Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
40def957 by Moritz Muehlenhoff at 2022-07-29T17:36:48+02:00
jhead non issue
NFU
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -69388,8 +69388,7 @@ CVE-2021-37933 (An LDAP injection vulnerability in
/account/login in Huntflow En
CVE-2021-37932
RESERVED
CVE-2021-3681 (A flaw was found in Ansible Galaxy Collections. When
collections are b ...)
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1989407
- TODO: check, needs verifying the affected ansible/ansible-base
components
+ NOT-FOR-US: Ansible Galaxy
CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...)
NOT-FOR-US: ShowDoc
CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module
functionalit ...)
@@ -80839,7 +80838,6 @@ CVE-2021-33194 (golang.org/x/net before
v0.0.0-20210520170846-37e1c6afe023 allow
[stretch] - golang-golang-x-net-dev <no-dsa> (Limited support in
stretch)
NOTE:
https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ
NOTE: https://github.com/golang/go/issues/46288
- TODO: check completeness
CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation
and be for ...)
- apache2 2.4.48-4
[bullseye] - apache2 2.4.48-3.1+deb11u1
@@ -80913,7 +80911,6 @@ CVE-2021-33178 (The Manage Backgrounds functionality
within NagVis versions prio
[bullseye] - nagvis <no-dsa> (Minor issue)
[buster] - nagvis <no-dsa> (Minor issue)
[stretch] - nagvis <no-dsa> (Minor issue)
- TODO: check, affects nagvis plugin used in Nagios XI and should be
fixed in 2.0.9,
https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/
CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions
prior to 5. ...)
NOT-FOR-US: Nagios XI
CVE-2021-33176 (VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to
a denia ...)
@@ -93809,8 +93806,9 @@ CVE-2021-28277 (A Heap-based Buffer Overflow
vulnerabilty exists in jhead 3.04 a
NOTE: https://github.com/Matthias-Wandel/jhead/issues/16
NOTE: Crash in CLI tool, no security impact
CVE-2021-28276 (A Denial of Service vulnerability exists in jhead 3.04 and
3.05 via a ...)
- TODO: check CVE reference, probably invalid report or old version.
+ - jhead <unfixed> (unimportant)
NOTE: https://github.com/Matthias-Wandel/jhead/issues/26
+ NOTE: Crash in CLI tool, no security impact
CVE-2021-28275 (A Denial of Service vulnerability exists in jhead 3.04 and
3.05 due to ...)
- jhead 1:3.06.0.1-2 (unimportant)
NOTE:
https://github.com/Matthias-Wandel/jhead/commit/a50953a266583981b51a181c2fce73dad2ac5d7d
(3.06.0.1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40def95791681b8fab82b3be3d93edccbc86b1f1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40def95791681b8fab82b3be3d93edccbc86b1f1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
