[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2021-41990 as not-affected for Stretch
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 5fb95468 by Thorsten Alteholz at 2021-10-19T23:35:37+02:00 mark CVE-2021-41990 as not-affected for Stretch - - - - - 0bfe9879 by Thorsten Alteholz at 2021-10-20T00:32:36+02:00 Reserve DLA-2788-1 for strongswan - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: = data/CVE/list = @@ -2840,6 +2840,7 @@ CVE-2021-41991 (The in-memory certificate cache in strongSwan before 5.9.4 has a CVE-2021-41990 (The gmp plugin in strongSwan before 5.9.4 has a remote integer overflo ...) {DSA-4989-1} - strongswan + [stretch] - strongswan (The vulnerable code was introduced later in version 5.6.1) NOTE: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html CVE-2021-41989 RESERVED = data/DLA/list = @@ -1,3 +1,6 @@ +[20 Oct 2021] DLA-2788-1 strongswan - security update + {CVE-2021-41991} + [stretch] - strongswan 5.5.1-4+deb9u5 [18 Oct 2021] DLA-2787-1 redmine - security update {CVE-2021-42326} [stretch] - redmine 3.3.1-4+deb9u5 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/caa311ef3e719a8aede9469feab18f461b26b4f2...0bfe9879fb9c9808e78cf69a54eb1b8f3eff17fa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/caa311ef3e719a8aede9469feab18f461b26b4f2...0bfe9879fb9c9808e78cf69a54eb1b8f3eff17fa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: remove ffmpeg entries for issues pending for 4.3.3
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5f2c6516 by Moritz Muehlenhoff at 2021-10-19T22:36:24+02:00 remove ffmpeg postponed entries for issues pending for 4.3.3 - - - - - caa311ef by Moritz Muehlenhoff at 2021-10-19T22:36:24+02:00 add note in dla-needed for 3.2.16 - - - - - 3 changed files: - data/CVE/list - data/dla-needed.txt - data/dsa-needed.txt Changes: = data/CVE/list = @@ -11881,7 +11881,6 @@ CVE-2021-38172 CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not ...) {DSA-4990-1} - ffmpeg - [bullseye] - ffmpeg (Wait for 4.3.3) [stretch] - ffmpeg (Wait to be fixed in buster first) NOTE: https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6 CVE-2021-38170 @@ -12023,7 +12022,6 @@ CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibG CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of ...) {DSA-4990-1 DLA-2742-1} - ffmpeg - [bullseye] - ffmpeg (Wait for 4.3.3) NOTE: https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1 CVE-2021-3687 RESERVED @@ -82773,7 +82771,6 @@ CVE-2020-21698 RESERVED CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...) - ffmpeg 7:4.4-5 - [bullseye] - ffmpeg (Wait for 4.3.3) [buster] - ffmpeg (Wait for 4.1.9) NOTE: https://trac.ffmpeg.org/ticket/8188 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6 @@ -82795,7 +82792,6 @@ CVE-2020-21689 RESERVED CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...) - ffmpeg 7:4.4-5 - [bullseye] - ffmpeg (Wait for 4.3.3) [buster] - ffmpeg (Wait for 4.1.9) NOTE: https://trac.ffmpeg.org/ticket/8186 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1 = data/dla-needed.txt = @@ -36,6 +36,7 @@ faad2 (Thorsten Alteholz) ffmpeg (Anton Gladky) NOTE: probably wait until stuff is fixed in Buster NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/ffmpeg + NOTE: ffmpeg 3.2.16 has been released -- firefox-esr (Emilio) -- = data/dsa-needed.txt = @@ -23,6 +23,8 @@ djvulibre -- faad2/oldstable (jmm) -- +ffmpeg/stable (jmm) +-- gpac (jmm) -- icu View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c78de203f159724784a6bc8fe1b330e95a5bc610...caa311ef3e719a8aede9469feab18f461b26b4f2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c78de203f159724784a6bc8fe1b330e95a5bc610...caa311ef3e719a8aede9469feab18f461b26b4f2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new chromium issues from 2021-10-19 release
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c78de203 by Salvatore Bonaccorso at 2021-10-19T22:35:14+02:00 Add new chromium issues from 2021-10-19 release - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12295,36 +12295,68 @@ CVE-2021-37997 RESERVED CVE-2021-37996 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37995 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37994 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37993 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37992 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37991 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37990 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37989 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37988 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37987 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37986 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37985 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37984 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37983 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37982 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37981 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37980 RESERVED - chromium View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c78de203f159724784a6bc8fe1b330e95a5bc610 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c78de203f159724784a6bc8fe1b330e95a5bc610 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 46a43437 by Moritz Muehlenhoff at 2021-10-19T22:31:18+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -133,7 +133,7 @@ CVE-2021-42652 CVE-2021-42651 RESERVED CVE-2021-42650 (Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9 ...) - TODO: check + NOT-FOR-US: Portainer CVE-2021-42649 RESERVED CVE-2021-42648 @@ -281,9 +281,9 @@ CVE-2021-42578 CVE-2021-42577 RESERVED CVE-2021-42576 (The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Py ...) - TODO: check + NOT-FOR-US: bluemonday sanitizer CVE-2021-42575 (The OWASP Java HTML Sanitizer before 20211018.1 does not properly enfo ...) - TODO: check + NOT-FOR-US: OWASP HTML Sanitizer CVE-2021-42574 RESERVED CVE-2021-42573 @@ -2597,7 +2597,7 @@ CVE-2021-42085 (An issue was discovered in Zammad before 4.1.1. There is stored CVE-2021-42084 (An issue was discovered in Zammad before 4.1.1. An attacker with valid ...) - zammad (bug #841355) CVE-2021-3869 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) - TODO: check + NOT-FOR-US: CoreNLP CVE-2021-42083 RESERVED CVE-2021-42082 @@ -4713,17 +4713,17 @@ CVE-2021-41158 CVE-2021-41157 RESERVED CVE-2021-41156 (anuko/timetracker is an, open source time tracking system. In affected ...) - TODO: check + NOT-FOR-US: anuko/timetracker CVE-2021-41155 (Tuleap is a Free Open Source Suite to improve management of soft ...) - TODO: check + NOT-FOR-US: Tuleap CVE-2021-41154 (Tuleap is a Free Open Source Suite to improve management of soft ...) - TODO: check + NOT-FOR-US: Tuleap CVE-2021-41153 (The evm crate is a pure Rust implementation of Ethereum Virtual Machin ...) TODO: check CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, learning, as ...) NOT-FOR-US: OpenOlat CVE-2021-41151 (Backstage is an open platform for building developer portals. In affec ...) - TODO: check + NOT-FOR-US: Backstage CVE-2021-41150 RESERVED CVE-2021-41149 (Tough provides a set of Rust libraries and tools for using and generat ...) @@ -4745,7 +4745,7 @@ CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end t CVE-2021-41141 RESERVED CVE-2021-41140 (Discourse-reactions is a plugin for the Discourse platform that allows ...) - TODO: check + NOT-FOR-US: Discourse plugin CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) NOT-FOR-US: Anuko Time Tracker CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the newly int ...) @@ -22584,7 +22584,7 @@ CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_prob ...) {DLA-2742-1} - ffmpeg 7:4.3-2 - [buster] - ffmpeg (Wait for 4.1.8) + [buster] - ffmpeg (Wait for 4.1.9) NOTE: https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54ba793d7da99ea5157532 CVE-2021-33579 RESERVED @@ -82742,7 +82742,7 @@ CVE-2020-21698 CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...) - ffmpeg 7:4.4-5 [bullseye] - ffmpeg (Wait for 4.3.3) - [buster] - ffmpeg (Wait for 4.1.8) + [buster] - ffmpeg (Wait for 4.1.9) NOTE: https://trac.ffmpeg.org/ticket/8188 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6 CVE-2020-21696 @@ -82764,7 +82764,7 @@ CVE-2020-21689 CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...) - ffmpeg 7:4.4-5 [bullseye] - ffmpeg (Wait for 4.3.3) - [buster] - ffmpeg (Wait for 4.1.8) + [buster] - ffmpeg (Wait for 4.1.9) NOTE: https://trac.ffmpeg.org/ticket/8186 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1 CVE-2020-21687 @@ -84220,7 +84220,7 @@ CVE-2020-21041 (Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_i {DSA-4990-1 DLA-2742-1} [experimental] - ffmpeg 7:4.4-1 - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) - [stretch] - ffmpeg (Wait for 4.1.8) + [stretch] - ffmpeg (Wait for 4.1.9) NOTE: https://trac.ffmpeg.org/ticket/7989 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5d9f44da460f781a1604d537d0555b78e29438ba CVE-2020-21040 @@ -84522,7 +84522,7 @@ CVE-2020-20897 REJECTED CVE-2020-20896 (An issue was discovered in function latm_write_packet in libavformat/l ...) - ffmpeg
[Git][security-tracker-team/security-tracker][master] Add CVE-2011-1497/rails for an ancient issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1662eafb by Salvatore Bonaccorso at 2021-10-19T22:29:27+02:00 Add CVE-2011-1497/rails for an ancient issue The versions affected for ruby-{active,action}*-X.Y packages are long gone in Debian, so do not go down these versions to track the fixed verion. src:rails OTOH was then never affected in Debian as the initial upload for Rails 4.0 contained the fix already. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -429323,7 +429323,9 @@ CVE-2011-1498 (Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when NOTE: http://seclists.org/oss-sec/2011/q2/188 NOTE: http://web.archive.org/web/20130102213624/http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt CVE-2011-1497 (A cross-site scripting vulnerability flaw was found in the auto_link f ...) - TODO: check + - rails (Fixed before initial release of rails 4.0 to Debian) + NOTE: https://www.openwall.com/lists/oss-security/2011/04/06/13 + NOTE: https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d CVE-2011-1496 (tmux 1.3 and 1.4 does not properly drop group privileges, which allows ...) {DSA-2212-1} - tmux 1.4-6 (bug #620304) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1662eafb083d6d58cfd5aa18c745bcd53fdfb1b9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1662eafb083d6d58cfd5aa18c745bcd53fdfb1b9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-41131/python-tuf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 494e4185 by Salvatore Bonaccorso at 2021-10-19T22:25:53+02:00 Add CVE-2021-41131/python-tuf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4763,7 +4763,7 @@ CVE-2021-41134 CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...) NOT-FOR-US: OMERO.web CVE-2021-41131 (python-tuf is a Python reference implementation of The Update Framewor ...) - TODO: check + - python-tuf (bug #934151) CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables API mana ...) NOT-FOR-US: Extensible Service Proxy CVE-2021-41129 (Pterodactyl is an open-source game server management panel built with ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/494e41856f26289cd5370ac7de979bf1717a66c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/494e41856f26289cd5370ac7de979bf1717a66c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3872/vim
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 62d7fa99 by Salvatore Bonaccorso at 2021-10-19T22:24:55+02:00 Add CVE-2021-3872/vim - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2536,7 +2536,9 @@ CVE-2021-42102 CVE-2021-42101 RESERVED CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow ...) - TODO: check + - vim + NOTE: https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8 + NOTE: https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b CVE-2021-3871 RESERVED CVE-2021-3870 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62d7fa99f24d65989bb79c78525c6390323d5de0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62d7fa99f24d65989bb79c78525c6390323d5de0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a4727f6 by Salvatore Bonaccorso at 2021-10-19T22:23:05+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2188,11 +2188,11 @@ CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds Read ...) CVE-2021-3880 RESERVED CVE-2021-3879 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) - TODO: check + NOT-FOR-US: snipe-it CVE-2021-42262 RESERVED CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directory tra ...) - TODO: check + NOT-FOR-US: Revisor Video Management System (VMS) CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp ...) - tinyxml NOTE: https://sourceforge.net/p/tinyxml/bugs/141/ @@ -2779,7 +2779,7 @@ CVE-2021-42012 CVE-2021-42011 RESERVED CVE-2021-3863 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) - TODO: check + NOT-FOR-US: snipe-it CVE-2021-42010 RESERVED CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...) @@ -2872,7 +2872,7 @@ CVE-2021-41975 (TadTools special page is vulnerable to authorization bypass, thu CVE-2021-41974 (Tad Book3 editing book page does not perform identity verification. Re ...) NOT-FOR-US: Tad Book3 CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...) - TODO: check + NOT-FOR-US: snipe-it CVE-2021-3857 RESERVED CVE-2021-41973 @@ -3146,7 +3146,7 @@ CVE-2021-41852 CVE-2021-41851 RESERVED CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site ...) - TODO: check + NOT-FOR-US: firefly-iii CVE-2021-3850 RESERVED CVE-2021-3849 @@ -3189,7 +3189,7 @@ CVE-2021-3847 [low-privileged user privileges escalation] NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2009704 NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/3 CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dangerou ...) - TODO: check + NOT-FOR-US: firefly-iii CVE-2021-23139 RESERVED CVE-2021-3845 @@ -8880,7 +8880,7 @@ CVE-2021-39357 CVE-2021-39356 RESERVED CVE-2021-39355 (The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39354 RESERVED CVE-2021-39353 @@ -8904,7 +8904,7 @@ CVE-2021-39345 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scri CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2021-39343 (The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...) NOT-FOR-US: WordPress plugin CVE-2021-39341 @@ -8932,7 +8932,7 @@ CVE-2021-39331 CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to Stored C ...) NOT-FOR-US: WordPress plugin CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39328 RESERVED CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...) @@ -11040,55 +11040,55 @@ CVE-2021-38488 CVE-2021-38487 RESERVED CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cl ...) - TODO: check + NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38485 RESERVED CVE-2021-38484 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...) - TODO: check + NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38483 RESERVED CVE-2021-38482 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 we ...) - TODO: check + NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38481 RESERVED CVE-2021-38480 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...) - TODO: check + NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38479 RESERVED CVE-2021-38478 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...) - TODO: check + NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38477 RESERVED CVE-2021-38476 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 au ...) - TODO: check + NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38475 RESERVED CVE-2021-38474 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-388{8,9}/libmobi
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e2fa9aec by Salvatore Bonaccorso at 2021-10-19T22:21:59+02:00 Add CVE-2021-388{8,9}/libmobi - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -409,9 +409,9 @@ CVE-2021-3891 CVE-2021-3890 RESERVED CVE-2021-3889 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...) - TODO: check + - libmobi (bug #966677) CVE-2021-3888 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...) - TODO: check + - libmobi (bug #966677) CVE-2021-3887 RESERVED CVE-2022-20611 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2fa9aecf1e27ba37908cdd995500d9805531397 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2fa9aecf1e27ba37908cdd995500d9805531397 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a512803 by Salvatore Bonaccorso at 2021-10-19T22:13:30+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10014,7 +10014,7 @@ CVE-2021-38913 CVE-2021-38912 RESERVED CVE-2021-38911 (IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in p ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-38910 RESERVED CVE-2021-38909 @@ -32247,7 +32247,7 @@ CVE-2021-29914 CVE-2021-29913 RESERVED CVE-2021-29912 (IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-29911 RESERVED CVE-2021-29910 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a5128035fec0d49a6b3fc417e5b949b159bb2cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a5128035fec0d49a6b3fc417e5b949b159bb2cf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d1a5ad1b by security tracker role at 2021-10-19T20:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -408,10 +408,10 @@ CVE-2021-3891 RESERVED CVE-2021-3890 RESERVED -CVE-2021-3889 - RESERVED -CVE-2021-3888 - RESERVED +CVE-2021-3889 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...) + TODO: check +CVE-2021-3888 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...) + TODO: check CVE-2021-3887 RESERVED CVE-2022-20611 @@ -2187,12 +2187,12 @@ CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds Read ...) - libmobi (bug #966677) CVE-2021-3880 RESERVED -CVE-2021-3879 - RESERVED +CVE-2021-3879 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + TODO: check CVE-2021-42262 RESERVED -CVE-2021-42261 - RESERVED +CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directory tra ...) + TODO: check CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp ...) - tinyxml NOTE: https://sourceforge.net/p/tinyxml/bugs/141/ @@ -2535,8 +2535,8 @@ CVE-2021-42102 RESERVED CVE-2021-42101 RESERVED -CVE-2021-3872 - RESERVED +CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow ...) + TODO: check CVE-2021-3871 RESERVED CVE-2021-3870 @@ -2594,8 +2594,8 @@ CVE-2021-42085 (An issue was discovered in Zammad before 4.1.1. There is stored - zammad (bug #841355) CVE-2021-42084 (An issue was discovered in Zammad before 4.1.1. An attacker with valid ...) - zammad (bug #841355) -CVE-2021-3869 - RESERVED +CVE-2021-3869 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) + TODO: check CVE-2021-42083 RESERVED CVE-2021-42082 @@ -2778,8 +2778,8 @@ CVE-2021-42012 RESERVED CVE-2021-42011 RESERVED -CVE-2021-3863 - RESERVED +CVE-2021-3863 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + TODO: check CVE-2021-42010 RESERVED CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...) @@ -2871,8 +2871,8 @@ CVE-2021-41975 (TadTools special page is vulnerable to authorization bypass, thu NOT-FOR-US: TadTools CVE-2021-41974 (Tad Book3 editing book page does not perform identity verification. Re ...) NOT-FOR-US: Tad Book3 -CVE-2021-3858 - RESERVED +CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...) + TODO: check CVE-2021-3857 RESERVED CVE-2021-41973 @@ -3145,8 +3145,8 @@ CVE-2021-41852 RESERVED CVE-2021-41851 RESERVED -CVE-2021-3851 - RESERVED +CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site ...) + TODO: check CVE-2021-3850 RESERVED CVE-2021-3849 @@ -3188,8 +3188,8 @@ CVE-2021-3847 [low-privileged user privileges escalation] - linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2009704 NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/3 -CVE-2021-3846 - RESERVED +CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dangerou ...) + TODO: check CVE-2021-23139 RESERVED CVE-2021-3845 @@ -4724,8 +4724,8 @@ CVE-2021-41151 (Backstage is an open platform for building developer portals. In TODO: check CVE-2021-41150 RESERVED -CVE-2021-41149 - RESERVED +CVE-2021-41149 (Tough provides a set of Rust libraries and tools for using and generat ...) + TODO: check CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) NOT-FOR-US: Tuleap CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) @@ -4742,8 +4742,8 @@ CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end t NOT-FOR-US: Tuleap CVE-2021-41141 RESERVED -CVE-2021-41140 - RESERVED +CVE-2021-41140 (Discourse-reactions is a plugin for the Discourse platform that allows ...) + TODO: check CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) NOT-FOR-US: Anuko Time Tracker CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the newly int ...) @@ -4760,8 +4760,8 @@ CVE-2021-41134 RESERVED CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...) NOT-FOR-US: OMERO.web -CVE-2021-41131 - RESERVED +CVE-2021-41131 (python-tuf is a Python reference implementation of The Update Framewor ...) + TODO: check CVE-2021-41130 (Extensible
[Git][security-tracker-team/security-tracker][master] ffmpeg DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 50dd0797 by Moritz Mühlenhoff at 2021-10-19T20:48:27+02:00 ffmpeg DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[19 Oct 2021] DSA-4990-1 ffmpeg - security update + {CVE-2020-20445 CVE-2020-20446 CVE-2020-20453 CVE-2020-21041 CVE-2020-22015 CVE-2020-22016 CVE-2020-22017 CVE-2020-22019 CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026 CVE-2020-22027 CVE-2020-22028 CVE-2020-22029 CVE-2020-22030 CVE-2020-22031 CVE-2020-22032 CVE-2020-22033 CVE-2020-22034 CVE-2020-22035 CVE-2020-22036 CVE-2020-22037 CVE-2020-22049 CVE-2020-22054 CVE-2020-35965 CVE-2021-38114 CVE-2021-38171 CVE-2021-38291} + [buster] - ffmpeg 7:4.1.8-0+deb10u1 [18 Oct 2021] DSA-4989-1 strongswan - security update {CVE-2021-41990 CVE-2021-41991} [buster] - strongswan 5.7.2-1+deb10u1 = data/dsa-needed.txt = @@ -23,9 +23,6 @@ djvulibre -- faad2/oldstable (jmm) -- -ffmpeg/oldstable (jmm) - 4.1.7 fixes a number of bugs, but several further one in the 4.1 branch, reaching out for a 4.1.8 release date --- gpac (jmm) -- icu View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50dd0797b8557462d2e9d4546b4865163e3308b3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50dd0797b8557462d2e9d4546b4865163e3308b3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dogtag-pki fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b01619e7 by Moritz Muehlenhoff at 2021-10-19T19:25:47+02:00 dogtag-pki fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -73710,7 +73710,7 @@ CVE-2020-25717 CVE-2020-25716 (A flaw was found in Cloudforms. A role-based privileges escalation fla ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-25715 (A flaw was found in pki-core 10.9.0. A specially crafted POST request ...) - - dogtag-pki (bug #988153) + - dogtag-pki 11.0.0-1 (bug #988153) [bullseye] - dogtag-pki (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1891016 NOTE: https://github.com/dogtagpki/pki/commit/13f4c7fe7d71d42b46b25f3e8472ef7f35da5dd6 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b01619e767e3792ac8558dec2f5c530bc58451b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b01619e767e3792ac8558dec2f5c530bc58451b5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: copy/paste jsoup status from extended-lts-t...@freexian.com exchange
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 2c598977 by Sylvain Beucler at 2021-10-19T17:06:00+02:00 dla: copy/paste jsoup status from extended-lts-t...@freexian.com exchange - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -44,6 +44,8 @@ firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag -- jsoup + NOTE: 20211016: I'm still waiting for some feedback from the security team. I will keep + NOTE: 20211016: jsoup in dla-needed.txt until they get back to me. (apo) -- linux (Ben Hutchings) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c5989773d35fa1ba373bbc863c5903f9f13e7b9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c5989773d35fa1ba373bbc863c5903f9f13e7b9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] ffmpeg triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 492684bb by Moritz Muehlenhoff at 2021-10-19T11:18:34+02:00 ffmpeg triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -82007,7 +82007,7 @@ CVE-2020-22039 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a NOTE: https://trac.ffmpeg.org/ticket/8302 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a581bb66ea5eb981e2e498ca301df7d1ef15a6a3 CVE-2020-22038 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - - ffmpeg (unimportant) + - ffmpeg 7:4.4-5 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8285 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7c32e9cf93b712f8463573a59ed4e98fd10fa013 CVE-2020-22037 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) @@ -85492,6 +85492,7 @@ CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/ - ffmpeg (unimportant) NOTE: https://trac.ffmpeg.org/ticket/7996 NOTE: Negligible security impact + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38d18fb57863bb9c54e68ae44aa780c5c282a184 CVE-2020-20444 (Jact OpenClinic 0.8.20160412 allows the attacker to read server files ...) NOT-FOR-US: Jact OpenClinic CVE-2020-20443 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/492684bb2c14cb9482316d653f7745a5f638bb00 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/492684bb2c14cb9482316d653f7745a5f638bb00 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b2d5488d by Salvatore Bonaccorso at 2021-10-19T10:59:25+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4719,7 +4719,7 @@ CVE-2021-41154 (Tuleap is a Free Open Source Suite to improve management o CVE-2021-41153 (The evm crate is a pure Rust implementation of Ethereum Virtual Machin ...) TODO: check CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, learning, as ...) - TODO: check + NOT-FOR-US: OpenOlat CVE-2021-41151 (Backstage is an open platform for building developer portals. In affec ...) TODO: check CVE-2021-41150 @@ -44949,7 +44949,7 @@ CVE-2021-24762 CVE-2021-24761 RESERVED CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24759 RESERVED CVE-2021-24758 @@ -55686,7 +55686,7 @@ CVE-2021-20838 CVE-2021-20837 RESERVED CVE-2021-20836 (Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0 ...) - TODO: check + NOT-FOR-US: CX-Supervisor CVE-2021-20835 RESERVED CVE-2021-20834 (Improper authorization in handler for custom URL scheme vulnerability ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2d5488d09a3c7344a5332182c6443a8b3426d0b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2d5488d09a3c7344a5332182c6443a8b3426d0b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] ffmpeg triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: a46ee0a5 by Moritz Muehlenhoff at 2021-10-19T10:55:44+02:00 ffmpeg triage - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = @@ -85475,15 +85475,19 @@ CVE-2020-20450 (FFmpeg 4.2 is affected by null pointer dereference passed as arg CVE-2020-20449 RESERVED CVE-2020-20448 (FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/rate ...) - - ffmpeg (unimportant) + - ffmpeg 7:4.3-2 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/7990 NOTE: Negligible security impact + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8802e329c8317ca5ceb929df48a23eb0f9e852b2 + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=55279d699fa64d8eb1185d8db04ab4ed92e8dea2 CVE-2020-20447 RESERVED CVE-2020-20446 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy ...) - ffmpeg (unimportant) NOTE: https://trac.ffmpeg.org/ticket/7995 NOTE: Negligible security impact + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/223b5e8ac9f6461bb13ed365419ec485c5b2b002 + NOTE: Pending for 4.4.1 CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, ...) - ffmpeg (unimportant) NOTE: https://trac.ffmpeg.org/ticket/7996 = data/DSA/list = @@ -838,7 +838,7 @@ {CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-11743 CVE-2020-15563 CVE-2020-15564 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567} [buster] - xen 4.11.4+24-gddaaccbbab-1~deb10u1 [08 Jul 2020] DSA-4722-1 ffmpeg - security update - {CVE-2019-13390 CVE-2019-17539 CVE-2019-17542 CVE-2020-12284 CVE-2020-13904 CVE-2020-20902} + {CVE-2019-13390 CVE-2019-17539 CVE-2019-17542 CVE-2020-12284 CVE-2020-13904 CVE-2020-20902 CVE-2020-20448} [buster] - ffmpeg 7:4.1.6-1~deb10u1 [08 Jul 2020] DSA-4721-1 ruby2.5 - security update {CVE-2020-10663 CVE-2020-10933} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a46ee0a59bde0bf60d22b9a9371e51724a96dfdb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a46ee0a59bde0bf60d22b9a9371e51724a96dfdb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7070f868 by security tracker role at 2021-10-19T08:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,43 @@ +CVE-2021-42717 + RESERVED +CVE-2021-42716 + RESERVED +CVE-2021-42715 + RESERVED +CVE-2021-42714 + RESERVED +CVE-2021-42713 + RESERVED +CVE-2021-42712 + RESERVED +CVE-2021-42711 + RESERVED +CVE-2021-42710 + RESERVED +CVE-2021-42709 + RESERVED +CVE-2021-42708 + RESERVED +CVE-2021-42707 + RESERVED +CVE-2021-42706 + RESERVED +CVE-2021-42705 + RESERVED +CVE-2021-42704 + RESERVED +CVE-2021-42703 + RESERVED +CVE-2021-42702 + RESERVED +CVE-2021-42701 + RESERVED +CVE-2021-42700 + RESERVED +CVE-2021-42699 + RESERVED +CVE-2021-42698 + RESERVED CVE-2021-42697 RESERVED CVE-2021-42696 @@ -92,8 +132,8 @@ CVE-2021-42652 RESERVED CVE-2021-42651 RESERVED -CVE-2021-42650 - RESERVED +CVE-2021-42650 (Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9 ...) + TODO: check CVE-2021-42649 RESERVED CVE-2021-42648 @@ -4670,18 +4710,18 @@ CVE-2021-41158 RESERVED CVE-2021-41157 RESERVED -CVE-2021-41156 - RESERVED -CVE-2021-41155 - RESERVED -CVE-2021-41154 - RESERVED -CVE-2021-41153 - RESERVED -CVE-2021-41152 - RESERVED -CVE-2021-41151 - RESERVED +CVE-2021-41156 (anuko/timetracker is an, open source time tracking system. In affected ...) + TODO: check +CVE-2021-41155 (Tuleap is a Free Open Source Suite to improve management of soft ...) + TODO: check +CVE-2021-41154 (Tuleap is a Free Open Source Suite to improve management of soft ...) + TODO: check +CVE-2021-41153 (The evm crate is a pure Rust implementation of Ethereum Virtual Machin ...) + TODO: check +CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, learning, as ...) + TODO: check +CVE-2021-41151 (Backstage is an open platform for building developer portals. In affec ...) + TODO: check CVE-2021-41150 RESERVED CVE-2021-41149 @@ -55645,8 +55685,8 @@ CVE-2021-20838 RESERVED CVE-2021-20837 RESERVED -CVE-2021-20836 - RESERVED +CVE-2021-20836 (Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0 ...) + TODO: check CVE-2021-20835 RESERVED CVE-2021-20834 (Improper authorization in handler for custom URL scheme vulnerability ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7070f8685120efc6f96e36b0025d38b26ce2d905 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7070f8685120efc6f96e36b0025d38b26ce2d905 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2021-20322/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ce9cbe3f by Salvatore Bonaccorso at 2021-10-19T09:04:50+02:00 Update status for CVE-2021-20322/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -56687,7 +56687,8 @@ CVE-2021-20323 RESERVED CVE-2021-20322 [new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies] RESERVED - - linux + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014230 CVE-2021-20321 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce9cbe3fcfee680c21837d382d944346f40420b7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce9cbe3fcfee680c21837d382d944346f40420b7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-20322/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 107ffcf8 by Salvatore Bonaccorso at 2021-10-19T08:55:51+02:00 Add CVE-2021-20322/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -56685,8 +56685,10 @@ CVE-2021-20324 RESERVED CVE-2021-20323 RESERVED -CVE-2021-20322 +CVE-2021-20322 [new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies] RESERVED + - linux + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014230 CVE-2021-20321 RESERVED - linux 5.14.12-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/107ffcf80a7e5fcf5d5f5b4ea4e6c8afda7b50b8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/107ffcf80a7e5fcf5d5f5b4ea4e6c8afda7b50b8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits