[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-3761/cfrpki
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c9302d2 by Salvatore Bonaccorso at 2021-09-17T22:45:09+02:00 Add Debian bug reference for CVE-2021-3761/cfrpki - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2274,7 +2274,7 @@ CVE-2021-40355 (A vulnerability has been identified in Teamcenter V12.4 (All ver CVE-2021-40354 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) NOT-FOR-US: Siemens CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitt ...) - - cfrpki + - cfrpki (bug #994572) NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9 NOTE: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422 CVE-2021-3760 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c9302d2275f7a914520f7dd174596b47d661d74 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c9302d2275f7a914520f7dd174596b47d661d74 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 043ddf97 by Salvatore Bonaccorso at 2021-09-17T22:26:02+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -107,7 +107,7 @@ CVE-2021-41328 CVE-2021-41327 RESERVED CVE-2021-41326 (In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles p ...) - TODO: check + NOT-FOR-US: MISP CVE-2021-41325 RESERVED CVE-2021-41324 @@ -125,11 +125,11 @@ CVE-2021-41319 CVE-2021-41318 RESERVED CVE-2021-41317 (XSS Hunter Express before 2021-09-17 does not properly enforce authent ...) - TODO: check + NOT-FOR-US: XSS Hunter Express CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize user inp ...) - TODO: check + NOT-FOR-US: Device42 Main Appliance CVE-2021-41315 (The Device42 Remote Collector before 17.05.01 does not sanitize user i ...) - TODO: check + NOT-FOR-US: Device42 Remote Collector CVE-2021-3815 RESERVED CVE-2021-3814 @@ -1188,7 +1188,7 @@ CVE-2021-40827 CVE-2021-40826 RESERVED CVE-2021-40825 (nLight ECLYPSE (nECY) system Controllers running software prior to 1.1 ...) - TODO: check + NOT-FOR-US: nLight ECLYPSE (nECY) system Controllers CVE-2021-40824 (A logic error in the room key sharing functionality of Element Android ...) NOT-FOR-US: matrix-android-sdk2 CVE-2021-40823 (A logic error in the room key sharing functionality of matrix-js-sdk ( ...) @@ -4525,7 +4525,7 @@ CVE-2021-39329 CVE-2021-39328 RESERVED CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39326 RESERVED CVE-2021-39325 @@ -6686,7 +6686,7 @@ CVE-2021-38414 CVE-2021-38413 RESERVED CVE-2021-38412 (Properly formatted POST requests to multiple resources on the HTTP and ...) - TODO: check + NOT-FOR-US: Digi PortServer TS CVE-2021-38411 RESERVED CVE-2021-38410 @@ -6698,15 +6698,15 @@ CVE-2021-38408 (A stack-based buffer overflow vulnerability in Advantech WebAcce CVE-2021-38407 RESERVED CVE-2021-38406 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) - TODO: check + NOT-FOR-US: Delta Electronic CVE-2021-38405 RESERVED CVE-2021-38404 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) - TODO: check + NOT-FOR-US: Delta Electronic CVE-2021-38403 RESERVED CVE-2021-38402 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) - TODO: check + NOT-FOR-US: Delta Electronic CVE-2021-38401 RESERVED CVE-2021-38400 @@ -6937,7 +6937,7 @@ CVE-2021-38306 (Network Attached Storage on LG N1T1*** 10124 devices allows an u CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute arbitra ...) NOT-FOR-US: 23andMe Yamale CVE-2021-38304 (Improper input validation in the National Instruments NI-PAL driver in ...) - TODO: check + NOT-FOR-US: National Instruments NI-PAL driver CVE-2021-38303 RESERVED CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. ...) @@ -22275,13 +22275,13 @@ CVE-2021-31847 CVE-2021-31846 RESERVED CVE-2021-31845 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) D ...) - TODO: check + NOT-FOR-US: McAfee CVE-2021-31844 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) E ...) - TODO: check + NOT-FOR-US: McAfee CVE-2021-31843 (Improper privileges management vulnerability in McAfee Endpoint Securi ...) TODO: check CVE-2021-31842 (XML Entity Expansion injection vulnerability in McAfee Endpoint Securi ...) - TODO: check + NOT-FOR-US: McAfee CVE-2021-31841 RESERVED CVE-2021-31840 (A vulnerability in the preloading mechanism of specific dynamic link l ...) @@ -100605,7 +100605,7 @@ CVE-2020-12082 (A stored cross-site scripting issue impacts certain areas of the CVE-2020-12081 (An information disclosure vulnerability has been identified in FlexNet ...) NOT-FOR-US: FlexNet Publisher lmadmin.exe CVE-2020-12080 (A Denial of Service vulnerability has been identified in FlexNet Publi ...) - TODO: check + NOT-FOR-US: FlexNet CVE-2019-20788 (libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCurso ...) {DLA-2146-1} - libvncserver 0.9.12+dfsg-9 (bug #954163) @@ -165510,7 +165510,7 @@ CVE-2019-9062 (PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site R CVE-2019-9061 (An issue was discovered in CMS Made Simple 2.2.8. In the module Module ...) NOT-FOR-US: CMS Made Simple CVE-2019-9060 (An issue was discovered
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71880f26 by security tracker role at 2021-09-17T20:10:32+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,141 @@ +CVE-2021-41380 + RESERVED +CVE-2021-41379 + RESERVED +CVE-2021-41378 + RESERVED +CVE-2021-41377 + RESERVED +CVE-2021-41376 + RESERVED +CVE-2021-41375 + RESERVED +CVE-2021-41374 + RESERVED +CVE-2021-41373 + RESERVED +CVE-2021-41372 + RESERVED +CVE-2021-41371 + RESERVED +CVE-2021-41370 + RESERVED +CVE-2021-41369 + RESERVED +CVE-2021-41368 + RESERVED +CVE-2021-41367 + RESERVED +CVE-2021-41366 + RESERVED +CVE-2021-41365 + RESERVED +CVE-2021-41364 + RESERVED +CVE-2021-41363 + RESERVED +CVE-2021-41362 + RESERVED +CVE-2021-41361 + RESERVED +CVE-2021-41360 + RESERVED +CVE-2021-41359 + RESERVED +CVE-2021-41358 + RESERVED +CVE-2021-41357 + RESERVED +CVE-2021-41356 + RESERVED +CVE-2021-41355 + RESERVED +CVE-2021-41354 + RESERVED +CVE-2021-41353 + RESERVED +CVE-2021-41352 + RESERVED +CVE-2021-41351 + RESERVED +CVE-2021-41350 + RESERVED +CVE-2021-41349 + RESERVED +CVE-2021-41348 + RESERVED +CVE-2021-41347 + RESERVED +CVE-2021-41346 + RESERVED +CVE-2021-41345 + RESERVED +CVE-2021-41344 + RESERVED +CVE-2021-41343 + RESERVED +CVE-2021-41342 + RESERVED +CVE-2021-41341 + RESERVED +CVE-2021-41340 + RESERVED +CVE-2021-41339 + RESERVED +CVE-2021-41338 + RESERVED +CVE-2021-41337 + RESERVED +CVE-2021-41336 + RESERVED +CVE-2021-41335 + RESERVED +CVE-2021-41334 + RESERVED +CVE-2021-41333 + RESERVED +CVE-2021-41332 + RESERVED +CVE-2021-41331 + RESERVED +CVE-2021-41330 + RESERVED +CVE-2021-41329 + RESERVED +CVE-2021-41328 + RESERVED +CVE-2021-41327 + RESERVED +CVE-2021-41326 (In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles p ...) + TODO: check +CVE-2021-41325 + RESERVED +CVE-2021-41324 + RESERVED +CVE-2021-41323 + RESERVED +CVE-2021-41322 + RESERVED +CVE-2021-41321 + RESERVED +CVE-2021-41320 + RESERVED +CVE-2021-41319 + RESERVED +CVE-2021-41318 + RESERVED +CVE-2021-41317 (XSS Hunter Express before 2021-09-17 does not properly enforce authent ...) + TODO: check +CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize user inp ...) + TODO: check +CVE-2021-41315 (The Device42 Remote Collector before 17.05.01 does not sanitize user i ...) + TODO: check +CVE-2021-3815 + RESERVED +CVE-2021-3814 + RESERVED +CVE-2021-3813 + RESERVED CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...) NOT-FOR-US: NETGEAR CVE-2021-41313 @@ -44,8 +182,7 @@ CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification o [buster] - node-object-path (Minor issue) NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053 NOTE: https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6 -CVE-2021-41303 [before 1.8.0 with Spring Boot a specially crafted HTTP request may cause an authentication bypass] - RESERVED +CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...) - shiro NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1 TODO: check @@ -1050,8 +1187,8 @@ CVE-2021-40827 RESERVED CVE-2021-40826 RESERVED -CVE-2021-40825 - RESERVED +CVE-2021-40825 (nLight ECLYPSE (nECY) system Controllers running software prior to 1.1 ...) + TODO: check CVE-2021-40824 (A logic error in the room key sharing functionality of Element Android ...) NOT-FOR-US: matrix-android-sdk2 CVE-2021-40823 (A logic error in the room key sharing functionality of matrix-js-sdk ( ...) @@ -4387,8 +4524,8 @@ CVE-2021-39329 RESERVED CVE-2021-39328 RESERVED -CVE-2021-39327 - RESERVED +CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...) + TODO: check CVE-2021-39326 RESERVED CVE-2021-39325 @@ -4738,10 +4875,10 @@ CVE-2021-39230 RESERVED CVE-2021-39229 RESERVED -CVE-2021-39228 - RESERVED -CVE-2021-39227 - RESERVED +CVE-2021-39228 (Tremor is an event processing system for unstructured data. A vulnerab ...) + TODO: check +CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for Apache ...) + TODO: check CVE-2021-39226 RESERVED CVE-2021-39225 @@ -6548,8 +6685,8 @@ CVE-2021-38414 RESERVED
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-39214/mitmproxy
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b7baa2b8 by Salvatore Bonaccorso at 2021-09-17T22:07:44+02:00 Add Debian bug reference for CVE-2021-39214/mitmproxy - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4767,7 +4767,7 @@ CVE-2021-39216 CVE-2021-39215 (Jitsi Meet is an open source video conferencing application. In versio ...) - jitsi-meet (bug #760485) CVE-2021-39214 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...) - - mitmproxy + - mitmproxy (bug #994570) [bullseye] - mitmproxy (Minor issue) [buster] - mitmproxy (Minor issue) NOTE: https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7baa2b8433a3aee9fec4ff0f6fe87cd2366594d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7baa2b8433a3aee9fec4ff0f6fe87cd2366594d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-39214/mitmproxy as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 23145862 by Salvatore Bonaccorso at 2021-09-17T21:57:20+02:00 Mark CVE-2021-39214/mitmproxy as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4768,6 +4768,8 @@ CVE-2021-39215 (Jitsi Meet is an open source video conferencing application. In - jitsi-meet (bug #760485) CVE-2021-39214 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...) - mitmproxy + [bullseye] - mitmproxy (Minor issue) + [buster] - mitmproxy (Minor issue) NOTE: https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38 CVE-2021-39213 (GLPI is a free Asset and IT management software package. Starting in v ...) - glpi (unimportant) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/231458622205b8a32ac77c75468a3a4e063f54c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/231458622205b8a32ac77c75468a3a4e063f54c7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-40690/libxml-security-java
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b518b7b by Salvatore Bonaccorso at 2021-09-17T21:54:49+02:00 Add Debian bug reference for CVE-2021-40690/libxml-security-java - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1364,7 +1364,7 @@ CVE-2021-40691 RESERVED CVE-2021-40690 RESERVED - - libxml-security-java + - libxml-security-java (bug #994569) NOTE: https://santuario.apache.org/secadv.data/CVE-2021-40690.txt.asc CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input During Web ...) - peertube (bug #950821) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b518b7b984f25d40f110d10b69eb8e06e9df44e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b518b7b984f25d40f110d10b69eb8e06e9df44e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-3807/node-ansi-regex
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 714fe0ca by Salvatore Bonaccorso at 2021-09-17T21:52:35+02:00 Add Debian bug reference for CVE-2021-3807/node-ansi-regex - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31,7 +31,7 @@ CVE-2021-3809 CVE-2021-3808 RESERVED CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Complexity ...) - - node-ansi-regex + - node-ansi-regex (bug #994568) [bullseye] - node-ansi-regex (Minor issue) [buster] - node-ansi-regex (Minor issue) NOTE: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/714fe0ca628e736a7e64de81d8f80ded196729a6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/714fe0ca628e736a7e64de81d8f80ded196729a6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add tag information for upstream fix for CVE-2021-3807
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 267a590d by Salvatore Bonaccorso at 2021-09-17T21:46:50+02:00 Add tag information for upstream fix for CVE-2021-3807 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35,7 +35,7 @@ CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Comple [bullseye] - node-ansi-regex (Minor issue) [buster] - node-ansi-regex (Minor issue) NOTE: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 - NOTE: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 + NOTE: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 (v6.0.1) CVE-2021-3806 RESERVED CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification of Obj ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/267a590de1f69701f07708124038b08c5744d141 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/267a590de1f69701f07708124038b08c5744d141 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2759-1 for gnutls28
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: c799c63a by Sylvain Beucler at 2021-09-17T21:44:57+02:00 Reserve DLA-2759-1 for gnutls28 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[17 Sep 2021] DLA-2759-1 gnutls28 - security update + [stretch] - gnutls28 3.5.8-5+deb9u6 [15 Sep 2021] DLA-2758-1 sssd - security update {CVE-2021-3621} [stretch] - sssd 1.15.0-3+deb9u2 = data/dla-needed.txt = @@ -34,9 +34,6 @@ firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag -- -gnutls28 (Sylvain Beucler) - NOTE: 20210910: https://lists.debian.org/debian-lts/2021/09/msg8.html --- grilo (Thorsten Alteholz) NOTE: 20210825: ssl-use-system-ca-file is used in libsoup2.4 since version 2.38 NOTE: 20210912: maintainer ok, testing package View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c799c63a0926af88ae4b9aa39219d23006d2fd34 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c799c63a0926af88ae4b9aa39219d23006d2fd34 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-27022: Typofix in note
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 34a77fd6 by Salvatore Bonaccorso at 2021-09-17T21:27:17+02:00 CVE-2021-27022: Typofix in note - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34222,7 +34222,7 @@ CVE-2021-27024 CVE-2021-27023 RESERVED CVE-2021-27022 (A flaw was discovered in bolt-server and ace where running a task with ...) - - puppet (Only affects Peppet Enterprise) + - puppet (Only affects Puppet Enterprise) NOTE: https://puppet.com/security/cve/CVE-2021-27022/ CVE-2021-27021 (A flaw was discovered in Puppet DB, this flaw results in an escalation ...) - puppetdb (bug #990419) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34a77fd6e2939d243c79a544cc0057f51c2aac21 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34a77fd6e2939d243c79a544cc0057f51c2aac21 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note information for CVE-2021-27022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e96a730 by Salvatore Bonaccorso at 2021-09-17T21:25:29+02:00 Update note information for CVE-2021-27022 Assigning and responsible CNA contacted to rectify the entry on CVE site level. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34223,7 +34223,7 @@ CVE-2021-27023 RESERVED CVE-2021-27022 (A flaw was discovered in bolt-server and ace where running a task with ...) - puppet (Only affects Peppet Enterprise) - NOTE: https://puppet.com/security/cve/CVE-2021-27022/ (there is a typo in CVE link) + NOTE: https://puppet.com/security/cve/CVE-2021-27022/ CVE-2021-27021 (A flaw was discovered in Puppet DB, this flaw results in an escalation ...) - puppetdb (bug #990419) NOTE: https://puppet.com/security/cve/cve-2021-27021/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e96a730f89cbb7adafc0da8e7f27f65b65603af -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e96a730f89cbb7adafc0da8e7f27f65b65603af You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for node-set-value via bullseye-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8530fb2f by Salvatore Bonaccorso at 2021-09-17T19:26:43+02:00 Track proposed update for node-set-value via bullseye-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -44,3 +44,5 @@ CVE-2021-23434 [bullseye] - node-object-path 0.11.5-3+deb11u1 CVE-2021-3805 [bullseye] - node-object-path 0.11.5-3+deb11u1 +CVE-2021-23440 + [bullseye] - node-set-value 3.0.1-2+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8530fb2f97fcca3e34932400d5d0899f6356f844 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8530fb2f97fcca3e34932400d5d0899f6356f844 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for node-object-path via bullseye-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 19dd8e75 by Salvatore Bonaccorso at 2021-09-17T19:25:37+02:00 Track proposed update for node-object-path via bullseye-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -40,3 +40,7 @@ CVE-2021-40083 [bullseye] - knot-resolver 5.3.1-1+deb11u1 CVE-2021-38173 [bullseye] - btrbk 0.27.1-1.1+deb11u1 +CVE-2021-23434 + [bullseye] - node-object-path 0.11.5-3+deb11u1 +CVE-2021-3805 + [bullseye] - node-object-path 0.11.5-3+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19dd8e75f5e101fbe7c29f8be75b295d47b9e549 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19dd8e75f5e101fbe7c29f8be75b295d47b9e549 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-3637{3,4}/ant via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 704c5a01 by Salvatore Bonaccorso at 2021-09-17T19:04:33+02:00 Track fixed version for CVE-2021-3637{3,4}/ant via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11224,11 +11224,11 @@ CVE-2021-36376 (dandavison delta before 0.8.3 on Windows resolves an executable' CVE-2021-36375 RESERVED CVE-2021-36374 (When reading a specially crafted ZIP archive, or a derived formats, an ...) - - ant (unimportant) + - ant 1.10.11-1 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/6 NOTE: Crash in CLI tool, no security impact CVE-2021-36373 (When reading a specially crafted TAR archive an Apache Ant build can b ...) - - ant (unimportant) + - ant 1.10.11-1 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/5 NOTE: Crash in CLI tool, no security impact CVE-2021-36372 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/704c5a01934e207dd6cec4b2ace5d6d383f2b5cd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/704c5a01934e207dd6cec4b2ace5d6d383f2b5cd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-3805/node-object-path via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 963cc168 by Salvatore Bonaccorso at 2021-09-17T19:02:27+02:00 Track fixed version for CVE-2021-3805/node-object-path via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39,7 +39,7 @@ CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Comple CVE-2021-3806 RESERVED CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification of Obj ...) - - node-object-path + - node-object-path 0.11.8-1 [bullseye] - node-object-path (Minor issue) [buster] - node-object-path (Minor issue) NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/963cc1682643cd76ffc96f1d05a5df7b017a9762 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/963cc1682643cd76ffc96f1d05a5df7b017a9762 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new defun for PTS lookups
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 136221e8 by Moritz Muehlenhoff at 2021-09-17T15:24:57+02:00 new defun for PTS lookups - - - - - 1 changed file: - conf/cvelist.el Changes: = conf/cvelist.el = @@ -83,6 +83,11 @@ (interactive) (browse-url (concat "https://cve.mitre.org/cgi-bin/cvename.cgi?name=; (thing-at-point 'symbol +(defun debian-cvelist-ptslookup () + "Look up a package name in Debian Package Tracker." + (interactive) + (browse-url (concat "https://tracker.debian.org/pkg/; (thing-at-point 'symbol + (defvar debian-cvelist-mode-map (let ((map (make-sparse-keymap))) (define-key map (kbd "C-c C-f") 'debian-cvelist-insert-not-for-us) @@ -93,6 +98,7 @@ (define-key map (kbd "C-c C-x") 'debian-cvelist-insert-not-affected) (define-key map (kbd "C-c C-p") 'debian-cvelist-insert-postponed) (define-key map (kbd "C-c C-b") 'debian-cvelist-insert-bug) + (define-key map (kbd "C-c C-p") 'debian-cvelist-ptslookup) map) "Keymap for `debian-cvelist-mode'.") View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/136221e80b08e02cf64182f5f0509267e7cd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/136221e80b08e02cf64182f5f0509267e7cd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new libxml-security-java issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a92874c by Moritz Muehlenhoff at 2021-09-17T13:54:02+02:00 new libxml-security-java issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1364,6 +1364,8 @@ CVE-2021-40691 RESERVED CVE-2021-40690 RESERVED + - libxml-security-java + NOTE: https://santuario.apache.org/secadv.data/CVE-2021-40690.txt.asc CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input During Web ...) - peertube (bug #950821) CVE-2021-40689 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a92874cd8b8e50137372bcc0166d8f652750f24 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a92874cd8b8e50137372bcc0166d8f652750f24 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] atomicparsley fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5ccff07a by Moritz Muehlenhoff at 2021-09-17T13:26:05+02:00 atomicparsley fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9264,14 +9264,14 @@ CVE-2021-37234 CVE-2021-37233 RESERVED CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley 20210124.204813 ...) - - atomicparsley (bug #993366) + - atomicparsley 20210715.151551.e7ad03a-1 (bug #993366) - gtkpod (bug #993376) [bullseye] - gtkpod (Minor issue) [buster] - gtkpod (Minor issue) NOTE: https://github.com/wez/atomicparsley/commit/d72ccf06c98259d7261e0f3ac4fd8717778782c1 NOTE: https://github.com/wez/atomicparsley/issues/32 CVE-2021-37231 (A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499 ...) - - atomicparsley (bug #993372) + - atomicparsley 20210715.151551.e7ad03a-1 (bug #993372) - gtkpod (bug #993375) [bullseye] - gtkpod (Minor issue) [buster] - gtkpod (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ccff07a744d13425f1c5c96bcfed5d7dbcc7766 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ccff07a744d13425f1c5c96bcfed5d7dbcc7766 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-21535/fig2dev
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2fe2c264 by Salvatore Bonaccorso at 2021-09-17T10:50:36+02:00 Add CVE-2020-21535/fig2dev - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77996,7 +77996,11 @@ CVE-2020-21537 CVE-2020-21536 RESERVED CVE-2020-21535 (fig2dev 3.2.7b contains a segmentation fault in the gencgm_start funct ...) - TODO: check + - fig2dev 1:3.2.7b-3 + [buster] - fig2dev 1:3.2.7a-5+deb10u2 + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/62/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) CVE-2020-21534 (fig2dev 3.2.7b contains a global buffer overflow in the get_line funct ...) - fig2dev 1:3.2.7b-3 [buster] - fig2dev 1:3.2.7a-5+deb10u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fe2c264445985d317672290fb935de11558b892 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fe2c264445985d317672290fb935de11558b892 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-21534/fig2dev
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d92b1db2 by Salvatore Bonaccorso at 2021-09-17T10:49:29+02:00 Add CVE-2020-21534/fig2dev - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77998,7 +77998,11 @@ CVE-2020-21536 CVE-2020-21535 (fig2dev 3.2.7b contains a segmentation fault in the gencgm_start funct ...) TODO: check CVE-2020-21534 (fig2dev 3.2.7b contains a global buffer overflow in the get_line funct ...) - TODO: check + - fig2dev 1:3.2.7b-3 + [buster] - fig2dev 1:3.2.7a-5+deb10u2 + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/58/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject ...) - fig2dev 1:3.2.7b-3 [buster] - fig2dev 1:3.2.7a-5+deb10u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d92b1db29d63df1e6ecb0eeedc1de9fc239f3cc7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d92b1db29d63df1e6ecb0eeedc1de9fc239f3cc7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add information for sources on CVE-2020-2153{1,2}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e5451b3 by Salvatore Bonaccorso at 2021-09-17T10:48:31+02:00 Add information for sources on CVE-2020-2153{1,2} - - - - - 648b5a69 by Salvatore Bonaccorso at 2021-09-17T10:48:32+02:00 Add CVE-2020-21533/fig2dev - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -78000,14 +78000,20 @@ CVE-2020-21535 (fig2dev 3.2.7b contains a segmentation fault in the gencgm_start CVE-2020-21534 (fig2dev 3.2.7b contains a global buffer overflow in the get_line funct ...) TODO: check CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject ...) - TODO: check + - fig2dev 1:3.2.7b-3 + [buster] - fig2dev 1:3.2.7a-5+deb10u2 + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/59/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfont fun ...) - fig2dev 1:3.2.8-1 + - transfig NOTE: https://sourceforge.net/p/mcj/tickets/64/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/421afa17d8cb8dafcaf3e6044a70790fa4fe307b/ (3.2.8) NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/00cdedac7a0b029846dee891769a1e77df83a01b/ (3.2.8) CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_i ...) - fig2dev 1:3.2.8-1 + - transfig NOTE: https://sourceforge.net/p/mcj/tickets/63/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/2f8d1ae9763dcdc99b88a2b14849fe37174bcd69/ (3.2.8) CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the read_objects funct ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9fb8c88b6a7a5ba663f601ba940e4f972b4664f0...648b5a692d32559127abc6e1766717a2cac8e634 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9fb8c88b6a7a5ba663f601ba940e4f972b4664f0...648b5a692d32559127abc6e1766717a2cac8e634 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new libde265 issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9fb8c88b by Moritz Muehlenhoff at 2021-09-17T10:46:12+02:00 new libde265 issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77841,31 +77841,44 @@ CVE-2020-21608 CVE-2020-21607 RESERVED CVE-2020-21606 (libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_ ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/232 CVE-2020-21605 (libde265 v1.0.4 contains a segmentation fault in the apply_sao_interna ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/234 CVE-2020-21604 (libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/231 CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fa ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/240 CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bi ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/242 CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallb ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/241 CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pr ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/243 CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_image::av ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/235 CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unw ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/237 CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma funct ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/238 CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_ ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/236 CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/239 CVE-2020-21594 (libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fal ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/233 CVE-2020-21593 RESERVED CVE-2020-21592 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fb8c88b6a7a5ba663f601ba940e4f972b4664f0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fb8c88b6a7a5ba663f601ba940e4f972b4664f0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-21532/fig2dev
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bedde7f5 by Salvatore Bonaccorso at 2021-09-17T10:45:09+02:00 Add CVE-2020-21532/fig2dev - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77989,7 +77989,10 @@ CVE-2020-21534 (fig2dev 3.2.7b contains a global buffer overflow in the get_line CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject ...) TODO: check CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfont fun ...) - TODO: check + - fig2dev 1:3.2.8-1 + NOTE: https://sourceforge.net/p/mcj/tickets/64/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/421afa17d8cb8dafcaf3e6044a70790fa4fe307b/ (3.2.8) + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/00cdedac7a0b029846dee891769a1e77df83a01b/ (3.2.8) CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_i ...) - fig2dev 1:3.2.8-1 NOTE: https://sourceforge.net/p/mcj/tickets/63/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bedde7f5c58fc0e1d7b5183f82f509f51eb09f3d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bedde7f5c58fc0e1d7b5183f82f509f51eb09f3d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-21531/fig2dev
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c1b970ea by Salvatore Bonaccorso at 2021-09-17T10:42:21+02:00 Add CVE-2020-21531/fig2dev - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77991,7 +77991,9 @@ CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the read_text CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfont fun ...) TODO: check CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_i ...) - TODO: check + - fig2dev 1:3.2.8-1 + NOTE: https://sourceforge.net/p/mcj/tickets/63/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/2f8d1ae9763dcdc99b88a2b14849fe37174bcd69/ (3.2.8) CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the read_objects funct ...) - fig2dev 1:3.2.7b-3 [buster] - fig2dev 1:3.2.7a-5+deb10u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1b970ea03e4d281609e5f3afa545086da9d62d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1b970ea03e4d281609e5f3afa545086da9d62d1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-21530/fig2dev
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6e8a391a by Salvatore Bonaccorso at 2021-09-17T10:40:00+02:00 Add CVE-2020-21530/fig2dev - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77993,7 +77993,11 @@ CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfo CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_i ...) TODO: check CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the read_objects funct ...) - TODO: check + - fig2dev 1:3.2.7b-3 + [buster] - fig2dev 1:3.2.7a-5+deb10u2 + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/61/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline f ...) - fig2dev 1:3.2.8-1 - transfig View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e8a391a7249fce583efd4931b59ba4efd23d575 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e8a391a7249fce583efd4931b59ba4efd23d575 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new node-object-path issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c539f1d by Moritz Muehlenhoff at 2021-09-17T10:38:36+02:00 new node-object-path issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39,7 +39,11 @@ CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Comple CVE-2021-3806 RESERVED CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification of Obj ...) - TODO: check + - node-object-path + [bullseye] - node-object-path (Minor issue) + [buster] - node-object-path (Minor issue) + NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053 + NOTE: https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6 CVE-2021-41303 [before 1.8.0 with Spring Boot a specially crafted HTTP request may cause an authentication bypass] RESERVED - shiro View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c539f1d4f3c379a066215957402eb2593769d28 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c539f1d4f3c379a066215957402eb2593769d28 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-21529/fig2dev
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 107895c6 by Salvatore Bonaccorso at 2021-09-17T10:34:41+02:00 Add CVE-2020-21529/fig2dev - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77991,7 +77991,11 @@ CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the conv_pat CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the read_objects funct ...) TODO: check CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline f ...) - TODO: check + - fig2dev 1:3.2.8-1 + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/65/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8) + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/e3cee2576438f47a3b8678c6960472e625f8f7d7/ (3.2.8) CVE-2020-21528 RESERVED CVE-2020-21527 (There is an Arbitrary file deletion vulnerability in halo v1.1.3. A ba ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/107895c6b20f1ca5e9f3cf54a806638b41e48fae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/107895c6b20f1ca5e9f3cf54a806638b41e48fae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new node-ansi-regex issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5595ad72 by Moritz Muehlenhoff at 2021-09-17T10:29:36+02:00 new node-ansi-regex issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31,7 +31,11 @@ CVE-2021-3809 CVE-2021-3808 RESERVED CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Complexity ...) - TODO: check + - node-ansi-regex + [bullseye] - node-ansi-regex (Minor issue) + [buster] - node-ansi-regex (Minor issue) + NOTE: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 + NOTE: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 CVE-2021-3806 RESERVED CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification of Obj ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5595ad72bef6025b6e3ecd732b372ce27d7212d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5595ad72bef6025b6e3ecd732b372ce27d7212d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3318ab17 by Moritz Muehlenhoff at 2021-09-17T10:27:40+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...) - TODO: check + NOT-FOR-US: NETGEAR CVE-2021-41313 RESERVED CVE-2021-41312 @@ -21,11 +21,11 @@ CVE-2021-41305 CVE-2021-41304 RESERVED CVE-2021-3812 (adminlte is vulnerable to Improper Neutralization of Input During Web ...) - TODO: check + NOT-FOR-US: adminlte CVE-2021-3811 (adminlte is vulnerable to Improper Neutralization of Input During Web ...) - TODO: check + NOT-FOR-US: adminlte CVE-2021-3810 (code-server is vulnerable to Inefficient Regular Expression Complexity ...) - TODO: check + NOT-FOR-US: code-server CVE-2021-3809 RESERVED CVE-2021-3808 @@ -76,7 +76,7 @@ CVE-2021-41287 CVE-2021-41286 RESERVED CVE-2021-3804 (taro is vulnerable to Inefficient Regular Expression Complexity ...) - TODO: check + NOT-FOR-US: NervJS Taro CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a suspicion that ...) - openssh (unimportant) NOTE: https://github.com/openssh/openssh-portable/pull/270 @@ -500,7 +500,7 @@ CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 NOTE: https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8 (9.0.44) NOTE: https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822 (8.5.64) CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complexity ...) - TODO: check + NOT-FOR-US: nth-check CVE-2021-3802 RESERVED CVE-2021-41078 @@ -4781,7 +4781,7 @@ CVE-2021-39209 (GLPI is a free Asset and IT management software package. In vers NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5qpf-32w7-c56p NOTE: Only supported behind an authenticated HTTP zone CVE-2021-39208 (SharpCompress is a fully managed C# library to deal with many compress ...) - TODO: check + NOT-FOR-US: SharpCompress CVE-2021-39207 (parlai is a framework for training and evaluating AI models on a varie ...) NOT-FOR-US: Facebook ParlAI CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) @@ -33503,9 +33503,9 @@ CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impa CVE-2021-27342 (An authentication brute-force protection mechanism bypass in telnetd i ...) NOT-FOR-US: D-Link CVE-2021-27341 (OpenSIS Community Edition version = 7.6 is affected by a local fil ...) - TODO: check + NOT-FOR-US: OpenSIS CVE-2021-27340 (OpenSIS Community Edition version = 7.6 is affected by a reflected ...) - TODO: check + NOT-FOR-US: OpenSIS CVE-2021-27339 RESERVED CVE-2021-27338 (Faraday Edge before 3.7 allows XSS via the network/create/ page and it ...) @@ -50622,13 +50622,13 @@ CVE-2021-20830 CVE-2021-20829 RESERVED CVE-2021-20828 (Cross-site scripting vulnerability in Order Status Batch Change Plug-i ...) - TODO: check + NOT-FOR-US: EC-CUBE plugin CVE-2021-20827 RESERVED CVE-2021-20826 RESERVED CVE-2021-20825 (Cross-site scripting vulnerability in List (order management) item cha ...) - TODO: check + NOT-FOR-US: EC-CUBE plugin CVE-2021-20824 RESERVED CVE-2021-20823 @@ -50696,9 +50696,9 @@ CVE-2021-20793 (Untrusted search path vulnerability in the installer of Sony Aud CVE-2021-20792 (Cross-site scripting vulnerability in Quiz And Survey Master versions ...) NOT-FOR-US: Quiz And Survey Master CVE-2021-20791 (Improper access control vulnerability in RevoWorks Browser 2.1.230 and ...) - TODO: check + NOT-FOR-US: RevoWorks Browser CVE-2021-20790 (Improper control of program execution vulnerability in RevoWorks Brows ...) - TODO: check + NOT-FOR-US: RevoWorks Browser CVE-2021-20789 (Open redirect vulnerability in GroupSession (GroupSession Free edition ...) NOT-FOR-US: GroupSession CVE-2021-20788 (Server-side request forgery (SSRF) vulnerability in GroupSession (Grou ...) @@ -94920,7 +94920,7 @@ CVE-2020-14126 CVE-2020-14125 RESERVED CVE-2020-14124 (There is a buffer overflow in librsa.so called by getwifipwdurl interf ...) - TODO: check + NOT-FOR-US: Xiaomi CVE-2020-14123 RESERVED CVE-2020-14122 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3318ab17a2a00c0b89035a9446b591932e260388 -- View it on GitLab:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2912e523 by security tracker role at 2021-09-17T08:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,41 @@ +CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...) + TODO: check +CVE-2021-41313 + RESERVED +CVE-2021-41312 + RESERVED +CVE-2021-41311 + RESERVED +CVE-2021-41310 + RESERVED +CVE-2021-41309 + RESERVED +CVE-2021-41308 + RESERVED +CVE-2021-41307 + RESERVED +CVE-2021-41306 + RESERVED +CVE-2021-41305 + RESERVED +CVE-2021-41304 + RESERVED +CVE-2021-3812 (adminlte is vulnerable to Improper Neutralization of Input During Web ...) + TODO: check +CVE-2021-3811 (adminlte is vulnerable to Improper Neutralization of Input During Web ...) + TODO: check +CVE-2021-3810 (code-server is vulnerable to Inefficient Regular Expression Complexity ...) + TODO: check CVE-2021-3809 RESERVED CVE-2021-3808 RESERVED -CVE-2021-3807 - RESERVED +CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Complexity ...) + TODO: check CVE-2021-3806 RESERVED -CVE-2021-3805 - RESERVED +CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification of Obj ...) + TODO: check CVE-2021-41303 [before 1.8.0 with Spring Boot a specially crafted HTTP request may cause an authentication bypass] RESERVED - shiro @@ -47,8 +75,8 @@ CVE-2021-41287 RESERVED CVE-2021-41286 RESERVED -CVE-2021-3804 - RESERVED +CVE-2021-3804 (taro is vulnerable to Inefficient Regular Expression Complexity ...) + TODO: check CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a suspicion that ...) - openssh (unimportant) NOTE: https://github.com/openssh/openssh-portable/pull/270 @@ -471,8 +499,8 @@ CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 NOTE: https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E NOTE: https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8 (9.0.44) NOTE: https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822 (8.5.64) -CVE-2021-3803 - RESERVED +CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complexity ...) + TODO: check CVE-2021-3802 RESERVED CVE-2021-41078 @@ -26190,11 +26218,9 @@ CVE-2021-30263 RESERVED CVE-2021-30262 RESERVED -CVE-2021-30261 - RESERVED +CVE-2021-30261 (Possible integer and heap overflow due to lack of input command size v ...) NOT-FOR-US: Qualcomm components for Android -CVE-2021-30260 - RESERVED +CVE-2021-30260 (Possible Integer overflow to buffer overflow issue can occur due to im ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30259 RESERVED @@ -50595,14 +50621,14 @@ CVE-2021-20830 RESERVED CVE-2021-20829 RESERVED -CVE-2021-20828 - RESERVED +CVE-2021-20828 (Cross-site scripting vulnerability in Order Status Batch Change Plug-i ...) + TODO: check CVE-2021-20827 RESERVED CVE-2021-20826 RESERVED -CVE-2021-20825 - RESERVED +CVE-2021-20825 (Cross-site scripting vulnerability in List (order management) item cha ...) + TODO: check CVE-2021-20824 RESERVED CVE-2021-20823 @@ -50669,10 +50695,10 @@ CVE-2021-20793 (Untrusted search path vulnerability in the installer of Sony Aud NOT-FOR-US: installer of Sony Audio USB Driver and installer of HAP Music Transfer CVE-2021-20792 (Cross-site scripting vulnerability in Quiz And Survey Master versions ...) NOT-FOR-US: Quiz And Survey Master -CVE-2021-20791 - RESERVED -CVE-2021-20790 - RESERVED +CVE-2021-20791 (Improper access control vulnerability in RevoWorks Browser 2.1.230 and ...) + TODO: check +CVE-2021-20790 (Improper control of program execution vulnerability in RevoWorks Brows ...) + TODO: check CVE-2021-20789 (Open redirect vulnerability in GroupSession (GroupSession Free edition ...) NOT-FOR-US: GroupSession CVE-2021-20788 (Server-side request forgery (SSRF) vulnerability in GroupSession (Grou ...) @@ -54961,8 +54987,7 @@ CVE-2021-1978 NOT-FOR-US: Qualcomm components for Android CVE-2021-1977 RESERVED -CVE-2021-1976 - RESERVED +CVE-2021-1976 (A use after free can occur due to improper validation of P2P device ad ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-1975 RESERVED @@ -55020,8 +55045,7 @@ CVE-2021-1949 RESERVED CVE-2021-1948 (Possible out of bound read
[Git][security-tracker-team/security-tracker][master] CVE-2021-41303/shiro
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 6068907e by Henri Salo at 2021-09-17T09:15:56+03:00 CVE-2021-41303/shiro - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8,8 +8,11 @@ CVE-2021-3806 RESERVED CVE-2021-3805 RESERVED -CVE-2021-41303 +CVE-2021-41303 [before 1.8.0 with Spring Boot a specially crafted HTTP request may cause an authentication bypass] RESERVED + - shiro + NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1 + TODO: check CVE-2021-41302 RESERVED CVE-2021-41301 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6068907eff5d15a61799f0485d0370056bbff064 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6068907eff5d15a61799f0485d0370056bbff064 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits