-38156 (In Nagios XI before 5.8.6, XSS exists
in the dashboard page (/da
NOT-FOR-US: Nagios XI
CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x
before 17.0.1 ...)
- keystone 2:19.0.0-3 (bug #992070)
- [bullseye] - keystone <no-dsa> (Minor issue)
+ [bullseye] - keystone 2:18.0.0-3+deb11u1
[buster] - keystone <no-dsa> (Minor issue)
[stretch] - keystone <end-of-life> (Keystone not supported in stretch)
NOTE: https://launchpad.net/bugs/1688137
@@ -23198,7 +23206,7 @@ CVE-2021-37151 (CyberArk Identity 21.5.131, when
handling an invalid authenticat
CVE-2021-3657 [multiple buffer overflows in isync/mbsync]
RESERVED
- isync 1.4.4-1
- [bullseye] - isync <no-dsa> (Minor issue)
+ [bullseye] - isync 1.3.0-2.2+deb11u1
[buster] - isync <no-dsa> (Minor issue)
[stretch] - isync <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/1
@@ -23231,7 +23239,7 @@ CVE-2021-37147 (Improper input validation vulnerability
in header parsing of Apa
CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in
ROS Melodi ...)
[experimental] - ros-ros-comm 1.15.13+ds1-1
- ros-ros-comm 1.15.13+ds1-2
- [bullseye] - ros-ros-comm <no-dsa> (Minor issue)
+ [bullseye] - ros-ros-comm 1.15.9+ds1-7+deb11u1
[buster] - ros-ros-comm <no-dsa> (Minor issue)
[stretch] - ros-ros-comm <no-dsa> (Minor issue)
NOTE:
https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446
@@ -25356,7 +25364,7 @@ CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in
the Key Distribution Center
CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race
condition that c ...)
- golang-1.16 1.16.7-1
- golang-1.15 1.15.15-1 (bug #991961)
- [bullseye] - golang-1.15 <no-dsa> (Minor issue)
+ [bullseye] - golang-1.15 1.15.15-1~deb11u1
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
@@ -57035,7 +57043,7 @@ CVE-2021-23446 (The package handsontable before 10.0.0;
the package handsontable
NOT-FOR-US: Node handsontable
CVE-2021-23445 (This affects the package datatables.net before 1.11.3. If an
array is ...)
- datatables.js 1.10.21+dfsg-3 (bug #995229)
- [bullseye] - datatables.js <no-dsa> (Minor issue)
+ [bullseye] - datatables.js 1.10.21+dfsg-2+deb11u1
[buster] - datatables.js <no-dsa> (Minor issue)
[stretch] - datatables.js <no-dsa> (Minor issue)
NOTE:
https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
(v1.11.3)
@@ -76102,7 +76110,7 @@ CVE-2020-28283 (Prototype pollution vulnerability in
'libnested' versions 0.0.0
NOT-FOR-US: libnested
CVE-2020-28282 (Prototype pollution vulnerability in 'getobject' version 0.1.0
allows ...)
- node-getobject 1.0.2-1
- [bullseye] - node-getobject <no-dsa> (Minor issue)
+ [bullseye] - node-getobject 0.1.0-2+deb11u1
[buster] - node-getobject <no-dsa> (Minor issue)
[stretch] - node-getobject <no-dsa> (Minor issue)
NOTE:
https://github.com/cowboy/node-getobject/commit/84071748fa407caa8f824e0d0b9c1cde9ec56633
(v1.0.0)
@@ -173203,7 +173211,7 @@ CVE-2019-11099
CVE-2019-11098 (Insufficient input validation in MdeModulePkg in EDKII may
allow an un ...)
[experimental] - edk2 2021.02-1
- edk2 2020.11-5 (bug #991495)
- [bullseye] - edk2 <no-dsa> (Minor issue)
+ [bullseye] - edk2 2020.11-2+deb11u1
[buster] - edk2 <no-dsa> (Minor issue)
[stretch] - edk2 <no-dsa> (Minor issue)
NOTE:
https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability
=====================================
data/next-point-update.txt
=====================================
@@ -1,75 +1,3 @@
-CVE-2019-11098
- [bullseye] - edk2 2020.11-2+deb11u1
-CVE-2021-38155
- [bullseye] - keystone 2:18.0.0-3+deb11u1
-CVE-2021-36221
- [bullseye] - golang-1.15 1.15.15-1~deb11u1
-CVE-2021-39293
- [bullseye] - golang-1.15 1.15.15-1~deb11u1
-CVE-2021-3770
- [bullseye] - vim 2:8.2.2434-3+deb11u1
-CVE-2021-3778
- [bullseye] - vim 2:8.2.2434-3+deb11u1
-CVE-2021-3796
- [bullseye] - vim 2:8.2.2434-3+deb11u1
-CVE-2020-28282
- [bullseye] - node-getobject 0.1.0-2+deb11u1
-CVE-2021-38714
- [bullseye] - plib 1.8.5-8+deb11u1
-CVE-2021-3802
- [bullseye] - udisks2 2.9.2-2+deb11u1
-CVE-2021-41182
- [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
-CVE-2021-41183
- [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
-CVE-2021-41184
- [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
-CVE-2021-42917
- [bullseye] - kodi 2:19.1+dfsg2-2+deb11u1
-CVE-2021-43612
- [bullseye] - lldpd 1.0.11-1+deb11u1
-CVE-2021-40985
- [bullseye] - htmldoc 1.9.11-4+deb11u1
-CVE-2021-43579
- [bullseye] - htmldoc 1.9.11-4+deb11u1
-CVE-2021-3918
- [bullseye] - node-json-schema 0.3.0+~7.0.6-1+deb11u1
-CVE-2021-43618
- [bullseye] - gmp 2:6.2.1+dfsg-1+deb11u1
-CVE-2021-37146
- [bullseye] - ros-ros-comm 1.15.9+ds1-7+deb11u1
-CVE-2021-44225
- [bullseye] - keepalived 1:2.1.5-0.2+deb11u1
-CVE-2021-38297
- [bullseye] - golang-1.15 1.15.15-1~deb11u2
-CVE-2021-41771
- [bullseye] - golang-1.15 1.15.15-1~deb11u2
-CVE-2021-44716
- [bullseye] - golang-1.15 1.15.15-1~deb11u2
-CVE-2021-44717
- [bullseye] - golang-1.15 1.15.15-1~deb11u2
-CVE-2021-41089
- [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
-CVE-2021-41091
- [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
-CVE-2021-41092
- [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
-CVE-2021-3657
- [bullseye] - isync 1.3.0-2.2+deb11u1
-CVE-2021-44420
- [bullseye] - python-django 2:2.2.25-1~deb11u1
-CVE-2021-23445
- [bullseye] - datatables.js 1.10.21+dfsg-2+deb11u1
-CVE-2021-40391
- [bullseye] - gerbv 2.7.0-2+deb11u1
-CVE-2021-44543
- [bullseye] - privoxy 3.0.32-2+deb11u1
-CVE-2021-44542
- [bullseye] - privoxy 3.0.32-2+deb11u1
-CVE-2021-44541
- [bullseye] - privoxy 3.0.32-2+deb11u1
-CVE-2021-44540
- [bullseye] - privoxy 3.0.32-2+deb11u1
CVE-2021-42343
[bullseye] - dask.distributed 2021.01.0+ds.1-2.1+deb11u1
CVE-2021-3654
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38958debc4afbf19aeb124b7df29de78e4ab84b3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38958debc4afbf19aeb124b7df29de78e4ab84b3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
