[Git][security-tracker-team/security-tracker][master] 2 commits: CVE has been fixed in recent upload
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
35e2546c by Thorsten Alteholz at 2021-10-30T00:51:25+02:00
CVE has been fixed in recent upload
- - - - -
418b1389 by Thorsten Alteholz at 2021-10-30T01:14:17+02:00
Reserve DLA-2800-1 for cups
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=
data/CVE/list
=
@@ -114197,7 +114197,6 @@ CVE-2020-10002 (A logic issue was addressed with
improved state management. This
CVE-2020-10001 (An input validation issue was addressed with improved memory
handling. ...)
- cups 2.3.3op2-1
[buster] - cups (Minor issue)
- [stretch] - cups (Minor issue)
NOTE:
https://github.com/OpenPrinting/cups/commit/efbea1742bd30f842fbbfb87a473e5c84f4162f9
(v2.3.3op2)
CVE-2020-1
RESERVED
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[30 Oct 2021] DLA-2800-1 cups - security update
+ {CVE-2020-10001}
+ [stretch] - cups 2.2.1-8+deb9u7
[29 Oct 2021] DLA-2799-1 opencv - security update
{CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599
CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606
CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-17760 CVE-2017-1000450
CVE-2018-5268 CVE-2018-5269 CVE-2019-14493 CVE-2019-15939}
[stretch] - opencv 2.4.9.1+dfsg1-2+deb9u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/75cd1307eae47c4d93954a3884287cd2f602e08c...418b1389d77a38e2e239984009201cc93c15a264
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/75cd1307eae47c4d93954a3884287cd2f602e08c...418b1389d77a38e2e239984009201cc93c15a264
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Drop opencv no-dsa tagged entries which got an update in DLA 2799-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
75cd1307 by Salvatore Bonaccorso at 2021-10-29T23:44:45+02:00
Drop opencv no-dsa tagged entries which got an update in DLA 2799-1
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -14,7 +14,6 @@ CVE-2019-15940 (Victure PC530 devices allow
unauthenticated TELNET access as roo
CVE-2019-15939 (An issue was discovered in OpenCV 4.1.0. There is a
divide-by-zero err ...)
- opencv 4.1.2+dfsg-3
[buster] - opencv (Minor issue)
- [stretch] - opencv (Minor issue)
[jessie] - opencv (Minor issue)
NOTE: https://github.com/OpenCV/opencv/issues/15287
NOTE: https://github.com/opencv/opencv/pull/15382
@@ -153716,7 +153715,6 @@ CVE-2019-14493 (An issue was discovered in OpenCV
before 4.1.1. There is a NULL
[experimental] - opencv 4.1.1+dfsg-1
- opencv 4.1.2+dfsg-3
[buster] - opencv (Minor issue)
- [stretch] - opencv (Minor issue)
[jessie] - opencv (Minor issue, DoS, PoC not crashing)
NOTE: https://github.com/opencv/opencv/issues/15127
NOTE:
https://github.com/opencv/opencv/commit/5691d998ead1d9b0542bcfced36c2dceb3a59023
@@ -235940,14 +235938,12 @@ CVE-2018-5269 (In OpenCV 3.3.1, an assertion
failure happens in cv::RBaseStream:
{DLA-1438-1 DLA-1354-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #886675)
- [stretch] - opencv (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10540
NOTE: 2.4 backport:
https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
CVE-2018-5268 (In OpenCV 3.3.1, a heap-based buffer overflow happens in
cv::Jpeg2KDec ...)
{DLA-1438-1 DLA-1354-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #886674)
- [stretch] - opencv (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10541
NOTE: 2.4 backport:
https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
CVE-2018-5267 (Cobham Sea Tel 121 build 222701 devices allow remote attackers
to bypa ...)
@@ -239596,7 +239592,6 @@ CVE-2017-1000450 (In
opencv/modules/imgcodecs/src/utils.cpp, functions FillUniCo
{DLA-1438-1 DLA-1235-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #886282)
- [stretch] - opencv (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9723
NOTE:
https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor
NOTE: https://github.com/opencv/opencv/pull/9726
@@ -241122,7 +241117,6 @@ CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in
the cv::PxMDecoder::readDa
{DLA-1438-1 DLA-1235-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #885843)
- [stretch] - opencv (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10351
NOTE:
https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c
CVE-2017-17759 (Conarc iChannel allows remote attackers to obtain sensitive
informatio ...)
@@ -264294,19 +264288,16 @@ CVE-2017-12864 (In
opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumb
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #875345)
- [stretch] - opencv (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9372
CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function
PxMDecoder::re ...)
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #875344)
- [stretch] - opencv (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9371
CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer
AutoBuffe ...)
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #875342)
- [stretch] - opencv (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9370
CVE-2017-12861 (The Epson "EasyMP" software is designed to remotely stream a
users com ...)
NOT-FOR-US: Epson "EasyMP"
@@ -265129,25 +265120,21 @@ CVE-2017-12606 (OpenCV (Open Source Computer Vision
Library) through 3.3 has an
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
- [stretch] - opencv (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has
an out-of ...)
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
-
[Git][security-tracker-team/security-tracker][master] Claim glusterfs in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: f33ba4ae by Markus Koschany at 2021-10-29T23:13:10+02:00 Claim glusterfs in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -47,7 +47,7 @@ firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag -- -glusterfs +glusterfs (Markus Koschany) NOTE: 20211029: 15 CVEs that were fixed in jessie in DLA-1510-1 and DLA-1565-1 NOTE: 20211029: should also be fixed in stretch (bunk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f33ba4ae80965529566769d81efbe43a5828b8a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f33ba4ae80965529566769d81efbe43a5828b8a8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2799-1 for opencv
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ec140577 by Markus Koschany at 2021-10-29T23:10:09+02:00
Reserve DLA-2799-1 for opencv
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[29 Oct 2021] DLA-2799-1 opencv - security update
+ {CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599
CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606
CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-17760 CVE-2017-1000450
CVE-2018-5268 CVE-2018-5269 CVE-2019-14493 CVE-2019-15939}
+ [stretch] - opencv 2.4.9.1+dfsg1-2+deb9u1
[29 Oct 2021] DLA-2798-1 libdatetime-timezone-perl - new upstream version
[stretch] - libdatetime-timezone-perl 1:2.09-1+2021e
[29 Oct 2021] DLA-2797-1 tzdata - new upstream version
=
data/dla-needed.txt
=
@@ -70,8 +70,6 @@ nvidia-graphics-drivers
NOTE: package is in non-free but also in packages-to-support
NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in
Stretch, no fix available for CVE-2021-1077
--
-opencv (Markus Koschany)
---
openjdk-8 (Roberto C. Sánchez)
--
openssh (Utkarsh)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec1405779569f04e9f929577cbc49c6fd47c53cd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec1405779569f04e9f929577cbc49c6fd47c53cd
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3756/libmysofa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e43eef7e by Salvatore Bonaccorso at 2021-10-29T22:18:55+02:00 Add CVE-2021-3756/libmysofa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7571,7 +7571,9 @@ CVE-2021-3757 (immer is vulnerable to Improperly Controlled Modification of Obje CVE-2021-40331 RESERVED CVE-2021-3756 (libmysofa is vulnerable to Heap-based Buffer Overflow ...) - TODO: check + - libmysofa + NOTE: https://huntr.dev/bounties/7ca8d9ea-e2a6-4294-af28-70260bb53bc1/ + NOTE: https://github.com/hoene/libmysofa/commit/890400ebd092c574707d0c132124f8ff047e20e1 (v1.2.1) CVE-2021-3755 REJECTED CVE-2021-3754 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e43eef7e63197b35f8c2558e9f62902fbfb81b59 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e43eef7e63197b35f8c2558e9f62902fbfb81b59 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-41173/golang-github-go-ethereum
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 41ee9031 by Salvatore Bonaccorso at 2021-10-29T22:18:15+02:00 Add CVE-2021-41173/golang-github-go-ethereum - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5566,7 +5566,7 @@ CVE-2021-41175 (Pi-hole's Web interface (based on AdminLTE) provides a central l CVE-2021-41174 RESERVED CVE-2021-41173 (Go Ethereum is the official Golang implementation of the Ethereum prot ...) - TODO: check + - golang-github-go-ethereum (bug #890541) CVE-2021-41172 (AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for ...) NOT-FOR-US: AntSword plugin for Redis CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for research ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41ee90316e51527471ce193409df6bd06ae6ca29 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41ee90316e51527471ce193409df6bd06ae6ca29 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b9db915d by Salvatore Bonaccorso at 2021-10-29T22:17:29+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3969,7 +3969,7 @@ CVE-2021-41876 CVE-2021-41875 RESERVED CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of Portain ...) - TODO: check + NOT-FOR-US: Portainer CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...) NOT-FOR-US: Penguin Aurora TV Box 41502 CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of s ...) @@ -4297,11 +4297,11 @@ CVE-2021-41750 CVE-2021-41749 RESERVED CVE-2021-41748 (An Incorrect Access Control issue exists in all versions of Portainer. ...) - TODO: check + NOT-FOR-US: Portainer CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...) NOT-FOR-US: Csdn APP CVE-2021-41746 (SQL Injection vulnerability exists in all versions of Yonyou TurboCRM. ...) - TODO: check + NOT-FOR-US: Yonyou TurboCRM CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can us ...) NOT-FOR-US: ShowDoc CVE-2021-41744 (All versions of yongyou PLM are affected by a command injection issue. ...) @@ -4445,11 +4445,11 @@ CVE-2021-41678 CVE-2021-41677 RESERVED CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point o ...) - TODO: check + NOT-FOR-US: oretnom23 Pharmacy Point of Sale System CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E- ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester E-Negosyo Syst ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-41673 RESERVED CVE-2021-41672 @@ -4505,13 +4505,13 @@ CVE-2021-41648 (An un-authenticated SQL Injection exists in PuneethReddyHC onlin CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL injection vul ...) NOT-FOR-US: Kaushik Jadhav Online Food Ordering Web App CVE-2021-41646 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Onl ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-41645 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Bud ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-41644 (Remote Code Exection (RCE) vulnerability exists in Sourcecodester Onli ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-41643 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Chu ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-41642 RESERVED CVE-2021-41641 @@ -5527,7 +5527,7 @@ CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasin CVE-2021-41190 RESERVED CVE-2021-41189 (DSpace is an open source turnkey repository application. In version 7. ...) - TODO: check + NOT-FOR-US: DSpace CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...) NOT-FOR-US: Shopware CVE-2021-41187 @@ -10341,7 +10341,7 @@ CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). Prior CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A path trave ...) NOT-FOR-US: OpenOLAT CVE-2021-39179 (DHIS 2 is an information system for data capture, management, validati ...) - TODO: check + NOT-FOR-US: DHIS 2 CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between 10.0.0 and 1 ...) NOT-FOR-US: next.js CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...) @@ -14631,7 +14631,7 @@ CVE-2021-37404 CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive Authent ...) NOT-FOR-US: firefly-iii CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to ...) - TODO: check + NOT-FOR-US: HP CVE-2021-3661 RESERVED CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...) @@ -19726,11 +19726,11 @@ CVE-2021-35239 (A security researcher found a user with Orion map manage rights CVE-2021-35238 (User with Orion Platform Admin Rights could store XSS through URL POST ...) NOT-FOR-US: Solarwinds CVE-2021-35237 (A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left ...) - TODO: check + NOT-FOR-US: Kiwi Syslog Server CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7 ...) NOT-FOR-US: SolarWinds CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 898e84b3 by security tracker role at 2021-10-29T20:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3968,8 +3968,8 @@ CVE-2021-41876 RESERVED CVE-2021-41875 RESERVED -CVE-2021-41874 - RESERVED +CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of Portain ...) + TODO: check CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...) NOT-FOR-US: Penguin Aurora TV Box 41502 CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of s ...) @@ -4296,12 +4296,12 @@ CVE-2021-41750 RESERVED CVE-2021-41749 RESERVED -CVE-2021-41748 - RESERVED +CVE-2021-41748 (An Incorrect Access Control issue exists in all versions of Portainer. ...) + TODO: check CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...) NOT-FOR-US: Csdn APP -CVE-2021-41746 - RESERVED +CVE-2021-41746 (SQL Injection vulnerability exists in all versions of Yonyou TurboCRM. ...) + TODO: check CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can us ...) NOT-FOR-US: ShowDoc CVE-2021-41744 (All versions of yongyou PLM are affected by a command injection issue. ...) @@ -,12 +,12 @@ CVE-2021-41678 RESERVED CVE-2021-41677 RESERVED -CVE-2021-41676 - RESERVED -CVE-2021-41675 - RESERVED -CVE-2021-41674 - RESERVED +CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point o ...) + TODO: check +CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E- ...) + TODO: check +CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester E-Negosyo Syst ...) + TODO: check CVE-2021-41673 RESERVED CVE-2021-41672 @@ -4504,14 +4504,14 @@ CVE-2021-41648 (An un-authenticated SQL Injection exists in PuneethReddyHC onlin NOT-FOR-US: PuneethReddyHC online-shopping-system CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL injection vul ...) NOT-FOR-US: Kaushik Jadhav Online Food Ordering Web App -CVE-2021-41646 - RESERVED -CVE-2021-41645 - RESERVED -CVE-2021-41644 - RESERVED -CVE-2021-41643 - RESERVED +CVE-2021-41646 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Onl ...) + TODO: check +CVE-2021-41645 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Bud ...) + TODO: check +CVE-2021-41644 (Remote Code Exection (RCE) vulnerability exists in Sourcecodester Onli ...) + TODO: check +CVE-2021-41643 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Chu ...) + TODO: check CVE-2021-41642 RESERVED CVE-2021-41641 @@ -5526,14 +5526,14 @@ CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasin NOT-FOR-US: Roblox-Purchasing-Hub CVE-2021-41190 RESERVED -CVE-2021-41189 - RESERVED +CVE-2021-41189 (DSpace is an open source turnkey repository application. In version 7. ...) + TODO: check CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...) NOT-FOR-US: Shopware CVE-2021-41187 RESERVED -CVE-2021-41186 - RESERVED +CVE-2021-41186 (Fluentd collects events from various data sources and writes them to f ...) + TODO: check CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An exploi ...) NOT-FOR-US: Mycodo CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) @@ -7570,8 +7570,8 @@ CVE-2021-3757 (immer is vulnerable to Improperly Controlled Modification of Obje NOTE: https://github.com/immerjs/immer CVE-2021-40331 RESERVED -CVE-2021-3756 - RESERVED +CVE-2021-3756 (libmysofa is vulnerable to Heap-based Buffer Overflow ...) + TODO: check CVE-2021-3755 REJECTED CVE-2021-3754 @@ -10340,8 +10340,8 @@ CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). Prior NOT-FOR-US: OpenOlat CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A path trave ...) NOT-FOR-US: OpenOLAT -CVE-2021-39179 - RESERVED +CVE-2021-39179 (DHIS 2 is an information system for data capture, management, validati ...) + TODO: check CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between 10.0.0 and 1 ...) NOT-FOR-US: next.js CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...) @@ -14630,8 +14630,8 @@ CVE-2021-37404 RESERVED CVE-2021-3663 (firefly-iii is vulnerable to Improper
[Git][security-tracker-team/security-tracker][master] Add tracking bug for several libxstream-java issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
687a92c1 by Salvatore Bonaccorso at 2021-10-29T22:02:19+02:00
Add tracking bug for several libxstream-java issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -10397,57 +10397,57 @@ CVE-2021-39155 (Istio is an open source platform for
providing a uniform way to
NOT-FOR-US: Istio
CVE-2021-39154 (XStream is a simple library to serialize objects to XML and
back again ...)
{DLA-2769-1}
- - libxstream-java 1.4.18-1
+ - libxstream-java 1.4.18-1 (bug #998054)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68
NOTE: https://x-stream.github.io/CVE-2021-39154.html
CVE-2021-39153 (XStream is a simple library to serialize objects to XML and
back again ...)
{DLA-2769-1}
- - libxstream-java 1.4.18-1
+ - libxstream-java 1.4.18-1 (bug #998054)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v
NOTE: https://x-stream.github.io/CVE-2021-39153.html
CVE-2021-39152 (XStream is a simple library to serialize objects to XML and
back again ...)
{DLA-2769-1}
- - libxstream-java 1.4.18-1
+ - libxstream-java 1.4.18-1 (bug #998054)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2
NOTE: https://x-stream.github.io/CVE-2021-39152.html
CVE-2021-39151 (XStream is a simple library to serialize objects to XML and
back again ...)
{DLA-2769-1}
- - libxstream-java 1.4.18-1
+ - libxstream-java 1.4.18-1 (bug #998054)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4
NOTE: https://x-stream.github.io/CVE-2021-39151.html
CVE-2021-39150 (XStream is a simple library to serialize objects to XML and
back again ...)
{DLA-2769-1}
- - libxstream-java 1.4.18-1
+ - libxstream-java 1.4.18-1 (bug #998054)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp
NOTE: https://x-stream.github.io/CVE-2021-39150.html
CVE-2021-39149 (XStream is a simple library to serialize objects to XML and
back again ...)
{DLA-2769-1}
- - libxstream-java 1.4.18-1
+ - libxstream-java 1.4.18-1 (bug #998054)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x
NOTE: https://x-stream.github.io/CVE-2021-39149.html
CVE-2021-39148 (XStream is a simple library to serialize objects to XML and
back again ...)
{DLA-2769-1}
- - libxstream-java 1.4.18-1
+ - libxstream-java 1.4.18-1 (bug #998054)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2
NOTE: https://x-stream.github.io/CVE-2021-39148.html
CVE-2021-39147 (XStream is a simple library to serialize objects to XML and
back again ...)
{DLA-2769-1}
- - libxstream-java 1.4.18-1
+ - libxstream-java 1.4.18-1 (bug #998054)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc
NOTE: https://x-stream.github.io/CVE-2021-39147.html
CVE-2021-39146 (XStream is a simple library to serialize objects to XML and
back again ...)
{DLA-2769-1}
- - libxstream-java 1.4.18-1
+ - libxstream-java 1.4.18-1 (bug #998054)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f
NOTE: https://x-stream.github.io/CVE-2021-39146.html
CVE-2021-39145 (XStream is a simple library to serialize objects to XML and
back again ...)
{DLA-2769-1}
- - libxstream-java 1.4.18-1
+ - libxstream-java 1.4.18-1 (bug #998054)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v
NOTE: https://x-stream.github.io/CVE-2021-39145.html
CVE-2021-39144 (XStream is a simple library to serialize objects to XML and
back again ...)
{DLA-2769-1}
- - libxstream-java 1.4.18-1
+ - libxstream-java 1.4.18-1 (bug #998054)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh
NOTE: https://x-stream.github.io/CVE-2021-39144.html
CVE-2021-39143
@@ -10456,17 +10456,17 @@ CVE-2021-39142
RESERVED
CVE-2021-39141 (XStream is a simple library to serialize objects to XML and
back again ...)
{DLA-2769-1}
- - libxstream-java 1.4.18-1
+ - libxstream-java 1.4.18-1 (bug #998054)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2
NOTE: https://x-stream.github.io/CVE-2021-39141.html
CVE-2021-39140 (XStream is a simple library to serialize objects to XML and
back again ...)
{DLA-2769-1}
- - libxstream-java 1.4.18-1
+ - libxstream-java 1.4.18-1 (bug #998054)
NOTE:
[Git][security-tracker-team/security-tracker][master] Take libgit2
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 40a07004 by Utkarsh Gupta at 2021-10-29T23:28:58+05:30 Take libgit2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -53,10 +53,12 @@ glusterfs -- gpac (Roberto C. Sánchez) -- -libgit2 +libgit2 (Utkarsh) NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed NOTE: 20211029: for jessie in DLA-1477-1 and should also be fixed in stretch NOTE: 20211029: 4 other CVEs might also be worth fixing (bunk) + NOTE: 20211029: taking this with my maintainer hat on; will investigate + NOTE: 20211029: and TAL later next week. (utkarsh) -- linux (Ben Hutchings) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40a070042b9aa7d7a8f558e1a5d063c3b3b6a19b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40a070042b9aa7d7a8f558e1a5d063c3b3b6a19b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: retake firefox-esr and thunderbird
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 12ed4e25 by Emilio Pozuelo Monfort at 2021-10-29T12:41:56+02:00 lts: retake firefox-esr and thunderbird Working on ESR 91 toolchain updates. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -41,7 +41,7 @@ ffmpeg (Anton Gladky) NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/ffmpeg NOTE: ffmpeg 3.2.16 has been released -- -firefox-esr +firefox-esr (Emilio) -- firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree @@ -103,5 +103,5 @@ salt (Markus Koschany) NOTE: 20210607: new CVE patch proposed by damien; donfede to provide a debdiff. (utkarsh) NOTE: 20210816: will test the provided debdiff; needs testing as regression spotted. (utkarsh) -- -thunderbird +thunderbird (Emilio) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ed4e259c2703791c10b1a781752cf338b3e2f3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ed4e259c2703791c10b1a781752cf338b3e2f3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: add glusterfs
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 62ab5921 by Adrian Bunk at 2021-10-29T13:38:52+03:00 dla: add glusterfs - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -47,6 +47,10 @@ firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag -- +glusterfs + NOTE: 20211029: 15 CVEs that were fixed in jessie in DLA-1510-1 and DLA-1565-1 + NOTE: 20211029: should also be fixed in stretch (bunk) +-- gpac (Roberto C. Sánchez) -- libgit2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62ab5921a332bf33ac72e1803330191090f90195 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62ab5921a332bf33ac72e1803330191090f90195 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: add libgit2
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 47462f1e by Adrian Bunk at 2021-10-29T13:13:14+03:00 dla: add libgit2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -49,6 +49,11 @@ firmware-nonfree -- gpac (Roberto C. Sánchez) -- +libgit2 + NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed + NOTE: 20211029: for jessie in DLA-1477-1 and should also be fixed in stretch + NOTE: 20211029: 4 other CVEs might also be worth fixing (bunk) +-- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47462f1ed63afcde12ebe516fe3e7e8b9508f44d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47462f1ed63afcde12ebe516fe3e7e8b9508f44d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2798-1 for libdatetime-timezone-perl
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 25c3aa56 by Emilio Pozuelo Monfort at 2021-10-29T11:58:10+02:00 Reserve DLA-2798-1 for libdatetime-timezone-perl - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[29 Oct 2021] DLA-2798-1 libdatetime-timezone-perl - new upstream version + [stretch] - libdatetime-timezone-perl 1:2.09-1+2021e [29 Oct 2021] DLA-2797-1 tzdata - new upstream version [stretch] - tzdata 2021a-0+deb9u2 [29 Oct 2021] DLA-2796-1 jbig2dec - security update = data/dla-needed.txt = @@ -49,8 +49,6 @@ firmware-nonfree -- gpac (Roberto C. Sánchez) -- -libdatetime-timezone-perl (Emilio) --- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25c3aa566ba5ec8b6c7932dfa5b9375a53d25161 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25c3aa566ba5ec8b6c7932dfa5b9375a53d25161 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2797-1 for tzdata
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0095854e by Emilio Pozuelo Monfort at 2021-10-29T11:52:26+02:00
Reserve DLA-2797-1 for tzdata
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,5 @@
+[29 Oct 2021] DLA-2797-1 tzdata - new upstream version
+ [stretch] - tzdata 2021a-0+deb9u2
[29 Oct 2021] DLA-2796-1 jbig2dec - security update
{CVE-2017-9216 CVE-2020-12268}
[stretch] - jbig2dec 0.13-4.1+deb9u1
=
data/dla-needed.txt
=
@@ -98,5 +98,3 @@ salt (Markus Koschany)
--
thunderbird
--
-tzdata (Emilio)
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0095854e786bbfd865da75fb87ff3987df25b7b3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0095854e786bbfd865da75fb87ff3987df25b7b3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-40348 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
38dc75e0 by Salvatore Bonaccorso at 2021-10-29T10:45:56+02:00
Mark CVE-2021-40348 as NFU
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -7518,6 +7518,7 @@ CVE-2021-40349 (e7d Speed Test (aka speedtest) 0.5.3
allows a path-traversal att
NOT-FOR-US: e7d Speed Test
CVE-2021-40348
RESERVED
+ NOT-FOR-US: Uyuni / Spacewalk (Red Hat)
CVE-2021-40347 (An issue was discovered in views/list.py in GNU Mailman
Postorius befo ...)
{DSA-4970-1}
- postorius 1.3.5-1 (bug #993746)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38dc75e04ff7af32a5b5e1830f3101ebc262de5a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38dc75e04ff7af32a5b5e1830f3101ebc262de5a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-23052/mahara
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a903cec8 by Salvatore Bonaccorso at 2021-10-29T10:26:23+02:00 Add CVE-2020-23052/mahara - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -80863,7 +80863,7 @@ CVE-2020-23054 (A cross-site scripting (XSS) vulnerability in NSK User Agent Str CVE-2020-23053 RESERVED CVE-2020-23052 (Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple ...) - TODO: check + - mahara CVE-2020-23051 (Phpgurukul User Registration User Management System v2.0 was dis ...) NOT-FOR-US: Phpgurukul User Registration & User Management System CVE-2020-23050 (TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to cont ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a903cec8a90a0a2deef36399ffb0259c4702b620 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a903cec8a90a0a2deef36399ffb0259c4702b620 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3655{0,1}/tikiwiki
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1bd9e08e by Salvatore Bonaccorso at 2021-10-29T10:25:36+02:00
Add CVE-2021-3655{0,1}/tikiwiki
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -16616,9 +16616,9 @@ CVE-2021-36553
CVE-2021-36552
RESERVED
CVE-2021-36551 (TikiWiki v21.4 was discovered to contain a cross-site
scripting (XSS) ...)
- TODO: check
+ - tikiwiki
CVE-2021-36550 (TikiWiki v21.4 was discovered to contain a cross-site
scripting (XSS) ...)
- TODO: check
+ - tikiwiki
CVE-2021-36549
RESERVED
CVE-2021-36548 (A remote code execution (RCE) vulnerability in the component
/admin/in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bd9e08e50febc730b78b652983f31f79d05836d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bd9e08e50febc730b78b652983f31f79d05836d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b7cf610b by Salvatore Bonaccorso at 2021-10-29T10:23:58+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16622,9 +16622,9 @@ CVE-2021-36550 (TikiWiki v21.4 was discovered to contain a cross-site scripting CVE-2021-36549 RESERVED CVE-2021-36548 (A remote code execution (RCE) vulnerability in the component /admin/in ...) - TODO: check + NOT-FOR-US: Monstra CMS CVE-2021-36547 (A remote code execution (RCE) vulnerability in the component /codebase ...) - TODO: check + NOT-FOR-US: Mara CMS CVE-2021-36546 RESERVED CVE-2021-36545 @@ -65395,9 +65395,9 @@ CVE-2021-1118 CVE-2021-1117 (Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy ...) TODO: check CVE-2021-1116 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2021-1115 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2021-1114 (NVIDIA Linux kernel distributions contain a vulnerability in the kerne ...) NOT-FOR-US: NVIDIA CVE-2021-1113 (NVIDIA camera firmware contains a vulnerability where an unauthorized ...) @@ -7,7 +7,7 @@ CVE-2020-25424 CVE-2020-25423 RESERVED CVE-2020-25422 (A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS ...) - TODO: check + NOT-FOR-US: Mara CMS CVE-2020-25421 RESERVED CVE-2020-25420 @@ -79797,13 +79797,13 @@ CVE-2020-23551 CVE-2020-23550 RESERVED CVE-2020-23549 (IrfanView 4.54 allows attackers to cause a denial of service or possib ...) - TODO: check + NOT-FOR-US: IrfanView CVE-2020-23548 RESERVED CVE-2020-23547 RESERVED CVE-2020-23546 (IrfanView 4.54 allows attackers to cause a denial of service or possib ...) - TODO: check + NOT-FOR-US: IrfanView CVE-2020-23545 RESERVED CVE-2020-23544 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7cf610b31bdeed469cf9ff71a9a788eb806d580 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7cf610b31bdeed469cf9ff71a9a788eb806d580 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2065cb1a by security tracker role at 2021-10-29T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,43 @@
+CVE-2021-43081
+ RESERVED
+CVE-2021-43080
+ RESERVED
+CVE-2021-43079
+ RESERVED
+CVE-2021-43078
+ RESERVED
+CVE-2021-43077
+ RESERVED
+CVE-2021-43076
+ RESERVED
+CVE-2021-43075
+ RESERVED
+CVE-2021-43074
+ RESERVED
+CVE-2021-43073
+ RESERVED
+CVE-2021-43072
+ RESERVED
+CVE-2021-43071
+ RESERVED
+CVE-2021-43070
+ RESERVED
+CVE-2021-43069
+ RESERVED
+CVE-2021-43068
+ RESERVED
+CVE-2021-43067
+ RESERVED
+CVE-2021-43066
+ RESERVED
+CVE-2021-43065
+ RESERVED
+CVE-2021-43064
+ RESERVED
+CVE-2021-43063
+ RESERVED
+CVE-2021-43062
+ RESERVED
CVE-2022-20621
RESERVED
CVE-2022-20620
@@ -683,6 +723,7 @@ CVE-2021-42764 (The Proof-of-Stake (PoS) Ethereum consensus
protocol through 202
CVE-2021-42763
RESERVED
CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before
2.34.1 allow ...)
+ {DSA-4996-1 DSA-4995-1}
- webkit2gtk 2.34.1-1
[stretch] - webkit2gtk (Not covered by security support in
stretch)
- wpewebkit 2.34.1-1
@@ -5475,8 +5516,8 @@ CVE-2021-41196
RESERVED
CVE-2021-41195
RESERVED
-CVE-2021-41194
- RESERVED
+CVE-2021-41194 (FirstUseAuthenticator is a JupyterHub authenticator that helps
new use ...)
+ TODO: check
CVE-2021-41193
RESERVED
CVE-2021-41192
@@ -16574,16 +16615,16 @@ CVE-2021-36553
RESERVED
CVE-2021-36552
RESERVED
-CVE-2021-36551
- RESERVED
-CVE-2021-36550
- RESERVED
+CVE-2021-36551 (TikiWiki v21.4 was discovered to contain a cross-site
scripting (XSS) ...)
+ TODO: check
+CVE-2021-36550 (TikiWiki v21.4 was discovered to contain a cross-site
scripting (XSS) ...)
+ TODO: check
CVE-2021-36549
RESERVED
-CVE-2021-36548
- RESERVED
-CVE-2021-36547
- RESERVED
+CVE-2021-36548 (A remote code execution (RCE) vulnerability in the component
/admin/in ...)
+ TODO: check
+CVE-2021-36547 (A remote code execution (RCE) vulnerability in the component
/codebase ...)
+ TODO: check
CVE-2021-36546
RESERVED
CVE-2021-36545
@@ -30462,6 +30503,7 @@ CVE-2021-30853 (This issue was addressed with improved
checks. This issue is fix
CVE-2021-30852 (A type confusion issue was addressed with improved memory
handling. Th ...)
TODO: check
CVE-2021-30851 (A memory corruption vulnerability was addressed with improved
locking. ...)
+ {DSA-4996-1 DSA-4995-1}
- webkit2gtk 2.34.0-1
[stretch] - webkit2gtk (Not covered by security support in
stretch)
- wpewebkit 2.34.1-1
@@ -30485,6 +30527,7 @@ CVE-2021-30848 (A memory corruption issue was addressed
with improved memory han
CVE-2021-30847 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2021-30846 (A memory corruption issue was addressed with improved memory
handling. ...)
+ {DSA-4996-1 DSA-4995-1}
- webkit2gtk 2.34.0-1
[stretch] - webkit2gtk (Not covered by security support in
stretch)
- wpewebkit 2.34.1-1
@@ -43604,8 +43647,7 @@ CVE-2021-25744
RESERVED
CVE-2021-25743
RESERVED
-CVE-2021-25742
- RESERVED
+CVE-2021-25742 (A security issue was discovered in ingress-nginx where a user
that can ...)
NOT-FOR-US: Kubernetes ingress-nginx component
CVE-2021-25741 (A security issue was discovered in Kubernetes where a user may
be able ...)
- kubernetes
@@ -44900,6 +44942,7 @@ CVE-2021-25221
CVE-2021-25220
RESERVED
CVE-2021-25219 (In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and
versions 9.9.3- ...)
+ {DSA-4994-1}
- bind9 1:9.17.19-1
NOTE: https://kb.isc.org/docs/cve-2021-25219
NOTE:
https://gitlab.isc.org/isc-projects/bind9/commit/8fe18c0566c41228a568157287f5a44f96d37662
(v9_16_22)
@@ -79753,14 +79796,14 @@ CVE-2020-23551
RESERVED
CVE-2020-23550
RESERVED
-CVE-2020-23549
- RESERVED
+CVE-2020-23549 (IrfanView 4.54 allows attackers to cause a denial of service
or possib ...)
+ TODO: check
CVE-2020-23548
RESERVED
CVE-2020-23547
RESERVED
-CVE-2020-23546
- RESERVED
+CVE-2020-23546 (IrfanView 4.54 allows attackers to cause a denial of service
or possib ...)
+ TODO: check
CVE-2020-23545
RESERVED
CVE-2020-23544
@@ -106216,6 +106259,7 @@ CVE-2020-12270 (** DISPUTED ** React Native Bluetooth
Scan in Bluezone 1.0.0 use
CVE-2020-12269
RESERVED
CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec
before 0.18 h ...)
+ {DLA-2796-1}
[Git][security-tracker-team/security-tracker][master] lts: take tzdata and libdatetime-timezone-perl
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: cc2c1b73 by Emilio Pozuelo Monfort at 2021-10-29T10:01:05+02:00 lts: take tzdata and libdatetime-timezone-perl - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -49,6 +49,8 @@ firmware-nonfree -- gpac (Roberto C. Sánchez) -- +libdatetime-timezone-perl (Emilio) +-- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) @@ -96,3 +98,5 @@ salt (Markus Koschany) -- thunderbird -- +tzdata (Emilio) +-- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc2c1b73b875895472a408ad751d2c41c65c83c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc2c1b73b875895472a408ad751d2c41c65c83c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add another round of chromium CVEs (fixed in 95.0.4638.69)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2c0ff417 by Salvatore Bonaccorso at 2021-10-29T09:20:16+02:00 Add another round of chromium CVEs (fixed in 95.0.4638.69) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13153,18 +13153,32 @@ CVE-2021-38004 RESERVED CVE-2021-38003 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-38002 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-38001 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-38000 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37999 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37998 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37997 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2021-37996 RESERVED - chromium View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c0ff417a3bd7ee4440a743614b32fe93a70619f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c0ff417a3bd7ee4440a743614b32fe93a70619f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3892/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2bbaf12d by Salvatore Bonaccorso at 2021-10-29T08:58:25+02:00 Add CVE-2021-3892/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1145,8 +1145,10 @@ CVE-2021-42555 RESERVED CVE-2021-42554 RESERVED -CVE-2021-3892 +CVE-2021-3892 [memory leak in fib6_rule_suppress could result in DoS] RESERVED + - linux + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014623 CVE-2021-26247 RESERVED CVE-2021-23225 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bbaf12d42482a6047ef6099600631eccec3a99b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bbaf12d42482a6047ef6099600631eccec3a99b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
