Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d268db91 by security tracker role at 2022-01-23T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9145,8 +9145,8 @@ CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to
deserialization of untr
NOTE:
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
NOTE: Issue for Log4j 1.2 when specifically configured to use
JMSAppender (not the default)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/2
-CVE-2021-4103
- RESERVED
+CVE-2021-4103 (Cross-site Scripting (XSS) - Stored in GitHub repository
vanessa219/vd ...)
+ TODO: check
CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding
security fi ...)
{DLA-2870-1}
- apache-log4j2 2.17.1-1 (bug #1002813)
@@ -47093,7 +47093,6 @@ CVE-2021-30986 (A device configuration issue was
addressed with an updated confi
CVE-2021-30985 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
NOT-FOR-US: Apple
CVE-2021-30984 (A race condition was addressed with improved state handling.
This issu ...)
- RESERVED
- webkit2gtk 2.34.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.4-1
@@ -47157,25 +47156,21 @@ CVE-2021-30956
CVE-2021-30955 (A race condition was addressed with improved state handling.
This issu ...)
NOT-FOR-US: Apple
CVE-2021-30954 (A type confusion issue was addressed with improved memory
handling. Th ...)
- RESERVED
- webkit2gtk 2.34.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.4-1
NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
CVE-2021-30953 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- RESERVED
- webkit2gtk 2.34.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.4-1
NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
CVE-2021-30952 (An integer overflow was addressed with improved input
validation. This ...)
- RESERVED
- webkit2gtk 2.34.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.4-1
NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
CVE-2021-30951 (A use after free issue was addressed with improved memory
management. ...)
- RESERVED
- webkit2gtk 2.34.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.4-1
@@ -47209,7 +47204,6 @@ CVE-2021-30938 (This issue was addressed with improved
checks. This issue is fix
CVE-2021-30937 (A memory corruption vulnerability was addressed with improved
locking. ...)
NOT-FOR-US: Apple
CVE-2021-30936 (A use after free issue was addressed with improved memory
management. ...)
- RESERVED
- webkit2gtk 2.34.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.4-1
@@ -47217,7 +47211,6 @@ CVE-2021-30936 (A use after free issue was addressed
with improved memory manage
CVE-2021-30935 (A logic issue was addressed with improved validation. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2021-30934 (A buffer overflow issue was addressed with improved memory
handling. T ...)
- RESERVED
- webkit2gtk 2.34.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.4-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d268db910f3cbd0e77d487521ecd7def22637d2f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d268db910f3cbd0e77d487521ecd7def22637d2f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
