[Git][security-tracker-team/security-tracker][master] 2 commits: CVE has been fixed in recent upload
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 35e2546c by Thorsten Alteholz at 2021-10-30T00:51:25+02:00 CVE has been fixed in recent upload - - - - - 418b1389 by Thorsten Alteholz at 2021-10-30T01:14:17+02:00 Reserve DLA-2800-1 for cups - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: = data/CVE/list = @@ -114197,7 +114197,6 @@ CVE-2020-10002 (A logic issue was addressed with improved state management. This CVE-2020-10001 (An input validation issue was addressed with improved memory handling. ...) - cups 2.3.3op2-1 [buster] - cups (Minor issue) - [stretch] - cups (Minor issue) NOTE: https://github.com/OpenPrinting/cups/commit/efbea1742bd30f842fbbfb87a473e5c84f4162f9 (v2.3.3op2) CVE-2020-1 RESERVED = data/DLA/list = @@ -1,3 +1,6 @@ +[30 Oct 2021] DLA-2800-1 cups - security update + {CVE-2020-10001} + [stretch] - cups 2.2.1-8+deb9u7 [29 Oct 2021] DLA-2799-1 opencv - security update {CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-17760 CVE-2017-1000450 CVE-2018-5268 CVE-2018-5269 CVE-2019-14493 CVE-2019-15939} [stretch] - opencv 2.4.9.1+dfsg1-2+deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/75cd1307eae47c4d93954a3884287cd2f602e08c...418b1389d77a38e2e239984009201cc93c15a264 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/75cd1307eae47c4d93954a3884287cd2f602e08c...418b1389d77a38e2e239984009201cc93c15a264 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Drop opencv no-dsa tagged entries which got an update in DLA 2799-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 75cd1307 by Salvatore Bonaccorso at 2021-10-29T23:44:45+02:00 Drop opencv no-dsa tagged entries which got an update in DLA 2799-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14,7 +14,6 @@ CVE-2019-15940 (Victure PC530 devices allow unauthenticated TELNET access as roo CVE-2019-15939 (An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero err ...) - opencv 4.1.2+dfsg-3 [buster] - opencv (Minor issue) - [stretch] - opencv (Minor issue) [jessie] - opencv (Minor issue) NOTE: https://github.com/OpenCV/opencv/issues/15287 NOTE: https://github.com/opencv/opencv/pull/15382 @@ -153716,7 +153715,6 @@ CVE-2019-14493 (An issue was discovered in OpenCV before 4.1.1. There is a NULL [experimental] - opencv 4.1.1+dfsg-1 - opencv 4.1.2+dfsg-3 [buster] - opencv (Minor issue) - [stretch] - opencv (Minor issue) [jessie] - opencv (Minor issue, DoS, PoC not crashing) NOTE: https://github.com/opencv/opencv/issues/15127 NOTE: https://github.com/opencv/opencv/commit/5691d998ead1d9b0542bcfced36c2dceb3a59023 @@ -235940,14 +235938,12 @@ CVE-2018-5269 (In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream: {DLA-1438-1 DLA-1354-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #886675) - [stretch] - opencv (Minor issue) NOTE: https://github.com/opencv/opencv/issues/10540 NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch CVE-2018-5268 (In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDec ...) {DLA-1438-1 DLA-1354-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #886674) - [stretch] - opencv (Minor issue) NOTE: https://github.com/opencv/opencv/issues/10541 NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch CVE-2018-5267 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypa ...) @@ -239596,7 +239592,6 @@ CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniCo {DLA-1438-1 DLA-1235-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #886282) - [stretch] - opencv (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9723 NOTE: https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor NOTE: https://github.com/opencv/opencv/pull/9726 @@ -241122,7 +241117,6 @@ CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readDa {DLA-1438-1 DLA-1235-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #885843) - [stretch] - opencv (Minor issue) NOTE: https://github.com/opencv/opencv/issues/10351 NOTE: https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c CVE-2017-17759 (Conarc iChannel allows remote attackers to obtain sensitive informatio ...) @@ -264294,19 +264288,16 @@ CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumb {DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #875345) - [stretch] - opencv (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9372 CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::re ...) {DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #875344) - [stretch] - opencv (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9371 CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffe ...) {DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #875342) - [stretch] - opencv (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9370 CVE-2017-12861 (The Epson "EasyMP" software is designed to remotely stream a users com ...) NOT-FOR-US: Epson "EasyMP" @@ -265129,25 +265120,21 @@ CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has an {DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) - [stretch] - opencv (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) {DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) -
[Git][security-tracker-team/security-tracker][master] Claim glusterfs in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: f33ba4ae by Markus Koschany at 2021-10-29T23:13:10+02:00 Claim glusterfs in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -47,7 +47,7 @@ firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag -- -glusterfs +glusterfs (Markus Koschany) NOTE: 20211029: 15 CVEs that were fixed in jessie in DLA-1510-1 and DLA-1565-1 NOTE: 20211029: should also be fixed in stretch (bunk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f33ba4ae80965529566769d81efbe43a5828b8a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f33ba4ae80965529566769d81efbe43a5828b8a8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2799-1 for opencv
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: ec140577 by Markus Koschany at 2021-10-29T23:10:09+02:00 Reserve DLA-2799-1 for opencv - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[29 Oct 2021] DLA-2799-1 opencv - security update + {CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-17760 CVE-2017-1000450 CVE-2018-5268 CVE-2018-5269 CVE-2019-14493 CVE-2019-15939} + [stretch] - opencv 2.4.9.1+dfsg1-2+deb9u1 [29 Oct 2021] DLA-2798-1 libdatetime-timezone-perl - new upstream version [stretch] - libdatetime-timezone-perl 1:2.09-1+2021e [29 Oct 2021] DLA-2797-1 tzdata - new upstream version = data/dla-needed.txt = @@ -70,8 +70,6 @@ nvidia-graphics-drivers NOTE: package is in non-free but also in packages-to-support NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077 -- -opencv (Markus Koschany) --- openjdk-8 (Roberto C. Sánchez) -- openssh (Utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec1405779569f04e9f929577cbc49c6fd47c53cd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec1405779569f04e9f929577cbc49c6fd47c53cd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3756/libmysofa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e43eef7e by Salvatore Bonaccorso at 2021-10-29T22:18:55+02:00 Add CVE-2021-3756/libmysofa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7571,7 +7571,9 @@ CVE-2021-3757 (immer is vulnerable to Improperly Controlled Modification of Obje CVE-2021-40331 RESERVED CVE-2021-3756 (libmysofa is vulnerable to Heap-based Buffer Overflow ...) - TODO: check + - libmysofa + NOTE: https://huntr.dev/bounties/7ca8d9ea-e2a6-4294-af28-70260bb53bc1/ + NOTE: https://github.com/hoene/libmysofa/commit/890400ebd092c574707d0c132124f8ff047e20e1 (v1.2.1) CVE-2021-3755 REJECTED CVE-2021-3754 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e43eef7e63197b35f8c2558e9f62902fbfb81b59 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e43eef7e63197b35f8c2558e9f62902fbfb81b59 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-41173/golang-github-go-ethereum
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 41ee9031 by Salvatore Bonaccorso at 2021-10-29T22:18:15+02:00 Add CVE-2021-41173/golang-github-go-ethereum - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5566,7 +5566,7 @@ CVE-2021-41175 (Pi-hole's Web interface (based on AdminLTE) provides a central l CVE-2021-41174 RESERVED CVE-2021-41173 (Go Ethereum is the official Golang implementation of the Ethereum prot ...) - TODO: check + - golang-github-go-ethereum (bug #890541) CVE-2021-41172 (AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for ...) NOT-FOR-US: AntSword plugin for Redis CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for research ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41ee90316e51527471ce193409df6bd06ae6ca29 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41ee90316e51527471ce193409df6bd06ae6ca29 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b9db915d by Salvatore Bonaccorso at 2021-10-29T22:17:29+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3969,7 +3969,7 @@ CVE-2021-41876 CVE-2021-41875 RESERVED CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of Portain ...) - TODO: check + NOT-FOR-US: Portainer CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...) NOT-FOR-US: Penguin Aurora TV Box 41502 CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of s ...) @@ -4297,11 +4297,11 @@ CVE-2021-41750 CVE-2021-41749 RESERVED CVE-2021-41748 (An Incorrect Access Control issue exists in all versions of Portainer. ...) - TODO: check + NOT-FOR-US: Portainer CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...) NOT-FOR-US: Csdn APP CVE-2021-41746 (SQL Injection vulnerability exists in all versions of Yonyou TurboCRM. ...) - TODO: check + NOT-FOR-US: Yonyou TurboCRM CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can us ...) NOT-FOR-US: ShowDoc CVE-2021-41744 (All versions of yongyou PLM are affected by a command injection issue. ...) @@ -4445,11 +4445,11 @@ CVE-2021-41678 CVE-2021-41677 RESERVED CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point o ...) - TODO: check + NOT-FOR-US: oretnom23 Pharmacy Point of Sale System CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E- ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester E-Negosyo Syst ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-41673 RESERVED CVE-2021-41672 @@ -4505,13 +4505,13 @@ CVE-2021-41648 (An un-authenticated SQL Injection exists in PuneethReddyHC onlin CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL injection vul ...) NOT-FOR-US: Kaushik Jadhav Online Food Ordering Web App CVE-2021-41646 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Onl ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-41645 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Bud ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-41644 (Remote Code Exection (RCE) vulnerability exists in Sourcecodester Onli ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-41643 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Chu ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-41642 RESERVED CVE-2021-41641 @@ -5527,7 +5527,7 @@ CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasin CVE-2021-41190 RESERVED CVE-2021-41189 (DSpace is an open source turnkey repository application. In version 7. ...) - TODO: check + NOT-FOR-US: DSpace CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...) NOT-FOR-US: Shopware CVE-2021-41187 @@ -10341,7 +10341,7 @@ CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). Prior CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A path trave ...) NOT-FOR-US: OpenOLAT CVE-2021-39179 (DHIS 2 is an information system for data capture, management, validati ...) - TODO: check + NOT-FOR-US: DHIS 2 CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between 10.0.0 and 1 ...) NOT-FOR-US: next.js CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...) @@ -14631,7 +14631,7 @@ CVE-2021-37404 CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive Authent ...) NOT-FOR-US: firefly-iii CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to ...) - TODO: check + NOT-FOR-US: HP CVE-2021-3661 RESERVED CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...) @@ -19726,11 +19726,11 @@ CVE-2021-35239 (A security researcher found a user with Orion map manage rights CVE-2021-35238 (User with Orion Platform Admin Rights could store XSS through URL POST ...) NOT-FOR-US: Solarwinds CVE-2021-35237 (A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left ...) - TODO: check + NOT-FOR-US: Kiwi Syslog Server CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7 ...) NOT-FOR-US: SolarWinds CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 898e84b3 by security tracker role at 2021-10-29T20:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3968,8 +3968,8 @@ CVE-2021-41876 RESERVED CVE-2021-41875 RESERVED -CVE-2021-41874 - RESERVED +CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of Portain ...) + TODO: check CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...) NOT-FOR-US: Penguin Aurora TV Box 41502 CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of s ...) @@ -4296,12 +4296,12 @@ CVE-2021-41750 RESERVED CVE-2021-41749 RESERVED -CVE-2021-41748 - RESERVED +CVE-2021-41748 (An Incorrect Access Control issue exists in all versions of Portainer. ...) + TODO: check CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...) NOT-FOR-US: Csdn APP -CVE-2021-41746 - RESERVED +CVE-2021-41746 (SQL Injection vulnerability exists in all versions of Yonyou TurboCRM. ...) + TODO: check CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can us ...) NOT-FOR-US: ShowDoc CVE-2021-41744 (All versions of yongyou PLM are affected by a command injection issue. ...) @@ -,12 +,12 @@ CVE-2021-41678 RESERVED CVE-2021-41677 RESERVED -CVE-2021-41676 - RESERVED -CVE-2021-41675 - RESERVED -CVE-2021-41674 - RESERVED +CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point o ...) + TODO: check +CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E- ...) + TODO: check +CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester E-Negosyo Syst ...) + TODO: check CVE-2021-41673 RESERVED CVE-2021-41672 @@ -4504,14 +4504,14 @@ CVE-2021-41648 (An un-authenticated SQL Injection exists in PuneethReddyHC onlin NOT-FOR-US: PuneethReddyHC online-shopping-system CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL injection vul ...) NOT-FOR-US: Kaushik Jadhav Online Food Ordering Web App -CVE-2021-41646 - RESERVED -CVE-2021-41645 - RESERVED -CVE-2021-41644 - RESERVED -CVE-2021-41643 - RESERVED +CVE-2021-41646 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Onl ...) + TODO: check +CVE-2021-41645 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Bud ...) + TODO: check +CVE-2021-41644 (Remote Code Exection (RCE) vulnerability exists in Sourcecodester Onli ...) + TODO: check +CVE-2021-41643 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Chu ...) + TODO: check CVE-2021-41642 RESERVED CVE-2021-41641 @@ -5526,14 +5526,14 @@ CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasin NOT-FOR-US: Roblox-Purchasing-Hub CVE-2021-41190 RESERVED -CVE-2021-41189 - RESERVED +CVE-2021-41189 (DSpace is an open source turnkey repository application. In version 7. ...) + TODO: check CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...) NOT-FOR-US: Shopware CVE-2021-41187 RESERVED -CVE-2021-41186 - RESERVED +CVE-2021-41186 (Fluentd collects events from various data sources and writes them to f ...) + TODO: check CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An exploi ...) NOT-FOR-US: Mycodo CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) @@ -7570,8 +7570,8 @@ CVE-2021-3757 (immer is vulnerable to Improperly Controlled Modification of Obje NOTE: https://github.com/immerjs/immer CVE-2021-40331 RESERVED -CVE-2021-3756 - RESERVED +CVE-2021-3756 (libmysofa is vulnerable to Heap-based Buffer Overflow ...) + TODO: check CVE-2021-3755 REJECTED CVE-2021-3754 @@ -10340,8 +10340,8 @@ CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). Prior NOT-FOR-US: OpenOlat CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A path trave ...) NOT-FOR-US: OpenOLAT -CVE-2021-39179 - RESERVED +CVE-2021-39179 (DHIS 2 is an information system for data capture, management, validati ...) + TODO: check CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between 10.0.0 and 1 ...) NOT-FOR-US: next.js CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...) @@ -14630,8 +14630,8 @@ CVE-2021-37404 RESERVED CVE-2021-3663 (firefly-iii is vulnerable to Improper
[Git][security-tracker-team/security-tracker][master] Add tracking bug for several libxstream-java issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 687a92c1 by Salvatore Bonaccorso at 2021-10-29T22:02:19+02:00 Add tracking bug for several libxstream-java issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10397,57 +10397,57 @@ CVE-2021-39155 (Istio is an open source platform for providing a uniform way to NOT-FOR-US: Istio CVE-2021-39154 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - - libxstream-java 1.4.18-1 + - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68 NOTE: https://x-stream.github.io/CVE-2021-39154.html CVE-2021-39153 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - - libxstream-java 1.4.18-1 + - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v NOTE: https://x-stream.github.io/CVE-2021-39153.html CVE-2021-39152 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - - libxstream-java 1.4.18-1 + - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2 NOTE: https://x-stream.github.io/CVE-2021-39152.html CVE-2021-39151 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - - libxstream-java 1.4.18-1 + - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4 NOTE: https://x-stream.github.io/CVE-2021-39151.html CVE-2021-39150 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - - libxstream-java 1.4.18-1 + - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp NOTE: https://x-stream.github.io/CVE-2021-39150.html CVE-2021-39149 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - - libxstream-java 1.4.18-1 + - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x NOTE: https://x-stream.github.io/CVE-2021-39149.html CVE-2021-39148 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - - libxstream-java 1.4.18-1 + - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2 NOTE: https://x-stream.github.io/CVE-2021-39148.html CVE-2021-39147 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - - libxstream-java 1.4.18-1 + - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc NOTE: https://x-stream.github.io/CVE-2021-39147.html CVE-2021-39146 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - - libxstream-java 1.4.18-1 + - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f NOTE: https://x-stream.github.io/CVE-2021-39146.html CVE-2021-39145 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - - libxstream-java 1.4.18-1 + - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v NOTE: https://x-stream.github.io/CVE-2021-39145.html CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - - libxstream-java 1.4.18-1 + - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh NOTE: https://x-stream.github.io/CVE-2021-39144.html CVE-2021-39143 @@ -10456,17 +10456,17 @@ CVE-2021-39142 RESERVED CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - - libxstream-java 1.4.18-1 + - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2 NOTE: https://x-stream.github.io/CVE-2021-39141.html CVE-2021-39140 (XStream is a simple library to serialize objects to XML and back again ...) {DLA-2769-1} - - libxstream-java 1.4.18-1 + - libxstream-java 1.4.18-1 (bug #998054) NOTE:
[Git][security-tracker-team/security-tracker][master] Take libgit2
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 40a07004 by Utkarsh Gupta at 2021-10-29T23:28:58+05:30 Take libgit2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -53,10 +53,12 @@ glusterfs -- gpac (Roberto C. Sánchez) -- -libgit2 +libgit2 (Utkarsh) NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed NOTE: 20211029: for jessie in DLA-1477-1 and should also be fixed in stretch NOTE: 20211029: 4 other CVEs might also be worth fixing (bunk) + NOTE: 20211029: taking this with my maintainer hat on; will investigate + NOTE: 20211029: and TAL later next week. (utkarsh) -- linux (Ben Hutchings) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40a070042b9aa7d7a8f558e1a5d063c3b3b6a19b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40a070042b9aa7d7a8f558e1a5d063c3b3b6a19b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: retake firefox-esr and thunderbird
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 12ed4e25 by Emilio Pozuelo Monfort at 2021-10-29T12:41:56+02:00 lts: retake firefox-esr and thunderbird Working on ESR 91 toolchain updates. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -41,7 +41,7 @@ ffmpeg (Anton Gladky) NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/ffmpeg NOTE: ffmpeg 3.2.16 has been released -- -firefox-esr +firefox-esr (Emilio) -- firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree @@ -103,5 +103,5 @@ salt (Markus Koschany) NOTE: 20210607: new CVE patch proposed by damien; donfede to provide a debdiff. (utkarsh) NOTE: 20210816: will test the provided debdiff; needs testing as regression spotted. (utkarsh) -- -thunderbird +thunderbird (Emilio) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ed4e259c2703791c10b1a781752cf338b3e2f3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ed4e259c2703791c10b1a781752cf338b3e2f3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: add glusterfs
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 62ab5921 by Adrian Bunk at 2021-10-29T13:38:52+03:00 dla: add glusterfs - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -47,6 +47,10 @@ firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag -- +glusterfs + NOTE: 20211029: 15 CVEs that were fixed in jessie in DLA-1510-1 and DLA-1565-1 + NOTE: 20211029: should also be fixed in stretch (bunk) +-- gpac (Roberto C. Sánchez) -- libgit2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62ab5921a332bf33ac72e1803330191090f90195 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62ab5921a332bf33ac72e1803330191090f90195 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: add libgit2
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 47462f1e by Adrian Bunk at 2021-10-29T13:13:14+03:00 dla: add libgit2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -49,6 +49,11 @@ firmware-nonfree -- gpac (Roberto C. Sánchez) -- +libgit2 + NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed + NOTE: 20211029: for jessie in DLA-1477-1 and should also be fixed in stretch + NOTE: 20211029: 4 other CVEs might also be worth fixing (bunk) +-- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47462f1ed63afcde12ebe516fe3e7e8b9508f44d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47462f1ed63afcde12ebe516fe3e7e8b9508f44d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2798-1 for libdatetime-timezone-perl
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 25c3aa56 by Emilio Pozuelo Monfort at 2021-10-29T11:58:10+02:00 Reserve DLA-2798-1 for libdatetime-timezone-perl - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[29 Oct 2021] DLA-2798-1 libdatetime-timezone-perl - new upstream version + [stretch] - libdatetime-timezone-perl 1:2.09-1+2021e [29 Oct 2021] DLA-2797-1 tzdata - new upstream version [stretch] - tzdata 2021a-0+deb9u2 [29 Oct 2021] DLA-2796-1 jbig2dec - security update = data/dla-needed.txt = @@ -49,8 +49,6 @@ firmware-nonfree -- gpac (Roberto C. Sánchez) -- -libdatetime-timezone-perl (Emilio) --- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25c3aa566ba5ec8b6c7932dfa5b9375a53d25161 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25c3aa566ba5ec8b6c7932dfa5b9375a53d25161 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2797-1 for tzdata
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 0095854e by Emilio Pozuelo Monfort at 2021-10-29T11:52:26+02:00 Reserve DLA-2797-1 for tzdata - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[29 Oct 2021] DLA-2797-1 tzdata - new upstream version + [stretch] - tzdata 2021a-0+deb9u2 [29 Oct 2021] DLA-2796-1 jbig2dec - security update {CVE-2017-9216 CVE-2020-12268} [stretch] - jbig2dec 0.13-4.1+deb9u1 = data/dla-needed.txt = @@ -98,5 +98,3 @@ salt (Markus Koschany) -- thunderbird -- -tzdata (Emilio) --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0095854e786bbfd865da75fb87ff3987df25b7b3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0095854e786bbfd865da75fb87ff3987df25b7b3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-40348 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 38dc75e0 by Salvatore Bonaccorso at 2021-10-29T10:45:56+02:00 Mark CVE-2021-40348 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7518,6 +7518,7 @@ CVE-2021-40349 (e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal att NOT-FOR-US: e7d Speed Test CVE-2021-40348 RESERVED + NOT-FOR-US: Uyuni / Spacewalk (Red Hat) CVE-2021-40347 (An issue was discovered in views/list.py in GNU Mailman Postorius befo ...) {DSA-4970-1} - postorius 1.3.5-1 (bug #993746) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38dc75e04ff7af32a5b5e1830f3101ebc262de5a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38dc75e04ff7af32a5b5e1830f3101ebc262de5a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-23052/mahara
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a903cec8 by Salvatore Bonaccorso at 2021-10-29T10:26:23+02:00 Add CVE-2020-23052/mahara - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -80863,7 +80863,7 @@ CVE-2020-23054 (A cross-site scripting (XSS) vulnerability in NSK User Agent Str CVE-2020-23053 RESERVED CVE-2020-23052 (Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple ...) - TODO: check + - mahara CVE-2020-23051 (Phpgurukul User Registration User Management System v2.0 was dis ...) NOT-FOR-US: Phpgurukul User Registration & User Management System CVE-2020-23050 (TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to cont ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a903cec8a90a0a2deef36399ffb0259c4702b620 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a903cec8a90a0a2deef36399ffb0259c4702b620 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3655{0,1}/tikiwiki
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1bd9e08e by Salvatore Bonaccorso at 2021-10-29T10:25:36+02:00 Add CVE-2021-3655{0,1}/tikiwiki - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16616,9 +16616,9 @@ CVE-2021-36553 CVE-2021-36552 RESERVED CVE-2021-36551 (TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) ...) - TODO: check + - tikiwiki CVE-2021-36550 (TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) ...) - TODO: check + - tikiwiki CVE-2021-36549 RESERVED CVE-2021-36548 (A remote code execution (RCE) vulnerability in the component /admin/in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bd9e08e50febc730b78b652983f31f79d05836d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bd9e08e50febc730b78b652983f31f79d05836d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b7cf610b by Salvatore Bonaccorso at 2021-10-29T10:23:58+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16622,9 +16622,9 @@ CVE-2021-36550 (TikiWiki v21.4 was discovered to contain a cross-site scripting CVE-2021-36549 RESERVED CVE-2021-36548 (A remote code execution (RCE) vulnerability in the component /admin/in ...) - TODO: check + NOT-FOR-US: Monstra CMS CVE-2021-36547 (A remote code execution (RCE) vulnerability in the component /codebase ...) - TODO: check + NOT-FOR-US: Mara CMS CVE-2021-36546 RESERVED CVE-2021-36545 @@ -65395,9 +65395,9 @@ CVE-2021-1118 CVE-2021-1117 (Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy ...) TODO: check CVE-2021-1116 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2021-1115 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2021-1114 (NVIDIA Linux kernel distributions contain a vulnerability in the kerne ...) NOT-FOR-US: NVIDIA CVE-2021-1113 (NVIDIA camera firmware contains a vulnerability where an unauthorized ...) @@ -7,7 +7,7 @@ CVE-2020-25424 CVE-2020-25423 RESERVED CVE-2020-25422 (A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS ...) - TODO: check + NOT-FOR-US: Mara CMS CVE-2020-25421 RESERVED CVE-2020-25420 @@ -79797,13 +79797,13 @@ CVE-2020-23551 CVE-2020-23550 RESERVED CVE-2020-23549 (IrfanView 4.54 allows attackers to cause a denial of service or possib ...) - TODO: check + NOT-FOR-US: IrfanView CVE-2020-23548 RESERVED CVE-2020-23547 RESERVED CVE-2020-23546 (IrfanView 4.54 allows attackers to cause a denial of service or possib ...) - TODO: check + NOT-FOR-US: IrfanView CVE-2020-23545 RESERVED CVE-2020-23544 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7cf610b31bdeed469cf9ff71a9a788eb806d580 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7cf610b31bdeed469cf9ff71a9a788eb806d580 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2065cb1a by security tracker role at 2021-10-29T08:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,43 @@ +CVE-2021-43081 + RESERVED +CVE-2021-43080 + RESERVED +CVE-2021-43079 + RESERVED +CVE-2021-43078 + RESERVED +CVE-2021-43077 + RESERVED +CVE-2021-43076 + RESERVED +CVE-2021-43075 + RESERVED +CVE-2021-43074 + RESERVED +CVE-2021-43073 + RESERVED +CVE-2021-43072 + RESERVED +CVE-2021-43071 + RESERVED +CVE-2021-43070 + RESERVED +CVE-2021-43069 + RESERVED +CVE-2021-43068 + RESERVED +CVE-2021-43067 + RESERVED +CVE-2021-43066 + RESERVED +CVE-2021-43065 + RESERVED +CVE-2021-43064 + RESERVED +CVE-2021-43063 + RESERVED +CVE-2021-43062 + RESERVED CVE-2022-20621 RESERVED CVE-2022-20620 @@ -683,6 +723,7 @@ CVE-2021-42764 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 202 CVE-2021-42763 RESERVED CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allow ...) + {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 @@ -5475,8 +5516,8 @@ CVE-2021-41196 RESERVED CVE-2021-41195 RESERVED -CVE-2021-41194 - RESERVED +CVE-2021-41194 (FirstUseAuthenticator is a JupyterHub authenticator that helps new use ...) + TODO: check CVE-2021-41193 RESERVED CVE-2021-41192 @@ -16574,16 +16615,16 @@ CVE-2021-36553 RESERVED CVE-2021-36552 RESERVED -CVE-2021-36551 - RESERVED -CVE-2021-36550 - RESERVED +CVE-2021-36551 (TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) ...) + TODO: check +CVE-2021-36550 (TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) ...) + TODO: check CVE-2021-36549 RESERVED -CVE-2021-36548 - RESERVED -CVE-2021-36547 - RESERVED +CVE-2021-36548 (A remote code execution (RCE) vulnerability in the component /admin/in ...) + TODO: check +CVE-2021-36547 (A remote code execution (RCE) vulnerability in the component /codebase ...) + TODO: check CVE-2021-36546 RESERVED CVE-2021-36545 @@ -30462,6 +30503,7 @@ CVE-2021-30853 (This issue was addressed with improved checks. This issue is fix CVE-2021-30852 (A type confusion issue was addressed with improved memory handling. Th ...) TODO: check CVE-2021-30851 (A memory corruption vulnerability was addressed with improved locking. ...) + {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 @@ -30485,6 +30527,7 @@ CVE-2021-30848 (A memory corruption issue was addressed with improved memory han CVE-2021-30847 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30846 (A memory corruption issue was addressed with improved memory handling. ...) + {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 @@ -43604,8 +43647,7 @@ CVE-2021-25744 RESERVED CVE-2021-25743 RESERVED -CVE-2021-25742 - RESERVED +CVE-2021-25742 (A security issue was discovered in ingress-nginx where a user that can ...) NOT-FOR-US: Kubernetes ingress-nginx component CVE-2021-25741 (A security issue was discovered in Kubernetes where a user may be able ...) - kubernetes @@ -44900,6 +44942,7 @@ CVE-2021-25221 CVE-2021-25220 RESERVED CVE-2021-25219 (In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3- ...) + {DSA-4994-1} - bind9 1:9.17.19-1 NOTE: https://kb.isc.org/docs/cve-2021-25219 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8fe18c0566c41228a568157287f5a44f96d37662 (v9_16_22) @@ -79753,14 +79796,14 @@ CVE-2020-23551 RESERVED CVE-2020-23550 RESERVED -CVE-2020-23549 - RESERVED +CVE-2020-23549 (IrfanView 4.54 allows attackers to cause a denial of service or possib ...) + TODO: check CVE-2020-23548 RESERVED CVE-2020-23547 RESERVED -CVE-2020-23546 - RESERVED +CVE-2020-23546 (IrfanView 4.54 allows attackers to cause a denial of service or possib ...) + TODO: check CVE-2020-23545 RESERVED CVE-2020-23544 @@ -106216,6 +106259,7 @@ CVE-2020-12270 (** DISPUTED ** React Native Bluetooth Scan in Bluezone 1.0.0 use CVE-2020-12269 RESERVED CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 h ...) + {DLA-2796-1}
[Git][security-tracker-team/security-tracker][master] lts: take tzdata and libdatetime-timezone-perl
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: cc2c1b73 by Emilio Pozuelo Monfort at 2021-10-29T10:01:05+02:00 lts: take tzdata and libdatetime-timezone-perl - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -49,6 +49,8 @@ firmware-nonfree -- gpac (Roberto C. Sánchez) -- +libdatetime-timezone-perl (Emilio) +-- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) @@ -96,3 +98,5 @@ salt (Markus Koschany) -- thunderbird -- +tzdata (Emilio) +-- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc2c1b73b875895472a408ad751d2c41c65c83c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc2c1b73b875895472a408ad751d2c41c65c83c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add another round of chromium CVEs (fixed in 95.0.4638.69)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2c0ff417 by Salvatore Bonaccorso at 2021-10-29T09:20:16+02:00 Add another round of chromium CVEs (fixed in 95.0.4638.69) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13153,18 +13153,32 @@ CVE-2021-38004 RESERVED CVE-2021-38003 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-38002 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-38001 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-38000 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37999 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37998 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37997 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37996 RESERVED - chromium View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c0ff417a3bd7ee4440a743614b32fe93a70619f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c0ff417a3bd7ee4440a743614b32fe93a70619f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3892/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2bbaf12d by Salvatore Bonaccorso at 2021-10-29T08:58:25+02:00 Add CVE-2021-3892/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1145,8 +1145,10 @@ CVE-2021-42555 RESERVED CVE-2021-42554 RESERVED -CVE-2021-3892 +CVE-2021-3892 [memory leak in fib6_rule_suppress could result in DoS] RESERVED + - linux + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014623 CVE-2021-26247 RESERVED CVE-2021-23225 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bbaf12d42482a6047ef6099600631eccec3a99b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bbaf12d42482a6047ef6099600631eccec3a99b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits