[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2021-41990 as not-affected for Stretch
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5fb95468 by Thorsten Alteholz at 2021-10-19T23:35:37+02:00
mark CVE-2021-41990 as not-affected for Stretch
- - - - -
0bfe9879 by Thorsten Alteholz at 2021-10-20T00:32:36+02:00
Reserve DLA-2788-1 for strongswan
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=
data/CVE/list
=
@@ -2840,6 +2840,7 @@ CVE-2021-41991 (The in-memory certificate cache in
strongSwan before 5.9.4 has a
CVE-2021-41990 (The gmp plugin in strongSwan before 5.9.4 has a remote integer
overflo ...)
{DSA-4989-1}
- strongswan
+ [stretch] - strongswan (The vulnerable code was
introduced later in version 5.6.1)
NOTE:
https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html
CVE-2021-41989
RESERVED
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[20 Oct 2021] DLA-2788-1 strongswan - security update
+ {CVE-2021-41991}
+ [stretch] - strongswan 5.5.1-4+deb9u5
[18 Oct 2021] DLA-2787-1 redmine - security update
{CVE-2021-42326}
[stretch] - redmine 3.3.1-4+deb9u5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/caa311ef3e719a8aede9469feab18f461b26b4f2...0bfe9879fb9c9808e78cf69a54eb1b8f3eff17fa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/caa311ef3e719a8aede9469feab18f461b26b4f2...0bfe9879fb9c9808e78cf69a54eb1b8f3eff17fa
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: remove ffmpeg entries for issues pending for 4.3.3
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5f2c6516 by Moritz Muehlenhoff at 2021-10-19T22:36:24+02:00
remove ffmpeg postponed entries for issues pending for 4.3.3
- - - - -
caa311ef by Moritz Muehlenhoff at 2021-10-19T22:36:24+02:00
add note in dla-needed for 3.2.16
- - - - -
3 changed files:
- data/CVE/list
- data/dla-needed.txt
- data/dsa-needed.txt
Changes:
=
data/CVE/list
=
@@ -11881,7 +11881,6 @@ CVE-2021-38172
CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4
does not ...)
{DSA-4990-1}
- ffmpeg
- [bullseye] - ffmpeg (Wait for 4.3.3)
[stretch] - ffmpeg (Wait to be fixed in buster first)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
CVE-2021-38170
@@ -12023,7 +12022,6 @@ CVE-2021-38115 (read_header_tga in gd_tga.c in the GD
Graphics Library (aka LibG
CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return
value of ...)
{DSA-4990-1 DLA-2742-1}
- ffmpeg
- [bullseye] - ffmpeg (Wait for 4.3.3)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1
CVE-2021-3687
RESERVED
@@ -82773,7 +82771,6 @@ CVE-2020-21698
RESERVED
CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in
libavfo ...)
- ffmpeg 7:4.4-5
- [bullseye] - ffmpeg (Wait for 4.3.3)
[buster] - ffmpeg (Wait for 4.1.9)
NOTE: https://trac.ffmpeg.org/ticket/8188
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6
@@ -82795,7 +82792,6 @@ CVE-2020-21689
RESERVED
CVE-2020-21688 (A heap-use-after-free in the av_freep function in
libavutil/mem.c of F ...)
- ffmpeg 7:4.4-5
- [bullseye] - ffmpeg (Wait for 4.3.3)
[buster] - ffmpeg (Wait for 4.1.9)
NOTE: https://trac.ffmpeg.org/ticket/8186
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1
=
data/dla-needed.txt
=
@@ -36,6 +36,7 @@ faad2 (Thorsten Alteholz)
ffmpeg (Anton Gladky)
NOTE: probably wait until stuff is fixed in Buster
NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/ffmpeg
+ NOTE: ffmpeg 3.2.16 has been released
--
firefox-esr (Emilio)
--
=
data/dsa-needed.txt
=
@@ -23,6 +23,8 @@ djvulibre
--
faad2/oldstable (jmm)
--
+ffmpeg/stable (jmm)
+--
gpac (jmm)
--
icu
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c78de203f159724784a6bc8fe1b330e95a5bc610...caa311ef3e719a8aede9469feab18f461b26b4f2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c78de203f159724784a6bc8fe1b330e95a5bc610...caa311ef3e719a8aede9469feab18f461b26b4f2
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new chromium issues from 2021-10-19 release
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c78de203 by Salvatore Bonaccorso at 2021-10-19T22:35:14+02:00 Add new chromium issues from 2021-10-19 release - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12295,36 +12295,68 @@ CVE-2021-37997 RESERVED CVE-2021-37996 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37995 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37994 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37993 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37992 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37991 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37990 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37989 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37988 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37987 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37986 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37985 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37984 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37983 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37982 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37981 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37980 RESERVED - chromium View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c78de203f159724784a6bc8fe1b330e95a5bc610 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c78de203f159724784a6bc8fe1b330e95a5bc610 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
46a43437 by Moritz Muehlenhoff at 2021-10-19T22:31:18+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -133,7 +133,7 @@ CVE-2021-42652
CVE-2021-42651
RESERVED
CVE-2021-42650 (Cross Site Scripting (XSS vulnerability exists in Portainer
before 2.9 ...)
- TODO: check
+ NOT-FOR-US: Portainer
CVE-2021-42649
RESERVED
CVE-2021-42648
@@ -281,9 +281,9 @@ CVE-2021-42578
CVE-2021-42577
RESERVED
CVE-2021-42576 (The bluemonday sanitizer before 1.0.16 for Go, and before
0.0.8 for Py ...)
- TODO: check
+ NOT-FOR-US: bluemonday sanitizer
CVE-2021-42575 (The OWASP Java HTML Sanitizer before 20211018.1 does not
properly enfo ...)
- TODO: check
+ NOT-FOR-US: OWASP HTML Sanitizer
CVE-2021-42574
RESERVED
CVE-2021-42573
@@ -2597,7 +2597,7 @@ CVE-2021-42085 (An issue was discovered in Zammad before
4.1.1. There is stored
CVE-2021-42084 (An issue was discovered in Zammad before 4.1.1. An attacker
with valid ...)
- zammad (bug #841355)
CVE-2021-3869 (corenlp is vulnerable to Improper Restriction of XML External
Entity R ...)
- TODO: check
+ NOT-FOR-US: CoreNLP
CVE-2021-42083
RESERVED
CVE-2021-42082
@@ -4713,17 +4713,17 @@ CVE-2021-41158
CVE-2021-41157
RESERVED
CVE-2021-41156 (anuko/timetracker is an, open source time tracking system. In
affected ...)
- TODO: check
+ NOT-FOR-US: anuko/timetracker
CVE-2021-41155 (Tuleap is a Free Open Source Suite to improve management
of soft ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2021-41154 (Tuleap is a Free Open Source Suite to improve management
of soft ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2021-41153 (The evm crate is a pure Rust implementation of Ethereum
Virtual Machin ...)
TODO: check
CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching,
learning, as ...)
NOT-FOR-US: OpenOlat
CVE-2021-41151 (Backstage is an open platform for building developer portals.
In affec ...)
- TODO: check
+ NOT-FOR-US: Backstage
CVE-2021-41150
RESERVED
CVE-2021-41149 (Tough provides a set of Rust libraries and tools for using and
generat ...)
@@ -4745,7 +4745,7 @@ CVE-2021-41142 (Tuleap Open ALM is a libre and open
source tool for end to end t
CVE-2021-41141
RESERVED
CVE-2021-41140 (Discourse-reactions is a plugin for the Discourse platform
that allows ...)
- TODO: check
+ NOT-FOR-US: Discourse plugin
CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking
applicat ...)
NOT-FOR-US: Anuko Time Tracker
CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the
newly int ...)
@@ -22584,7 +22584,7 @@ CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before
3.10.0 allows any user (able
CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a
'read_prob ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg (Wait for 4.1.8)
+ [buster] - ffmpeg (Wait for 4.1.9)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54ba793d7da99ea5157532
CVE-2021-33579
RESERVED
@@ -82742,7 +82742,7 @@ CVE-2020-21698
CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in
libavfo ...)
- ffmpeg 7:4.4-5
[bullseye] - ffmpeg (Wait for 4.3.3)
- [buster] - ffmpeg (Wait for 4.1.8)
+ [buster] - ffmpeg (Wait for 4.1.9)
NOTE: https://trac.ffmpeg.org/ticket/8188
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6
CVE-2020-21696
@@ -82764,7 +82764,7 @@ CVE-2020-21689
CVE-2020-21688 (A heap-use-after-free in the av_freep function in
libavutil/mem.c of F ...)
- ffmpeg 7:4.4-5
[bullseye] - ffmpeg (Wait for 4.3.3)
- [buster] - ffmpeg (Wait for 4.1.8)
+ [buster] - ffmpeg (Wait for 4.1.9)
NOTE: https://trac.ffmpeg.org/ticket/8186
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1
CVE-2020-21687
@@ -84220,7 +84220,7 @@ CVE-2020-21041 (Buffer Overflow vulnerability exists in
FFmpeg 4.1 via apng_do_i
{DSA-4990-1 DLA-2742-1}
[experimental] - ffmpeg 7:4.4-1
- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
- [stretch] - ffmpeg (Wait for 4.1.8)
+ [stretch] - ffmpeg (Wait for 4.1.9)
NOTE: https://trac.ffmpeg.org/ticket/7989
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5d9f44da460f781a1604d537d0555b78e29438ba
CVE-2020-21040
@@ -84522,7 +84522,7 @@ CVE-2020-20897
REJECTED
CVE-2020-20896 (An issue was discovered in function latm_write_packet in
libavformat/l ...)
- ffmpeg
[Git][security-tracker-team/security-tracker][master] Add CVE-2011-1497/rails for an ancient issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1662eafb by Salvatore Bonaccorso at 2021-10-19T22:29:27+02:00
Add CVE-2011-1497/rails for an ancient issue
The versions affected for ruby-{active,action}*-X.Y packages are long
gone in Debian, so do not go down these versions to track the fixed
verion. src:rails OTOH was then never affected in Debian as the initial
upload for Rails 4.0 contained the fix already.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -429323,7 +429323,9 @@ CVE-2011-1498 (Apache HttpClient 4.x before 4.1.1 in
Apache HttpComponents, when
NOTE: http://seclists.org/oss-sec/2011/q2/188
NOTE:
http://web.archive.org/web/20130102213624/http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt
CVE-2011-1497 (A cross-site scripting vulnerability flaw was found in the
auto_link f ...)
- TODO: check
+ - rails (Fixed before initial release of rails 4.0 to
Debian)
+ NOTE: https://www.openwall.com/lists/oss-security/2011/04/06/13
+ NOTE:
https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d
CVE-2011-1496 (tmux 1.3 and 1.4 does not properly drop group privileges, which
allows ...)
{DSA-2212-1}
- tmux 1.4-6 (bug #620304)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1662eafb083d6d58cfd5aa18c745bcd53fdfb1b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1662eafb083d6d58cfd5aa18c745bcd53fdfb1b9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-41131/python-tuf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 494e4185 by Salvatore Bonaccorso at 2021-10-19T22:25:53+02:00 Add CVE-2021-41131/python-tuf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4763,7 +4763,7 @@ CVE-2021-41134 CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...) NOT-FOR-US: OMERO.web CVE-2021-41131 (python-tuf is a Python reference implementation of The Update Framewor ...) - TODO: check + - python-tuf (bug #934151) CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables API mana ...) NOT-FOR-US: Extensible Service Proxy CVE-2021-41129 (Pterodactyl is an open-source game server management panel built with ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/494e41856f26289cd5370ac7de979bf1717a66c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/494e41856f26289cd5370ac7de979bf1717a66c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3872/vim
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 62d7fa99 by Salvatore Bonaccorso at 2021-10-19T22:24:55+02:00 Add CVE-2021-3872/vim - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2536,7 +2536,9 @@ CVE-2021-42102 CVE-2021-42101 RESERVED CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow ...) - TODO: check + - vim + NOTE: https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8 + NOTE: https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b CVE-2021-3871 RESERVED CVE-2021-3870 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62d7fa99f24d65989bb79c78525c6390323d5de0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62d7fa99f24d65989bb79c78525c6390323d5de0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a4727f6 by Salvatore Bonaccorso at 2021-10-19T22:23:05+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2188,11 +2188,11 @@ CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds Read ...) CVE-2021-3880 RESERVED CVE-2021-3879 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) - TODO: check + NOT-FOR-US: snipe-it CVE-2021-42262 RESERVED CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directory tra ...) - TODO: check + NOT-FOR-US: Revisor Video Management System (VMS) CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp ...) - tinyxml NOTE: https://sourceforge.net/p/tinyxml/bugs/141/ @@ -2779,7 +2779,7 @@ CVE-2021-42012 CVE-2021-42011 RESERVED CVE-2021-3863 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) - TODO: check + NOT-FOR-US: snipe-it CVE-2021-42010 RESERVED CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...) @@ -2872,7 +2872,7 @@ CVE-2021-41975 (TadTools special page is vulnerable to authorization bypass, thu CVE-2021-41974 (Tad Book3 editing book page does not perform identity verification. Re ...) NOT-FOR-US: Tad Book3 CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...) - TODO: check + NOT-FOR-US: snipe-it CVE-2021-3857 RESERVED CVE-2021-41973 @@ -3146,7 +3146,7 @@ CVE-2021-41852 CVE-2021-41851 RESERVED CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site ...) - TODO: check + NOT-FOR-US: firefly-iii CVE-2021-3850 RESERVED CVE-2021-3849 @@ -3189,7 +3189,7 @@ CVE-2021-3847 [low-privileged user privileges escalation] NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2009704 NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/3 CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dangerou ...) - TODO: check + NOT-FOR-US: firefly-iii CVE-2021-23139 RESERVED CVE-2021-3845 @@ -8880,7 +8880,7 @@ CVE-2021-39357 CVE-2021-39356 RESERVED CVE-2021-39355 (The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39354 RESERVED CVE-2021-39353 @@ -8904,7 +8904,7 @@ CVE-2021-39345 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scri CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2021-39343 (The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...) NOT-FOR-US: WordPress plugin CVE-2021-39341 @@ -8932,7 +8932,7 @@ CVE-2021-39331 CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to Stored C ...) NOT-FOR-US: WordPress plugin CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39328 RESERVED CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...) @@ -11040,55 +11040,55 @@ CVE-2021-38488 CVE-2021-38487 RESERVED CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cl ...) - TODO: check + NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38485 RESERVED CVE-2021-38484 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...) - TODO: check + NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38483 RESERVED CVE-2021-38482 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 we ...) - TODO: check + NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38481 RESERVED CVE-2021-38480 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...) - TODO: check + NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38479 RESERVED CVE-2021-38478 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...) - TODO: check + NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38477 RESERVED CVE-2021-38476 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 au ...) - TODO: check + NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38475 RESERVED CVE-2021-38474 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-388{8,9}/libmobi
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e2fa9aec by Salvatore Bonaccorso at 2021-10-19T22:21:59+02:00
Add CVE-2021-388{8,9}/libmobi
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -409,9 +409,9 @@ CVE-2021-3891
CVE-2021-3890
RESERVED
CVE-2021-3889 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...)
- TODO: check
+ - libmobi (bug #966677)
CVE-2021-3888 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...)
- TODO: check
+ - libmobi (bug #966677)
CVE-2021-3887
RESERVED
CVE-2022-20611
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2fa9aecf1e27ba37908cdd995500d9805531397
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2fa9aecf1e27ba37908cdd995500d9805531397
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a512803 by Salvatore Bonaccorso at 2021-10-19T22:13:30+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10014,7 +10014,7 @@ CVE-2021-38913 CVE-2021-38912 RESERVED CVE-2021-38911 (IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in p ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-38910 RESERVED CVE-2021-38909 @@ -32247,7 +32247,7 @@ CVE-2021-29914 CVE-2021-29913 RESERVED CVE-2021-29912 (IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-29911 RESERVED CVE-2021-29910 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a5128035fec0d49a6b3fc417e5b949b159bb2cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a5128035fec0d49a6b3fc417e5b949b159bb2cf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d1a5ad1b by security tracker role at 2021-10-19T20:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -408,10 +408,10 @@ CVE-2021-3891 RESERVED CVE-2021-3890 RESERVED -CVE-2021-3889 - RESERVED -CVE-2021-3888 - RESERVED +CVE-2021-3889 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...) + TODO: check +CVE-2021-3888 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...) + TODO: check CVE-2021-3887 RESERVED CVE-2022-20611 @@ -2187,12 +2187,12 @@ CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds Read ...) - libmobi (bug #966677) CVE-2021-3880 RESERVED -CVE-2021-3879 - RESERVED +CVE-2021-3879 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + TODO: check CVE-2021-42262 RESERVED -CVE-2021-42261 - RESERVED +CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directory tra ...) + TODO: check CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp ...) - tinyxml NOTE: https://sourceforge.net/p/tinyxml/bugs/141/ @@ -2535,8 +2535,8 @@ CVE-2021-42102 RESERVED CVE-2021-42101 RESERVED -CVE-2021-3872 - RESERVED +CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow ...) + TODO: check CVE-2021-3871 RESERVED CVE-2021-3870 @@ -2594,8 +2594,8 @@ CVE-2021-42085 (An issue was discovered in Zammad before 4.1.1. There is stored - zammad (bug #841355) CVE-2021-42084 (An issue was discovered in Zammad before 4.1.1. An attacker with valid ...) - zammad (bug #841355) -CVE-2021-3869 - RESERVED +CVE-2021-3869 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) + TODO: check CVE-2021-42083 RESERVED CVE-2021-42082 @@ -2778,8 +2778,8 @@ CVE-2021-42012 RESERVED CVE-2021-42011 RESERVED -CVE-2021-3863 - RESERVED +CVE-2021-3863 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + TODO: check CVE-2021-42010 RESERVED CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...) @@ -2871,8 +2871,8 @@ CVE-2021-41975 (TadTools special page is vulnerable to authorization bypass, thu NOT-FOR-US: TadTools CVE-2021-41974 (Tad Book3 editing book page does not perform identity verification. Re ...) NOT-FOR-US: Tad Book3 -CVE-2021-3858 - RESERVED +CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...) + TODO: check CVE-2021-3857 RESERVED CVE-2021-41973 @@ -3145,8 +3145,8 @@ CVE-2021-41852 RESERVED CVE-2021-41851 RESERVED -CVE-2021-3851 - RESERVED +CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site ...) + TODO: check CVE-2021-3850 RESERVED CVE-2021-3849 @@ -3188,8 +3188,8 @@ CVE-2021-3847 [low-privileged user privileges escalation] - linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2009704 NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/3 -CVE-2021-3846 - RESERVED +CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dangerou ...) + TODO: check CVE-2021-23139 RESERVED CVE-2021-3845 @@ -4724,8 +4724,8 @@ CVE-2021-41151 (Backstage is an open platform for building developer portals. In TODO: check CVE-2021-41150 RESERVED -CVE-2021-41149 - RESERVED +CVE-2021-41149 (Tough provides a set of Rust libraries and tools for using and generat ...) + TODO: check CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) NOT-FOR-US: Tuleap CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) @@ -4742,8 +4742,8 @@ CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end t NOT-FOR-US: Tuleap CVE-2021-41141 RESERVED -CVE-2021-41140 - RESERVED +CVE-2021-41140 (Discourse-reactions is a plugin for the Discourse platform that allows ...) + TODO: check CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) NOT-FOR-US: Anuko Time Tracker CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the newly int ...) @@ -4760,8 +4760,8 @@ CVE-2021-41134 RESERVED CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...) NOT-FOR-US: OMERO.web -CVE-2021-41131 - RESERVED +CVE-2021-41131 (python-tuf is a Python reference implementation of The Update Framewor ...) + TODO: check CVE-2021-41130 (Extensible
[Git][security-tracker-team/security-tracker][master] ffmpeg DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
50dd0797 by Moritz Mühlenhoff at 2021-10-19T20:48:27+02:00
ffmpeg DSA
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[19 Oct 2021] DSA-4990-1 ffmpeg - security update
+ {CVE-2020-20445 CVE-2020-20446 CVE-2020-20453 CVE-2020-21041
CVE-2020-22015 CVE-2020-22016 CVE-2020-22017 CVE-2020-22019 CVE-2020-22020
CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026
CVE-2020-22027 CVE-2020-22028 CVE-2020-22029 CVE-2020-22030 CVE-2020-22031
CVE-2020-22032 CVE-2020-22033 CVE-2020-22034 CVE-2020-22035 CVE-2020-22036
CVE-2020-22037 CVE-2020-22049 CVE-2020-22054 CVE-2020-35965 CVE-2021-38114
CVE-2021-38171 CVE-2021-38291}
+ [buster] - ffmpeg 7:4.1.8-0+deb10u1
[18 Oct 2021] DSA-4989-1 strongswan - security update
{CVE-2021-41990 CVE-2021-41991}
[buster] - strongswan 5.7.2-1+deb10u1
=
data/dsa-needed.txt
=
@@ -23,9 +23,6 @@ djvulibre
--
faad2/oldstable (jmm)
--
-ffmpeg/oldstable (jmm)
- 4.1.7 fixes a number of bugs, but several further one in the 4.1 branch,
reaching out for a 4.1.8 release date
---
gpac (jmm)
--
icu
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50dd0797b8557462d2e9d4546b4865163e3308b3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50dd0797b8557462d2e9d4546b4865163e3308b3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dogtag-pki fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b01619e7 by Moritz Muehlenhoff at 2021-10-19T19:25:47+02:00 dogtag-pki fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -73710,7 +73710,7 @@ CVE-2020-25717 CVE-2020-25716 (A flaw was found in Cloudforms. A role-based privileges escalation fla ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-25715 (A flaw was found in pki-core 10.9.0. A specially crafted POST request ...) - - dogtag-pki (bug #988153) + - dogtag-pki 11.0.0-1 (bug #988153) [bullseye] - dogtag-pki (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1891016 NOTE: https://github.com/dogtagpki/pki/commit/13f4c7fe7d71d42b46b25f3e8472ef7f35da5dd6 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b01619e767e3792ac8558dec2f5c530bc58451b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b01619e767e3792ac8558dec2f5c530bc58451b5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: copy/paste jsoup status from extended-lts-t...@freexian.com exchange
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 2c598977 by Sylvain Beucler at 2021-10-19T17:06:00+02:00 dla: copy/paste jsoup status from extended-lts-t...@freexian.com exchange - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -44,6 +44,8 @@ firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag -- jsoup + NOTE: 20211016: I'm still waiting for some feedback from the security team. I will keep + NOTE: 20211016: jsoup in dla-needed.txt until they get back to me. (apo) -- linux (Ben Hutchings) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c5989773d35fa1ba373bbc863c5903f9f13e7b9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c5989773d35fa1ba373bbc863c5903f9f13e7b9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] ffmpeg triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 492684bb by Moritz Muehlenhoff at 2021-10-19T11:18:34+02:00 ffmpeg triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -82007,7 +82007,7 @@ CVE-2020-22039 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a NOTE: https://trac.ffmpeg.org/ticket/8302 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a581bb66ea5eb981e2e498ca301df7d1ef15a6a3 CVE-2020-22038 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - - ffmpeg (unimportant) + - ffmpeg 7:4.4-5 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8285 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7c32e9cf93b712f8463573a59ed4e98fd10fa013 CVE-2020-22037 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) @@ -85492,6 +85492,7 @@ CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/ - ffmpeg (unimportant) NOTE: https://trac.ffmpeg.org/ticket/7996 NOTE: Negligible security impact + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38d18fb57863bb9c54e68ae44aa780c5c282a184 CVE-2020-20444 (Jact OpenClinic 0.8.20160412 allows the attacker to read server files ...) NOT-FOR-US: Jact OpenClinic CVE-2020-20443 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/492684bb2c14cb9482316d653f7745a5f638bb00 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/492684bb2c14cb9482316d653f7745a5f638bb00 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b2d5488d by Salvatore Bonaccorso at 2021-10-19T10:59:25+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4719,7 +4719,7 @@ CVE-2021-41154 (Tuleap is a Free Open Source Suite to improve management o CVE-2021-41153 (The evm crate is a pure Rust implementation of Ethereum Virtual Machin ...) TODO: check CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, learning, as ...) - TODO: check + NOT-FOR-US: OpenOlat CVE-2021-41151 (Backstage is an open platform for building developer portals. In affec ...) TODO: check CVE-2021-41150 @@ -44949,7 +44949,7 @@ CVE-2021-24762 CVE-2021-24761 RESERVED CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24759 RESERVED CVE-2021-24758 @@ -55686,7 +55686,7 @@ CVE-2021-20838 CVE-2021-20837 RESERVED CVE-2021-20836 (Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0 ...) - TODO: check + NOT-FOR-US: CX-Supervisor CVE-2021-20835 RESERVED CVE-2021-20834 (Improper authorization in handler for custom URL scheme vulnerability ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2d5488d09a3c7344a5332182c6443a8b3426d0b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2d5488d09a3c7344a5332182c6443a8b3426d0b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] ffmpeg triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a46ee0a5 by Moritz Muehlenhoff at 2021-10-19T10:55:44+02:00
ffmpeg triage
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
@@ -85475,15 +85475,19 @@ CVE-2020-20450 (FFmpeg 4.2 is affected by null
pointer dereference passed as arg
CVE-2020-20449
RESERVED
CVE-2020-20448 (FFmpeg 4.1.3 is affected by a Divide By Zero issue via
libavcodec/rate ...)
- - ffmpeg (unimportant)
+ - ffmpeg 7:4.3-2 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/7990
NOTE: Negligible security impact
+ NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8802e329c8317ca5ceb929df48a23eb0f9e852b2
+ NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=55279d699fa64d8eb1185d8db04ab4ed92e8dea2
CVE-2020-20447
RESERVED
CVE-2020-20446 (FFmpeg 4.2 is affected by a Divide By Zero issue via
libavcodec/aacpsy ...)
- ffmpeg (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/7995
NOTE: Negligible security impact
+ NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/223b5e8ac9f6461bb13ed365419ec485c5b2b002
+ NOTE: Pending for 4.4.1
CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via
libavcodec/lpc.h, ...)
- ffmpeg (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/7996
=
data/DSA/list
=
@@ -838,7 +838,7 @@
{CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742
CVE-2020-11743 CVE-2020-15563 CVE-2020-15564 CVE-2020-15565 CVE-2020-15566
CVE-2020-15567}
[buster] - xen 4.11.4+24-gddaaccbbab-1~deb10u1
[08 Jul 2020] DSA-4722-1 ffmpeg - security update
- {CVE-2019-13390 CVE-2019-17539 CVE-2019-17542 CVE-2020-12284
CVE-2020-13904 CVE-2020-20902}
+ {CVE-2019-13390 CVE-2019-17539 CVE-2019-17542 CVE-2020-12284
CVE-2020-13904 CVE-2020-20902 CVE-2020-20448}
[buster] - ffmpeg 7:4.1.6-1~deb10u1
[08 Jul 2020] DSA-4721-1 ruby2.5 - security update
{CVE-2020-10663 CVE-2020-10933}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a46ee0a59bde0bf60d22b9a9371e51724a96dfdb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a46ee0a59bde0bf60d22b9a9371e51724a96dfdb
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7070f868 by security tracker role at 2021-10-19T08:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,43 @@ +CVE-2021-42717 + RESERVED +CVE-2021-42716 + RESERVED +CVE-2021-42715 + RESERVED +CVE-2021-42714 + RESERVED +CVE-2021-42713 + RESERVED +CVE-2021-42712 + RESERVED +CVE-2021-42711 + RESERVED +CVE-2021-42710 + RESERVED +CVE-2021-42709 + RESERVED +CVE-2021-42708 + RESERVED +CVE-2021-42707 + RESERVED +CVE-2021-42706 + RESERVED +CVE-2021-42705 + RESERVED +CVE-2021-42704 + RESERVED +CVE-2021-42703 + RESERVED +CVE-2021-42702 + RESERVED +CVE-2021-42701 + RESERVED +CVE-2021-42700 + RESERVED +CVE-2021-42699 + RESERVED +CVE-2021-42698 + RESERVED CVE-2021-42697 RESERVED CVE-2021-42696 @@ -92,8 +132,8 @@ CVE-2021-42652 RESERVED CVE-2021-42651 RESERVED -CVE-2021-42650 - RESERVED +CVE-2021-42650 (Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9 ...) + TODO: check CVE-2021-42649 RESERVED CVE-2021-42648 @@ -4670,18 +4710,18 @@ CVE-2021-41158 RESERVED CVE-2021-41157 RESERVED -CVE-2021-41156 - RESERVED -CVE-2021-41155 - RESERVED -CVE-2021-41154 - RESERVED -CVE-2021-41153 - RESERVED -CVE-2021-41152 - RESERVED -CVE-2021-41151 - RESERVED +CVE-2021-41156 (anuko/timetracker is an, open source time tracking system. In affected ...) + TODO: check +CVE-2021-41155 (Tuleap is a Free Open Source Suite to improve management of soft ...) + TODO: check +CVE-2021-41154 (Tuleap is a Free Open Source Suite to improve management of soft ...) + TODO: check +CVE-2021-41153 (The evm crate is a pure Rust implementation of Ethereum Virtual Machin ...) + TODO: check +CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, learning, as ...) + TODO: check +CVE-2021-41151 (Backstage is an open platform for building developer portals. In affec ...) + TODO: check CVE-2021-41150 RESERVED CVE-2021-41149 @@ -55645,8 +55685,8 @@ CVE-2021-20838 RESERVED CVE-2021-20837 RESERVED -CVE-2021-20836 - RESERVED +CVE-2021-20836 (Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0 ...) + TODO: check CVE-2021-20835 RESERVED CVE-2021-20834 (Improper authorization in handler for custom URL scheme vulnerability ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7070f8685120efc6f96e36b0025d38b26ce2d905 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7070f8685120efc6f96e36b0025d38b26ce2d905 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2021-20322/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ce9cbe3f by Salvatore Bonaccorso at 2021-10-19T09:04:50+02:00 Update status for CVE-2021-20322/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -56687,7 +56687,8 @@ CVE-2021-20323 RESERVED CVE-2021-20322 [new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies] RESERVED - - linux + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014230 CVE-2021-20321 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce9cbe3fcfee680c21837d382d944346f40420b7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce9cbe3fcfee680c21837d382d944346f40420b7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-20322/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 107ffcf8 by Salvatore Bonaccorso at 2021-10-19T08:55:51+02:00 Add CVE-2021-20322/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -56685,8 +56685,10 @@ CVE-2021-20324 RESERVED CVE-2021-20323 RESERVED -CVE-2021-20322 +CVE-2021-20322 [new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies] RESERVED + - linux + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014230 CVE-2021-20321 RESERVED - linux 5.14.12-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/107ffcf80a7e5fcf5d5f5b4ea4e6c8afda7b50b8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/107ffcf80a7e5fcf5d5f5b4ea4e6c8afda7b50b8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
