[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3278{5,6}/libapache2-mod-auth-openidc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d3ce854 by Salvatore Bonaccorso at 2021-07-23T08:55:00+02:00 Add CVE-2021-3278{5,6}/libapache2-mod-auth-openidc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10401,10 +10401,16 @@ CVE-2021-32788 RESERVED CVE-2021-32787 RESERVED -CVE-2021-32786 +CVE-2021-32786 [Open Redirect in oidc_validate_redirect_url()] RESERVED -CVE-2021-32785 + - libapache2-mod-auth-openidc + NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7 + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/3a115484eb927bc6daa5737dd84f88ff4bbc5544 (v2.4.9) +CVE-2021-32785 [Format string bug in the Redis cache implementation] RESERVED + - libapache2-mod-auth-openidc + NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4 + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449 (v2.4.9) CVE-2021-32784 RESERVED CVE-2021-32783 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d3ce854b303af7cb3cdfc6b29bc1b486cbd0d26 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d3ce854b303af7cb3cdfc6b29bc1b486cbd0d26 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-25691/darkhttpd
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a5f2ff7f by Salvatore Bonaccorso at 2021-07-23T08:25:33+02:00 Add CVE-2020-25691/darkhttpd - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -58686,6 +58686,7 @@ CVE-2020-25693 (A flaw was found in CImg in versions prior to 2.9.3. Integer ove NOTE: Fixed by: https://github.com/dtschump/CImg/commit/4f184f89f9ab6785a6c90fd238dbaa6d901d3505 CVE-2020-25691 RESERVED + - darkhttpd (bug #775096) CVE-2020-25690 (An out-of-bounds write flaw was found in FontForge in versions before ...) - fontforge (Insufficient patch for CVE-2020-5395 not applied) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893188 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5f2ff7f84f6fa1054611870fda6f6de524623d6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5f2ff7f84f6fa1054611870fda6f6de524623d6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Adjust tracking for CVE-2021-36773 an relate to ublock-origin and umatrix
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 45122aae by Salvatore Bonaccorso at 2021-07-23T07:59:52+02:00 Adjust tracking for CVE-2021-36773 an relate to ublock-origin and umatrix - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1345,7 +1345,9 @@ CVE-2020-36421 (An issue was discovered in Arm Mbed TLS before 2.23.0. Because o CVE-2021-36774 RESERVED CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...) - NOT-FOR-US: uBlock Origin + - ublock-origin (bug #991386) + - umatrix (bug #991344) + NOTE: https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc CVE-2021-36772 (Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. ...) NOT-FOR-US: Zoho CVE-2021-36771 (Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45122aae4c80b9d8331b93ca6bdbcfe83b8a26f7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45122aae4c80b9d8331b93ca6bdbcfe83b8a26f7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add tracking for some already fixed mbedtls issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 51b88fcc by Salvatore Bonaccorso at 2021-07-23T07:56:12+02:00 Add tracking for some already fixed mbedtls issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1327,17 +1327,21 @@ CVE-2020-36427 (GNOME gThumb before 3.10.1 allows an application crash via a mal - gthumb 3:3.11.1-0.1 NOTE: https://mail.gnome.org/archives/gthumb-list/2020-September/msg1.html CVE-2020-36426 (An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_cr ...) - TODO: check + - mbedtls 2.16.9-0.1 CVE-2020-36425 (An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly ...) - TODO: check + - mbedtls 2.16.9-0.1 + NOTE: https://github.com/ARMmbed/mbedtls/issues/3340 + NOTE: https://github.com/ARMmbed/mbedtls/pull/3433 CVE-2020-36424 (An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can ...) - TODO: check + - mbedtls 2.16.9-0.1 + NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2 CVE-2020-36423 (An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attack ...) - TODO: check + - mbedtls 2.16.9-0.1 CVE-2020-36422 (An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel ...) - TODO: check + - mbedtls 2.16.9-0.1 CVE-2020-36421 (An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a si ...) - TODO: check + - mbedtls 2.16.9-0.1 + NOTE: https://github.com/ARMmbed/mbedtls/issues/3394 CVE-2021-36774 RESERVED CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51b88fcc9dbaab30d673b245bf99ec433a99be04 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51b88fcc9dbaab30d673b245bf99ec433a99be04 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-23409/golang-github-pires-go-proxyproto
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d7d2245d by Salvatore Bonaccorso at 2021-07-23T07:47:31+02:00 Add CVE-2021-23409/golang-github-pires-go-proxyproto - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33259,7 +33259,10 @@ CVE-2021-23411 (All versions of package anchorme are vulnerable to Cross-site Sc CVE-2021-23410 (All versions of package msgpack are vulnerable to Deserialization of U ...) TODO: check CVE-2021-23409 (The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable ...) - TODO: check + - golang-github-pires-go-proxyproto + NOTE: https://github.com/pires/go-proxyproto/issues/65 + NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439 + NOTE: https://github.com/pires/go-proxyproto/pull/74 CVE-2021-23408 (This affects the package com.graphhopper:graphhopper-web-bundle before ...) TODO: check CVE-2021-23407 (This affects the package elFinder.Net.Core from 0 and before 1.2.4. Th ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7d2245dbaedef0946f6d7968079a95c8bbd537c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7d2245dbaedef0946f6d7968079a95c8bbd537c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3246/libsndfile
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: da33cdc7 by Salvatore Bonaccorso at 2021-07-23T07:36:21+02:00 Add CVE-2021-3246/libsndfile - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27609,7 +27609,8 @@ CVE-2021-3248 CVE-2021-3247 RESERVED CVE-2021-3246 (A heap buffer overflow vulnerability in msadpcm_decode_block of libsnd ...) - TODO: check + - libsndfile + NOTE: https://github.com/libsndfile/libsndfile/issues/687 CVE-2021-3245 RESERVED CVE-2021-3244 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da33cdc7195dab0ce5bb83a1b5a560fecbc75f1b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da33cdc7195dab0ce5bb83a1b5a560fecbc75f1b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA for lemondap-ng
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d07a8b7f by Salvatore Bonaccorso at 2021-07-23T07:21:31+02:00 Reserve DSA for lemondap-ng - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[23 Jul 2021] DSA-4943-1 lemonldap-ng - security update + {CVE-2021-35472} + [buster] - lemonldap-ng 2.0.2+ds-7+deb10u6 [20 Jul 2021] DSA-4942-1 systemd - security update {CVE-2021-33910} [buster] - systemd 241-7~deb10u8 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d07a8b7f38c1908a5b0cca701ebaa5f8a686871b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d07a8b7f38c1908a5b0cca701ebaa5f8a686871b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Updat information for CVE-2021-35472/lemonldap-ng
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b98aecd by Salvatore Bonaccorso at 2021-07-23T06:40:19+02:00 Updat information for CVE-2021-35472/lemonldap-ng - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4293,6 +4293,7 @@ CVE-2021-35473 [Access token lifetime is not verified with OAuth2 Handler] CVE-2021-35472 [Session cache corruption can lead to authorization bypass or spoofing] RESERVED - lemonldap-ng 2.0.11+ds-4 + [stretch] - lemonldap-ng (Vulnerable code not present; updateSession doesn't use in-memory cache) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539 CVE-2021-35471 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b98aecd1e429a501ebdea33b981f1916680f13f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b98aecd1e429a501ebdea33b981f1916680f13f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2718-1 for intel-microcode
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 412b3fc6 by Utkarsh Gupta at 2021-07-23T09:28:49+05:30 Reserve DLA-2718-1 for intel-microcode - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[23 Jul 2021] DLA-2718-1 intel-microcode - security update + {CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513} + [stretch] - intel-microcode 3.20210608.2~deb9u2 [22 Jul 2021] DLA-2717-1 redis - security update {CVE-2021-32761} [stretch] - redis 3:3.2.6-3+deb9u5 = data/dla-needed.txt = @@ -55,14 +55,6 @@ gpac (Thorsten Alteholz) -- icu (Utkarsh) -- -intel-microcode - NOTE: 20210621: pinged maintainer, collaborating on the update. (utkarsh) - NOTE: 20210622: regression reported in coffelake with iwlwifi. (utkarsh) - NOTE: 20210622: we'll wait for a couple of days more before rolling - NOTE: 20210622: out the update. (utkarsh) - NOTE: 20210713: upload done: https://lists.debian.org/debian-lts-changes/2021/07/msg6.html - NOTE: 20210713: needs a DLA. --- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/412b3fc6154f6619ce9e5405014051e066043232 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/412b3fc6154f6619ce9e5405014051e066043232 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixes for lemonldap-ng issues via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5c710e03 by Salvatore Bonaccorso at 2021-07-22T22:52:21+02:00 Track fixes for lemonldap-ng issues via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4286,13 +4286,13 @@ CVE-2021-35474 (Stack-based Buffer Overflow vulnerability in cachekey plugin of NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) CVE-2021-35473 [Access token lifetime is not verified with OAuth2 Handler] RESERVED - - lemonldap-ng + - lemonldap-ng 2.0.11+ds-4 [buster] - lemonldap-ng (OAuth2 Handler introduced later) [stretch] - lemonldap-ng (OAuth2 Handler introduced later) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549 CVE-2021-35472 [Session cache corruption can lead to authorization bypass or spoofing] RESERVED - - lemonldap-ng + - lemonldap-ng 2.0.11+ds-4 NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539 CVE-2021-35471 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c710e03cea30ab88c56e9abe73428a4dd8d119d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c710e03cea30ab88c56e9abe73428a4dd8d119d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information on CVE-2021-35473/lemonldap-ng
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ce7d484d by Salvatore Bonaccorso at 2021-07-22T22:51:09+02:00 Update information on CVE-2021-35473/lemonldap-ng - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4287,6 +4287,8 @@ CVE-2021-35474 (Stack-based Buffer Overflow vulnerability in cachekey plugin of CVE-2021-35473 [Access token lifetime is not verified with OAuth2 Handler] RESERVED - lemonldap-ng + [buster] - lemonldap-ng (OAuth2 Handler introduced later) + [stretch] - lemonldap-ng (OAuth2 Handler introduced later) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549 CVE-2021-35472 [Session cache corruption can lead to authorization bypass or spoofing] RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce7d484d4eb6a8a76e4acf819520b897f59945d9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce7d484d4eb6a8a76e4acf819520b897f59945d9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add two lemonldap-ng issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ace09d73 by Salvatore Bonaccorso at 2021-07-22T22:46:56+02:00 Add two lemonldap-ng issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4284,10 +4284,14 @@ CVE-2021-35474 (Stack-based Buffer Overflow vulnerability in cachekey plugin of NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) NOTE: https://github.com/apache/trafficserver/commit/5a9339d7bc65e1c2d8d2a0fc80bb051daf3cdb0b (master) NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) -CVE-2021-35473 +CVE-2021-35473 [Access token lifetime is not verified with OAuth2 Handler] RESERVED -CVE-2021-35472 + - lemonldap-ng + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549 +CVE-2021-35472 [Session cache corruption can lead to authorization bypass or spoofing] RESERVED + - lemonldap-ng + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539 CVE-2021-35471 RESERVED CVE-2021-35470 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ace09d73a6af640ff0f990d899bef1fcae9c486b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ace09d73a6af640ff0f990d899bef1fcae9c486b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-34431/mosquitto
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aa9478af by Salvatore Bonaccorso at 2021-07-22T22:29:33+02:00 Add CVE-2021-34431/mosquitto - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6595,7 +6595,8 @@ CVE-2021-34433 CVE-2021-34432 RESERVED CVE-2021-34431 (In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client ...) - TODO: check + - mosquitto + NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=573191 CVE-2021-34430 (Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C ...) NOT-FOR-US: Eclipse TinyDTLS CVE-2021-34429 (For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa9478af9f7e8bbb408583e39bfa9bddfe802d60 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa9478af9f7e8bbb408583e39bfa9bddfe802d60 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ea206f56 by Salvatore Bonaccorso at 2021-07-22T22:28:48+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2021-37402 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2021-3660 RESERVED CVE-2021-37401 @@ -4134,11 +4134,11 @@ CVE-2021-35524 CVE-2021-35523 (Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe conf ...) NOT-FOR-US: Securepoint CVE-2021-35522 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...) - TODO: check + NOT-FOR-US: IDEMIA CVE-2021-35521 (A path traversal in Thrift command handlers in IDEMIA Morpho Wave Comp ...) - TODO: check + NOT-FOR-US: IDEMIA CVE-2021-35520 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...) - TODO: check + NOT-FOR-US: IDEMIA CVE-2021-35519 RESERVED CVE-2021-35518 @@ -5931,7 +5931,7 @@ CVE-2021-34702 CVE-2021-34701 RESERVED CVE-2021-34700 (A vulnerability in the CLI interface of Cisco SD-WAN vManage Software ...) - TODO: check + NOT-FOR-US: Cisco CVE-2021-34699 RESERVED CVE-2021-34698 @@ -9848,7 +9848,7 @@ CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3 CVE-2021-33032 (eQ-3 HomeMatic CCU2 2.57.5 and CCU3 3.57.5 devices allow remote code e ...) - TODO: check + NOT-FOR-US: eQ-3 HomeMatic CCU2 CVE-2021-33031 (In LabCup before
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7f0dd190 by Salvatore Bonaccorso at 2021-07-22T22:18:17+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35319,9 +35319,9 @@ CVE-2021-22525 CVE-2021-22524 RESERVED CVE-2021-22523 (XML External Entity vulnerability in Micro Focus Verastream Host Integ ...) - TODO: check + NOT-FOR-US: Micro Focus CVE-2021-22522 (Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream ...) - TODO: check + NOT-FOR-US: Micro Focus CVE-2021-22521 RESERVED CVE-2021-22520 @@ -108652,7 +108652,7 @@ CVE-2020-5372 (Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vul CVE-2020-5371 (Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerSca ...) NOT-FOR-US: EMC CVE-2020-5370 (Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an ...) - TODO: check + NOT-FOR-US: EMC CVE-2020-5369 (Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerSca ...) NOT-FOR-US: EMC CVE-2020-5368 (Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f0dd190ebab8bbee3f598d49da362f28eb171de -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f0dd190ebab8bbee3f598d49da362f28eb171de You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 534ccfae by security tracker role at 2021-07-22T20:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...) + TODO: check +CVE-2021-37402 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...) + TODO: check +CVE-2021-3660 + RESERVED CVE-2021-37401 RESERVED CVE-2021-37400 @@ -2512,8 +2518,7 @@ CVE-2021-36224 RESERVED CVE-2021-36223 RESERVED -CVE-2021-36222 [sending a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in null dereference in the KDC which leads to DoS] - RESERVED +CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) ...) - krb5 1.18.3-6 (bug #991365) NOTE: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 CVE-2021-36221 @@ -3235,8 +3240,7 @@ CVE-2021-35944 RESERVED CVE-2021-35943 RESERVED -CVE-2021-35942 [Wild read in wordexp (parse_param)] - RESERVED +CVE-2021-35942 (The wordexp function in the GNU C Library (aka glibc) through 2.33 may ...) - glibc 2.31-13 (bug #990542) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) @@ -4129,12 +4133,12 @@ CVE-2021-35524 RESERVED CVE-2021-35523 (Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe conf ...) NOT-FOR-US: Securepoint -CVE-2021-35522 - RESERVED -CVE-2021-35521 - RESERVED -CVE-2021-35520 - RESERVED +CVE-2021-35522 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...) + TODO: check +CVE-2021-35521 (A path traversal in Thrift command handlers in IDEMIA Morpho Wave Comp ...) + TODO: check +CVE-2021-35520 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...) + TODO: check CVE-2021-35519 RESERVED CVE-2021-35518 @@ -4298,8 +4302,8 @@ CVE-2021-35466 RESERVED CVE-2021-35465 RESERVED -CVE-2021-35464 - RESERVED +CVE-2021-35464 (ForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a Java deseri ...) + TODO: check CVE-2021-35463 RESERVED CVE-2021-35462 @@ -5125,8 +5129,7 @@ CVE-2021-35065 RESERVED CVE-2021-35064 (KramerAV VIAWare, all tested versions, allow privilege escalation thro ...) NOT-FOR-US: KramerAV VIAWare -CVE-2021-35063 - RESERVED +CVE-2021-35063 (Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." ...) [experimental] - suricata 1:6.0.3-1~exp1 - suricata 1:6.0.1-3 (bug #990835) [buster] - suricata (Minor issue) @@ -5927,8 +5930,8 @@ CVE-2021-34702 RESERVED CVE-2021-34701 RESERVED -CVE-2021-34700 - RESERVED +CVE-2021-34700 (A vulnerability in the CLI interface of Cisco SD-WAN vManage Software ...) + TODO: check CVE-2021-34699 RESERVED CVE-2021-34698 @@ -6326,6 +6329,7 @@ CVE-2021-34554 CVE-2021-34553 (Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote au ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2021-34552 (Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1. ...) + {DLA-2716-1} - pillow 8.1.2+dfsg-0.3 (bug #991293) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow NOTE: https://github.com/python-pillow/Pillow/pull/5567 @@ -6590,8 +6594,8 @@ CVE-2021-34433 RESERVED CVE-2021-34432 RESERVED -CVE-2021-34431 - RESERVED +CVE-2021-34431 (In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client ...) + TODO: check CVE-2021-34430 (Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C ...) NOT-FOR-US: Eclipse TinyDTLS CVE-2021-34429 (For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-1 ...) @@ -8800,8 +8804,8 @@ CVE-2021-33483 RESERVED CVE-2021-33482 RESERVED -CVE-2021-33478 - RESERVED +CVE-2021-33478 (The TrustZone implementation in certain Broadcom MediaxChange firmware ...) + TODO: check CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bound ...) - fig2dev 1:3.2.8-3 [buster] - fig2dev 1:3.2.7a-5+deb10u4 @@ -9843,8 +9847,8 @@ CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3 -CVE-2021-33032 - RESERVED +CVE-2021-33032 (eQ-3 HomeMatic CCU2 2.57.5 and CCU3 3.57.5 devices allow remote code e ...) + TODO: check CVE-2021-3303
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3652/389-ds-base
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71f89c89 by Salvatore Bonaccorso at 2021-07-22T21:16:54+02:00 Add CVE-2021-3652/389-ds-base - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1349,7 +1349,7 @@ CVE-2021-36768 RESERVED CVE-2021-3652 [CRYPT password hash with asterisk allows any bind attempt to succeed] RESERVED - - 389-ds-base + - 389-ds-base (bug #991405) NOTE: https://github.com/389ds/389-ds-base/issues/4817 NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master) NOTE: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 (1.4.4.x) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71f89c892e3406d9698696eda6d09b44cb729f74 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71f89c892e3406d9698696eda6d09b44cb729f74 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add references for CVE-2021-3652/389-ds-base
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d57e8a08 by Salvatore Bonaccorso at 2021-07-22T21:02:09+02:00 Add references for CVE-2021-3652/389-ds-base - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1351,6 +1351,8 @@ CVE-2021-3652 [CRYPT password hash with asterisk allows any bind attempt to succ RESERVED - 389-ds-base NOTE: https://github.com/389ds/389-ds-base/issues/4817 + NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master) + NOTE: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 (1.4.4.x) CVE-2021-36767 RESERVED CVE-2021-36766 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d57e8a08007416d2f12f8f692d531ea31add1c5b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d57e8a08007416d2f12f8f692d531ea31add1c5b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-37220/mupdf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d73cdde1 by Salvatore Bonaccorso at 2021-07-22T20:54:26+02:00 Add Debian bug reference for CVE-2021-37220/mupdf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -361,7 +361,7 @@ CVE-2021-37222 CVE-2021-37221 RESERVED CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the cached col ...) - - mupdf + - mupdf (bug #991402) NOTE: http://git.ghostscript.com/?p=mupdf.git;h=f5712c9949d026e4b891b25837edd2edc166151f NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703791 CVE-2021-37219 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d73cdde1602ee102b79087a5795495853c333b35 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d73cdde1602ee102b79087a5795495853c333b35 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for VE-2020-19609/mupdf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: acd60012 by Salvatore Bonaccorso at 2021-07-22T20:50:01+02:00 Add Debian bug reference for VE-2020-19609/mupdf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71708,7 +71708,7 @@ CVE-2020-19611 CVE-2020-19610 RESERVED CVE-2020-19609 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff ...) - - mupdf + - mupdf (bug #991401) NOTE: http://git.ghostscript.com/?p=mupdf.git;h=b7892cdc7fae62aa57d63ae62144e1f11b5f9275 NOTE: http://git.ghostscript.com/?p=mupdf.git;h=2c4f11f8dcdbd18c35a65e58cc789be0e46012a8 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701176 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acd600120ab5a4a7ccdfe270dfb668ff24b49d21 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acd600120ab5a4a7ccdfe270dfb668ff24b49d21 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add additional commit for CVE-2020-19609/mupdf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 147952d9 by Salvatore Bonaccorso at 2021-07-22T20:10:19+02:00 Add additional commit for CVE-2020-19609/mupdf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71710,6 +71710,7 @@ CVE-2020-19610 CVE-2020-19609 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff ...) - mupdf NOTE: http://git.ghostscript.com/?p=mupdf.git;h=b7892cdc7fae62aa57d63ae62144e1f11b5f9275 + NOTE: http://git.ghostscript.com/?p=mupdf.git;h=2c4f11f8dcdbd18c35a65e58cc789be0e46012a8 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701176 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703076 CVE-2020-19608 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/147952d9bed133a406376aeab21a5f6da4cff199 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/147952d9bed133a406376aeab21a5f6da4cff199 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: claim ruby-actionpack-page-caching
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 0c169e0d by Sylvain Beucler at 2021-07-22T18:00:55+02:00 dla: claim ruby-actionpack-page-caching - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -83,7 +83,7 @@ python-babel NOTE: 20210620: http://people.debian.org/~abhijith/backport_of_3a700b5.patch (abhijith) NOTE: 20210620: Revisit when it have an assigned CVE Id. (abhijith) -- -ruby-actionpack-page-caching +ruby-actionpack-page-caching (Sylvain Beucler) NOTE: 20200819: Upstream's patch on does not apply due to subsequent NOTE: 20200819: refactoring. However, a quick look at the private NOTE: 20200819: page_cache_file method suggests that the issue exists, as it View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c169e0dbc98395f262ca91091964fa70bce2075 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c169e0dbc98395f262ca91091964fa70bce2075 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add krb5 to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dba162ab by Salvatore Bonaccorso at 2021-07-22T17:33:32+02:00 Add krb5 to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -22,6 +22,9 @@ djvulibre -- icu -- +krb5 (carnil) + Asking maintainers for an update +-- linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v4.19.y versions. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dba162ab5603d3137306acd14ccd2d2e1474a6fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dba162ab5603d3137306acd14ccd2d2e1474a6fc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark some minor pillow CVEs as ignored in buster
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 7da0110a by Neil Williams at 2021-07-22T15:40:46+01:00 Mark some minor pillow CVEs as ignored in buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20672,13 +20672,13 @@ CVE-2021-28677 (An issue was discovered in Pillow before 8.2.0. For EPS data, th CVE-2021-28676 (An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecod ...) [experimental] - pillow 8.2.0-1 - pillow 8.1.2+dfsg-0.2 (bug #989062) - [buster] - pillow (Minor issue) + [buster] - pillow (Minor issue) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos NOTE: https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856 CVE-2021-28675 (An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImag ...) [experimental] - pillow 8.2.0-1 - pillow 8.1.2+dfsg-0.2 (bug #989062) - [buster] - pillow (Minor issue) + [buster] - pillow (Minor issue) [stretch] - pillow (Minor issue, too intrusive to backport) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin NOTE: https://github.com/python-pillow/Pillow/commit/22e9bee4ef225c0edbb9323f94c26cee0c623497 @@ -29062,7 +29062,7 @@ CVE-2021-25294 (OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activ NOT-FOR-US: OpenCATS CVE-2021-25293 (An issue was discovered in Pillow before 8.1.1. There is an out-of-bou ...) - pillow 8.1.1-1 - [buster] - pillow (Minor issue) + [buster] - pillow (Minor issue) [stretch] - pillow (Vulnerable code introduced later) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html NOTE: https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5 @@ -29076,7 +29076,7 @@ CVE-2021-25292 (An issue was discovered in Pillow before 8.1.1. The PDF parser a NOTE: Introduced in: https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4 (5.1.0) CVE-2021-25291 (An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ...) - pillow 8.1.1-1 - [buster] - pillow (Minor issue) + [buster] - pillow (Minor issue) [stretch] - pillow (Vulnerable code introduced later) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html NOTE: https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7da0110ada48bd80234451d02953ab809a082b0c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7da0110ada48bd80234451d02953ab809a082b0c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries which got an update in DLA 2716-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5dfb287b by Salvatore Bonaccorso at 2021-07-22T16:21:37+02:00 Remove no-dsa tagged entries which got an update in DLA 2716-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20667,14 +20667,12 @@ CVE-2021-28677 (An issue was discovered in Pillow before 8.2.0. For EPS data, th [experimental] - pillow 8.2.0-1 - pillow 8.1.2+dfsg-0.2 (bug #989062) [buster] - pillow (Minor issue) - [stretch] - pillow (Minor issue) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open NOTE: https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92 CVE-2021-28676 (An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecod ...) [experimental] - pillow 8.2.0-1 - pillow 8.1.2+dfsg-0.2 (bug #989062) [buster] - pillow (Minor issue) - [stretch] - pillow (Minor issue) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos NOTE: https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856 CVE-2021-28675 (An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImag ...) @@ -29086,7 +29084,6 @@ CVE-2021-25291 (An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, CVE-2021-25290 (An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ...) - pillow 8.1.1-1 [buster] - pillow (Minor issue) - [stretch] - pillow (Minor issue) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html NOTE: https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9 CVE-2021-25289 (An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap- ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dfb287bdaa0fc466adc0a84e8cf5f6531a4188a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dfb287bdaa0fc466adc0a84e8cf5f6531a4188a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] redis no-dsa
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: a90f73ed by Moritz Muehlenhoff at 2021-07-22T15:24:49+02:00 redis no-dsa NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10436,6 +10436,7 @@ CVE-2021-32762 RESERVED CVE-2021-32761 (Redis is an in-memory database that persists on disk. A vulnerability ...) - redis 5:6.0.15-1 (bug #991375) + [buster] - redis (Minor issue) NOTE: https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj CVE-2021-32760 (containerd is a container runtime. A bug was found in containerd versi ...) - containerd 1.4.5~ds1-2 @@ -36130,9 +36131,9 @@ CVE-2021-22148 CVE-2021-22147 RESERVED CVE-2021-22146 (All versions of Elastic Cloud Enterprise has the Elasticsearch “ ...) - TODO: check + NOT-FOR-US: Elastic Cloud CVE-2021-22145 (A memory disclosure vulnerability was identified in Elasticsearch 7.10 ...) - TODO: check + - elasticsearch CVE-2021-22144 RESERVED CVE-2021-22143 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a90f73ed1fd646557fb4f1b5ed7cc7565178fa6f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a90f73ed1fd646557fb4f1b5ed7cc7565178fa6f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-28131
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b2be82b0 by Salvatore Bonaccorso at 2021-07-22T14:07:51+02:00 Add CVE-2021-28131 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21996,6 +21996,7 @@ CVE-2021-28132 (LUCY Security Awareness Software through 4.7.x allows unauthenti NOT-FOR-US: LUCY Security Awareness Software CVE-2021-28131 RESERVED + NOT-FOR-US: Apache Impala CVE-2021-28130 RESERVED CVE-2021-28129 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2be82b034d516d17b5cbff3325174a8902aec69 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2be82b034d516d17b5cbff3325174a8902aec69 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3640/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 775bfa09 by Salvatore Bonaccorso at 2021-07-22T14:05:41+02:00 Add CVE-2021-3640/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2237,8 +2237,10 @@ CVE-2021-36352 RESERVED CVE-2021-36351 RESERVED -CVE-2021-3640 +CVE-2021-3640 [Linux kernel: UAF in sco_send_frame function] RESERVED + - linux + NOTE: https://www.openwall.com/lists/oss-security/2021/07/22/1 CVE-2021-3639 RESERVED CVE-2021-36350 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/775bfa09b09dd9f19124405da2698897a0c1f13d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/775bfa09b09dd9f19124405da2698897a0c1f13d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add commit references for CVE-2021-33910
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2fccad85 by Salvatore Bonaccorso at 2021-07-22T14:02:20+02:00 Add commit references for CVE-2021-33910 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7681,6 +7681,8 @@ CVE-2021-33910 (basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and - systemd 247.3-6 NOTE: https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt NOTE: Introduced by: https://github.com/systemd/systemd/commit/7410616cd9dbbec97cf98d75324da5cda2b2f7a2 (v220) + NOTE: Fixed by: https://github.com/systemd/systemd/commit/441e0115646d54f080e5c3bb0ba477c892861ab9 + NOTE: Fixed by: https://github.com/systemd/systemd/commit/4e2544c30bfb95e7cb4d1551ba066b1a56520ad6 (comment fix) NOTE: https://github.com/systemd/systemd/pull/20256 CVE-2021-33909 (fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 do ...) {DSA-4941-1 DLA-2714-1 DLA-2713-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fccad85f57e4ff37d0dd0249bf348ceed30d0fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fccad85f57e4ff37d0dd0249bf348ceed30d0fc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for nvidia-graphics-drivers-tesla-418 via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c5bddf6d by Salvatore Bonaccorso at 2021-07-22T13:46:38+02:00 Track fixed version for nvidia-graphics-drivers-tesla-418 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49379,7 +49379,7 @@ CVE-2021-1095 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner - nvidia-graphics-drivers-tesla-460 (bug #991357) - nvidia-graphics-drivers-tesla-450 (bug #991356) - nvidia-graphics-drivers-tesla-440 (bug #991355) - - nvidia-graphics-drivers-tesla-418 (bug #991354) + - nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211 CVE-2021-1094 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers (bug #991351) @@ -49391,7 +49391,7 @@ CVE-2021-1094 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner - nvidia-graphics-drivers-tesla-460 (bug #991357) - nvidia-graphics-drivers-tesla-450 (bug #991356) - nvidia-graphics-drivers-tesla-440 (bug #991355) - - nvidia-graphics-drivers-tesla-418 (bug #991354) + - nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211 CVE-2021-1093 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers (bug #991351) @@ -49403,7 +49403,7 @@ CVE-2021-1093 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner - nvidia-graphics-drivers-tesla-460 (bug #991357) - nvidia-graphics-drivers-tesla-450 (bug #991356) - nvidia-graphics-drivers-tesla-440 (bug #991355) - - nvidia-graphics-drivers-tesla-418 (bug #991354) + - nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211 CVE-2021-1092 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA GPU Display Driver for Windows View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5bddf6d5c963e0009cf10c6732db224f10ad0dc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5bddf6d5c963e0009cf10c6732db224f10ad0dc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Make note indentation more compatible with merge-cve-files
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 307f10ae by Salvatore Bonaccorso at 2021-07-22T13:46:14+02:00 Make note indentation more compatible with merge-cve-files - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4257,9 +4257,9 @@ CVE-2021-3618 NOTE: Generic TLS protocol issue, some applications have released mitigations: NOTE: nginx: http://hg.nginx.org/nginx/rev/ec1071830799 NOTE: vsftpd: https://security.appspot.com/vsftpd/Changelog.txt (3.0.4) - NOTE:* Close the control connection after 10 unknown commands pre-login. - NOTE:* Reject any TLS ALPN advertisement that's not 'ftp'. - NOTE:* Add ssl_sni_hostname option to require a match on incoming SNI hostname. + NOTE: * Close the control connection after 10 unknown commands pre-login. + NOTE: * Reject any TLS ALPN advertisement that's not 'ftp'. + NOTE: * Add ssl_sni_hostname option to require a match on incoming SNI hostname. NOTE: sendmail: Fixed in 3.16.1: https://marc.info/?l=sendmail-announce&m=159394546814125&w=2 NOTE: exim4 has config option: https://lists.exim.org/lurker/message/20210609.200324.f0e073ed.el.html CVE-2021-3617 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/307f10ae207590a51066ed28653b633c314c87e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/307f10ae207590a51066ed28653b633c314c87e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove postponed entry for pillow in stretch after DLA
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: daf38b3b by Neil Williams at 2021-07-22T11:13:33+01:00 Remove postponed entry for pillow in stretch after DLA - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -38839,7 +38839,6 @@ CVE-2020-35654 (In Pillow before 8.1.0, TiffDecode has a heap-based buffer overf CVE-2020-35653 (In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding ...) - pillow 8.1.0-1 [buster] - pillow (Minor issue) - [stretch] - pillow (Minor issue, buffer read overflow) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security NOTE: https://github.com/python-pillow/Pillow/pull/5174 NOTE: https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daf38b3bd8ad1fa448b1d0efc6d4f13313a66500 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daf38b3bd8ad1fa448b1d0efc6d4f13313a66500 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2717-1 for redis
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: dd0b548d by Chris Lamb at 2021-07-22T11:11:16+01:00 Reserve DLA-2717-1 for redis - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[22 Jul 2021] DLA-2717-1 redis - security update + {CVE-2021-32761} + [stretch] - redis 3:3.2.6-3+deb9u5 [22 Jul 2021] DLA-2716-1 pillow - security update {CVE-2020-35653 CVE-2021-25290 CVE-2021-28676 CVE-2021-28677 CVE-2021-34552} [stretch] - pillow 4.0.0-4+deb9u3 = data/dla-needed.txt = @@ -83,8 +83,6 @@ python-babel NOTE: 20210620: http://people.debian.org/~abhijith/backport_of_3a700b5.patch (abhijith) NOTE: 20210620: Revisit when it have an assigned CVE Id. (abhijith) -- -redis (Chris Lamb) --- ruby-actionpack-page-caching NOTE: 20200819: Upstream's patch on does not apply due to subsequent NOTE: 20200819: refactoring. However, a quick look at the private View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd0b548d3e3aebf6813b319fc80046b0ae28d996 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd0b548d3e3aebf6813b319fc80046b0ae28d996 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2716-1 for pillow
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ce9c415 by Neil Williams at 2021-07-22T10:33:49+01:00 Reserve DLA-2716-1 for pillow - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[22 Jul 2021] DLA-2716-1 pillow - security update + {CVE-2020-35653 CVE-2021-25290 CVE-2021-28676 CVE-2021-28677 CVE-2021-34552} + [stretch] - pillow 4.0.0-4+deb9u3 [20 Jul 2021] DLA-2715-1 systemd - security update {CVE-2021-33910} [stretch] - systemd 232-25+deb9u13 = data/dla-needed.txt = @@ -76,6 +76,8 @@ nvidia-graphics-drivers -- openjdk-8 (Emilio) -- +pillow (codehelp) +-- python-babel NOTE: 20210617: CVE ID rejected. (abhijith) NOTE: 20210620: http://people.debian.org/~abhijith/backport_of_3a700b5.patch (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ce9c415f19b27dcfda1965eac7cd31972671c0d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ce9c415f19b27dcfda1965eac7cd31972671c0d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-19609/mupdf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 55616d7a by Salvatore Bonaccorso at 2021-07-22T10:37:27+02:00 Add CVE-2020-19609/mupdf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71706,7 +71706,10 @@ CVE-2020-19611 CVE-2020-19610 RESERVED CVE-2020-19609 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff ...) - TODO: check + - mupdf + NOTE: http://git.ghostscript.com/?p=mupdf.git;h=b7892cdc7fae62aa57d63ae62144e1f11b5f9275 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701176 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703076 CVE-2020-19608 RESERVED CVE-2020-19607 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55616d7a098466e441a605c7d246b6d153f5dc13 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55616d7a098466e441a605c7d246b6d153f5dc13 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4febdeec by Salvatore Bonaccorso at 2021-07-22T10:37:00+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -973,7 +973,7 @@ CVE-2021-36936 CVE-2021-36935 RESERVED CVE-2021-36934 (Windows Elevation of Privilege Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-36933 RESERVED CVE-2021-36932 @@ -10398,9 +10398,9 @@ CVE-2021-32778 CVE-2021-32777 RESERVED CVE-2021-32776 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) - TODO: check + NOT-FOR-US: Combodo iTop CVE-2021-32775 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) - TODO: check + NOT-FOR-US: Combodo iTop CVE-2021-32774 (DataDump is a MediaWiki extension that provides dumps of wikis. Prior ...) NOT-FOR-US: DataDump MediaWiki extension CVE-2021-32773 (Racket is a general-purpose programming language and an ecosystem for ...) @@ -42578,7 +42578,7 @@ CVE-2021-20108 (Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 f CVE-2021-20107 (There exists an unauthenticated BLE Interface in Sloan SmartFaucets in ...) NOT-FOR-US: Sloan CVE-2021-20106 (Nessus Agent versions 8.2.5 and earlier were found to contain a privil ...) - TODO: check + NOT-FOR-US: Nessus Agent CVE-2021-20105 (Machform prior to version 16 is vulnerable to an open redirect in Safa ...) NOT-FOR-US: Machform CVE-2021-20104 (Machform prior to version 16 is vulnerable to unauthenticated remote c ...) @@ -49369,7 +49369,7 @@ CVE-2021-1098 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU CVE-2021-1097 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA vGPU software CVE-2021-1096 (NVIDIA Windows GPU Display Driver for Windows contains a vulnerability ...) - TODO: check + NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows CVE-2021-1095 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers (bug #991351) [buster] - nvidia-graphics-drivers (Non-free not supported) @@ -49407,13 +49407,13 @@ CVE-2021-1093 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner - nvidia-graphics-drivers-tesla-418 (bug #991354) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211 CVE-2021-1092 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2021-1091 (NVIDIA GPU Display driver for Windows contains a vulnerability where a ...) - TODO: check + NOT-FOR-US: NVIDIA GPU Display driver for Windows CVE-2021-1090 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) TODO: check CVE-2021-1089 (NVIDIA GPU Display Driver for Windows contains a vulnerability in nvid ...) - TODO: check + NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2021-1088 RESERVED CVE-2021-1087 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...) @@ -65471,7 +65471,7 @@ CVE-2020-22652 CVE-2020-22651 RESERVED CVE-2020-22650 (A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 ...) - TODO: check + NOT-FOR-US: AlienVault Ossim CVE-2020-22649 RESERVED CVE-2020-22648 @@ -67005,17 +67005,17 @@ CVE-2020-21939 CVE-2020-21938 RESERVED CVE-2020-21937 (An command injection vulnerability in HNAP1/SetWLanApcliSettings of Mo ...) - TODO: check + NOT-FOR-US: Motorola CVE-2020-21936 (An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Bui ...) - TODO: check + NOT-FOR-US: Motorola CVE-2020-21935 (A command injection vulnerability in HNAP1/GetNetworkTomographySetting ...) - TODO: check + NOT-FOR-US: Motorola CVE-2020-21934 (An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 ...) - TODO: check + NOT-FOR-US: Motorola CVE-2020-21933 (An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 ...) - TODO: check + NOT-FOR-US: Motorola CVE-2020-21932 (A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 Build 2 ...) - TODO: check + NOT-FOR-US: Motorola CVE-2020-21931 RESERVED CVE-2020-21930 @@ -70387,7 +70387,7 @@ CVE-2020-20264 (Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/adv CVE-2020-20263 RESERVED CVE-2020-20262 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion ...) - TODO: check + NOT-FOR-US: Mikrotik RouterOs CVE-2020-20261 RESERVED CVE-2020-20260 @@ -70469,11 +70469,11 @@ CV
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-37220/mupdf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 18247f29 by Salvatore Bonaccorso at 2021-07-22T10:26:36+02:00 Add CVE-2021-37220/mupdf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -361,7 +361,9 @@ CVE-2021-37222 CVE-2021-37221 RESERVED CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the cached col ...) - TODO: check + - mupdf + NOTE: http://git.ghostscript.com/?p=mupdf.git;h=f5712c9949d026e4b891b25837edd2edc166151f + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703791 CVE-2021-37219 RESERVED CVE-2021-37218 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18247f293aaeba59020de0186bc95dcab3990a75 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18247f293aaeba59020de0186bc95dcab3990a75 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5f08dd5f by security tracker role at 2021-07-22T08:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,377 @@ +CVE-2021-37401 + RESERVED +CVE-2021-37400 + RESERVED +CVE-2021-37399 + RESERVED +CVE-2021-37398 + RESERVED +CVE-2021-37397 + RESERVED +CVE-2021-37396 + RESERVED +CVE-2021-37395 + RESERVED +CVE-2021-37394 + RESERVED +CVE-2021-37393 + RESERVED +CVE-2021-37392 + RESERVED +CVE-2021-37391 + RESERVED +CVE-2021-37390 + RESERVED +CVE-2021-37389 + RESERVED +CVE-2021-37388 + RESERVED +CVE-2021-37387 + RESERVED +CVE-2021-37386 + RESERVED +CVE-2021-37385 + RESERVED +CVE-2021-37384 + RESERVED +CVE-2021-37383 + RESERVED +CVE-2021-37382 + RESERVED +CVE-2021-37381 + RESERVED +CVE-2021-37380 + RESERVED +CVE-2021-37379 + RESERVED +CVE-2021-37378 + RESERVED +CVE-2021-37377 + RESERVED +CVE-2021-37376 + RESERVED +CVE-2021-37375 + RESERVED +CVE-2021-37374 + RESERVED +CVE-2021-37373 + RESERVED +CVE-2021-37372 + RESERVED +CVE-2021-37371 + RESERVED +CVE-2021-37370 + RESERVED +CVE-2021-37369 + RESERVED +CVE-2021-37368 + RESERVED +CVE-2021-37367 + RESERVED +CVE-2021-37366 + RESERVED +CVE-2021-37365 + RESERVED +CVE-2021-37364 + RESERVED +CVE-2021-37363 + RESERVED +CVE-2021-37362 + RESERVED +CVE-2021-37361 + RESERVED +CVE-2021-37360 + RESERVED +CVE-2021-37359 + RESERVED +CVE-2021-37358 + RESERVED +CVE-2021-37357 + RESERVED +CVE-2021-37356 + RESERVED +CVE-2021-37355 + RESERVED +CVE-2021-37354 + RESERVED +CVE-2021-37353 + RESERVED +CVE-2021-37352 + RESERVED +CVE-2021-37351 + RESERVED +CVE-2021-37350 + RESERVED +CVE-2021-37349 + RESERVED +CVE-2021-37348 + RESERVED +CVE-2021-37347 + RESERVED +CVE-2021-37346 + RESERVED +CVE-2021-37345 + RESERVED +CVE-2021-37344 + RESERVED +CVE-2021-37343 + RESERVED +CVE-2021-37342 + RESERVED +CVE-2021-37341 + RESERVED +CVE-2021-37340 + RESERVED +CVE-2021-37339 + RESERVED +CVE-2021-37338 + RESERVED +CVE-2021-37337 + RESERVED +CVE-2021-37336 + RESERVED +CVE-2021-37335 + RESERVED +CVE-2021-37334 + RESERVED +CVE-2021-37333 + RESERVED +CVE-2021-37332 + RESERVED +CVE-2021-37331 + RESERVED +CVE-2021-37330 + RESERVED +CVE-2021-37329 + RESERVED +CVE-2021-37328 + RESERVED +CVE-2021-37327 + RESERVED +CVE-2021-37326 + RESERVED +CVE-2021-37325 + RESERVED +CVE-2021-37324 + RESERVED +CVE-2021-37323 + RESERVED +CVE-2021-37322 + RESERVED +CVE-2021-37321 + RESERVED +CVE-2021-37320 + RESERVED +CVE-2021-37319 + RESERVED +CVE-2021-37318 + RESERVED +CVE-2021-37317 + RESERVED +CVE-2021-37316 + RESERVED +CVE-2021-37315 + RESERVED +CVE-2021-37314 + RESERVED +CVE-2021-37313 + RESERVED +CVE-2021-37312 + RESERVED +CVE-2021-37311 + RESERVED +CVE-2021-37310 + RESERVED +CVE-2021-37309 + RESERVED +CVE-2021-37308 + RESERVED +CVE-2021-37307 + RESERVED +CVE-2021-37306 + RESERVED +CVE-2021-37305 + RESERVED +CVE-2021-37304 + RESERVED +CVE-2021-37303 + RESERVED +CVE-2021-37302 + RESERVED +CVE-2021-37301 + RESERVED +CVE-2021-37300 + RESERVED +CVE-2021-37299 + RESERVED +CVE-2021-37298 + RESERVED +CVE-2021-37297 + RESERVED +CVE-2021-37296 + RESERVED +CVE-2021-37295 + RESERVED +CVE-2021-37294 + RESERVED +CVE-2021-37293 + RESERVED +CVE-2021-37292 + RESERVED +CVE-2021-37291 + RESERVED +CVE-2021-37290 + RESERVED +CVE-2021-37289 + RESERVED +CVE-2021-37288 + RESERVED +CVE-2021-37287 + RESERVED +CVE-2021-37286 + RESERVED +CVE-2021-37285 + RESERVED +CVE-2021-37284 + RESERVED +CVE-2021-37283 + RESERVED +CVE-2021-37282 + RESERVED +CVE-2021-37281 + RESERVED +CVE-2021-37280 + RESERVED +CVE-2021-37279 + RESERVED +CVE-2021-37278 + RESERVED +CVE-2021-37277 + RESERVED +CVE-2021-37276 + RESERVED +CVE-2021-37275 + RESERVED +CVE-2021-37274 + RESERVED +CVE-2021-37273 + RESERVED +CVE-2021-37272 + RESERVED +CVE-2021-37271 + RESERVED +CVE-2021-37270 + RESERVED +CVE-2021-37269 + RESERVED +CVE-2021-37268 + RESERVED +CVE-2021-37267 + RESERVED +CVE-2021-37266 + RESERVED +CVE-2021-37265 + RESERVED +CVE-2021-37264 + RESERVED +CVE-2021-37263 + RESERVED +CVE-2021-37262 + RESERVED +CVE-2021-37261 + RESE
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim redis.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 444d2250 by Chris Lamb at 2021-07-22T08:56:42+01:00 data/dla-needed.txt: Claim redis. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -81,7 +81,7 @@ python-babel NOTE: 20210620: http://people.debian.org/~abhijith/backport_of_3a700b5.patch (abhijith) NOTE: 20210620: Revisit when it have an assigned CVE Id. (abhijith) -- -redis +redis (Chris Lamb) -- ruby-actionpack-page-caching NOTE: 20200819: Upstream's patch on does not apply due to subsequent View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/444d22508838a88356018fae9b7835a44f94bb2c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/444d22508838a88356018fae9b7835a44f94bb2c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage redis for stretch LTS (CVE-2021-32761)
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: e65ce135 by Chris Lamb at 2021-07-22T08:56:19+01:00 data/dla-needed.txt: Triage redis for stretch LTS (CVE-2021-32761) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -81,6 +81,8 @@ python-babel NOTE: 20210620: http://people.debian.org/~abhijith/backport_of_3a700b5.patch (abhijith) NOTE: 20210620: Revisit when it have an assigned CVE Id. (abhijith) -- +redis +-- ruby-actionpack-page-caching NOTE: 20200819: Upstream's patch on does not apply due to subsequent NOTE: 20200819: refactoring. However, a quick look at the private View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e65ce1353899e040bb00b8e593f7023d875be1e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e65ce1353899e040bb00b8e593f7023d875be1e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3652/389-ds-base
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5bc0d3a7 by Salvatore Bonaccorso at 2021-07-22T09:42:33+02:00 Add CVE-2021-3652/389-ds-base - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -971,8 +971,10 @@ CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android, NOTE: https://mtpsym.github.io/ CVE-2021-36768 RESERVED -CVE-2021-3652 +CVE-2021-3652 [CRYPT password hash with asterisk allows any bind attempt to succeed] RESERVED + - 389-ds-base + NOTE: https://github.com/389ds/389-ds-base/issues/4817 CVE-2021-36767 RESERVED CVE-2021-36766 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bc0d3a7be99028c2fd2941ad4bfab699820e6ac -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bc0d3a7be99028c2fd2941ad4bfab699820e6ac You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits