[Git][security-tracker-team/security-tracker][master] Add CVE-2021-4508{5,6,7,8}/epiphany-browser
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d0e66ac9 by Salvatore Bonaccorso at 2021-12-20T07:25:55+01:00
Add CVE-2021-4508{5,6,7,8}/epiphany-browser
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -100,13 +100,21 @@ CVE-2021-45090
CVE-2021-45089
RESERVED
CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x
before ...)
- TODO: check
+ - epiphany-browser 41.2-1
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
CVE-2021-45087 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x
before ...)
- TODO: check
+ - epiphany-browser 41.2-1
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
CVE-2021-45086 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x
before ...)
- TODO: check
+ - epiphany-browser 41.2-1
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x
before ...)
- TODO: check
+ - epiphany-browser 41.2-1
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
CVE-2021-45084
RESERVED
CVE-2021-45083
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0e66ac91edf653203db6b1ac25dd023d749860f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0e66ac91edf653203db6b1ac25dd023d749860f
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: dla: take libextractor
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 43d23183 by Adrian Bunk at 2021-12-20T05:06:09+02:00 dla: take libextractor - - - - - 25237f00 by Adrian Bunk at 2021-12-20T05:09:55+02:00 dla: take libpcap - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -47,6 +47,8 @@ gpac (Roberto C. Sánchez) -- libarchive (Thorsten Alteholz) -- +libextractor (Adrian Bunk) +-- libgit2 (Utkarsh) NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed NOTE: 20211029: for jessie in DLA-1477-1 and should also be fixed in stretch @@ -57,6 +59,8 @@ libgit2 (Utkarsh) NOTE: 20211129: readied up everything, using pygit and other wrappers NOTE: 20211129: around which the code changed. will upload in the next 2 days. (utkarsh) -- +libpcap (Adrian Bunk) +-- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00649565985083bf6ce6523f0e1318a292f440c7...25237f001e424f4c32447a5db220feac2901f1a3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00649565985083bf6ce6523f0e1318a292f440c7...25237f001e424f4c32447a5db220feac2901f1a3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 00649565 by Thorsten Alteholz at 2021-12-20T00:04:38+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -72,8 +72,8 @@ nvidia-graphics-drivers (Markus Koschany) NOTE: nvidia-graphics-drivers-legacy-390xx but will ask for more testing on the lts NOTE: mailing list tomorrow (apo) -- -pgbouncer (Thorsten Alteholz) - NOTE: 20211212: sync with maintainer +pgbouncer (Christoph Berg) + NOTE: 20211220: maintainer might want to upload fixed version -- ruby2.3 (Utkarsh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00649565985083bf6ce6523f0e1318a292f440c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00649565985083bf6ce6523f0e1318a292f440c7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-31566/libarchive
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 83c04459 by Salvatore Bonaccorso at 2021-12-19T21:20:20+01:00 Add Debian bug reference for CVE-2021-31566/libarchive - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34,7 +34,7 @@ CVE-2021-45105 [Certain strings can cause infinite recursion] NOTE: https://issues.apache.org/jira/browse/LOG4J2-3230 CVE-2021-31566 [symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive] RESERVED - - libarchive + - libarchive (bug #1001990) NOTE: https://github.com/libarchive/libarchive/issues/1566 NOTE: https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 (v3.5.2) NOTE: https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b (v3.5.2) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83c0445992e4bba4e5f4cb24d5819de58877c0f1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83c0445992e4bba4e5f4cb24d5819de58877c0f1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8017c166 by security tracker role at 2021-12-19T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1427,6 +1427,7 @@ CVE-2021-4077
RESERVED
CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()]
RESERVED
+ {DSA-5025-1}
- tang 11-1
[buster] - tang (Vulnerable code introduced later)
NOTE: https://github.com/latchset/tang/pull/81
@@ -5478,6 +5479,7 @@ CVE-2021-43548
CVE-2021-43547
RESERVED
CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks
against u ...)
+ {DSA-5026-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -5485,6 +5487,7 @@ CVE-2021-43546 (It was possible to recreate previous
cursor spoofing attacks aga
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546
CVE-2021-43545 (Using the Location API in a loop could have caused severe
application ...)
+ {DSA-5026-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -5495,6 +5498,7 @@ CVE-2021-43544 (When receiving a URL through a SEND
intent, Firefox would have s
- firefox (Only affects Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544
CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have
escaped the ...)
+ {DSA-5026-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -5502,6 +5506,7 @@ CVE-2021-43543 (Documents loaded with the CSP sandbox
directive could have escap
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543
CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified
installed appl ...)
+ {DSA-5026-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -5509,6 +5514,7 @@ CVE-2021-43542 (Using XMLHttpRequest, an attacker could
have identified installe
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542
CVE-2021-43541 (When invoking protocol handlers for external protocols, a
supplied par ...)
+ {DSA-5026-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -5519,6 +5525,7 @@ CVE-2021-43540 (WebExtensions with the correct
permissions were able to create a
- firefox 95.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540
CVE-2021-43539 (Failure to correctly record the location of live pointers
across wasm ...)
+ {DSA-5026-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -5526,6 +5533,7 @@ CVE-2021-43539 (Failure to correctly record the location
of live pointers across
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539
CVE-2021-43538 (By misusing a race in our notification code, an attacker could
have fo ...)
+ {DSA-5026-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -5533,6 +5541,7 @@ CVE-2021-43538 (By misusing a race in our notification
code, an attacker could h
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538
CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit
integers all ...)
+ {DSA-5026-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -5540,6 +5549,7 @@ CVE-2021-43537 (An incorrect type conversion of sizes
from 64bit to 32bit intege
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537
CVE-2021-43536 (Under certain circumstances, asynchronous functions could have
caused ...)
+ {DSA-5026-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -5547,6 +5557,7 @@ CVE-2021-43536 (Under certain circumstances, asynchronous
functions could have c
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536
NOTE:
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-23177/libarchive
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f10c4c7d by Salvatore Bonaccorso at 2021-12-19T21:04:55+01:00 Add Debian bug reference for CVE-2021-23177/libarchive - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -40,7 +40,7 @@ CVE-2021-31566 [symbolic links incorrectly followed when changing modes, times, NOTE: https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b (v3.5.2) CVE-2021-23177 [extracting a symlink with ACLs modifies ACLs of target] RESERVED - - libarchive + - libarchive (bug #1001986) NOTE: https://github.com/libarchive/libarchive/issues/1565 NOTE: https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad (v3.5.2) CVE-2022-21943 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f10c4c7d8a0e5b59381723417619271b122460ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f10c4c7d8a0e5b59381723417619271b122460ff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim lxml
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: e7fcdbfb by Utkarsh Gupta at 2021-12-19T22:59:44+05:30 Claim lxml - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -61,7 +61,7 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- -lxml +lxml (Utkarsh) -- nvidia-graphics-drivers (Markus Koschany) NOTE: package is in non-free but also in packages-to-support View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7fcdbfbe499fae4c8a77f27033abe8e2a05f5dc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7fcdbfbe499fae4c8a77f27033abe8e2a05f5dc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 4 commits: add ruby2.3
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 2410d43a by Thorsten Alteholz at 2021-12-19T18:05:56+01:00 add ruby2.3 - - - - - b2e6c5cc by Thorsten Alteholz at 2021-12-19T18:10:39+01:00 add lxml - - - - - 961523b2 by Thorsten Alteholz at 2021-12-19T18:11:05+01:00 add libarchive - - - - - bd85ecff by Thorsten Alteholz at 2021-12-19T18:13:13+01:00 add spip - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -45,6 +45,8 @@ gpac (Roberto C. Sánchez) NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) -- +libarchive (Thorsten Alteholz) +-- libgit2 (Utkarsh) NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed NOTE: 20211029: for jessie in DLA-1477-1 and should also be fixed in stretch @@ -59,6 +61,8 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- +lxml +-- nvidia-graphics-drivers (Markus Koschany) NOTE: package is in non-free but also in packages-to-support NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077 @@ -71,12 +75,17 @@ nvidia-graphics-drivers (Markus Koschany) pgbouncer (Thorsten Alteholz) NOTE: 20211212: sync with maintainer -- +ruby2.3 (Utkarsh) +-- samba (Anton) NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/ NOTE: 20211212: Fix is too large, coordination with ELTS-upload -- sphinxsearch (Thorsten Alteholz) -- +spip + NOTE: probably someone who understands French better can have a look whether Stretch is affected +-- thunderbird (Emilio) NOTE: 20211122: blocked on toolchain backports (pochu) NOTE: 20211206: progressing on the toolchain front (pochu) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f6a79abd78e0f38ef0d120ff9fd67dc5f1c17e5b...bd85ecff6e16d3fd698544a86024b149cd277264 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f6a79abd78e0f38ef0d120ff9fd67dc5f1c17e5b...bd85ecff6e16d3fd698544a86024b149cd277264 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add reference for log4j issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f6a79abd by Moritz Mühlenhoff at 2021-12-19T16:54:23+01:00 add reference for log4j issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -951,6 +951,7 @@ CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untr NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/1 NOTE: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 NOTE: Issue for Log4j 1.2 when specifically configured to use JMSAppender (not the default) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/2 CVE-2021-4103 RESERVED CVE-2021-44832 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6a79abd78e0f38ef0d120ff9fd67dc5f1c17e5b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6a79abd78e0f38ef0d120ff9fd67dc5f1c17e5b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim spip
Sebastien Delafond pushed to branch master at Debian Security Tracker / security-tracker Commits: 05653fb5 by Sébastien Delafond at 2021-12-19T16:45:49+01:00 Claim spip - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -51,7 +51,7 @@ runc sogo (jmm) Maintainer preparing updates -- -spip +spip (seb) Maintainer proposed updates -- thunderbird (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05653fb595622e7f471a9c21d0f21e3c68b00437 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05653fb595622e7f471a9c21d0f21e3c68b00437 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add spip to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 27b37059 by Salvatore Bonaccorso at 2021-12-19T16:37:32+01:00 Add spip to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -51,6 +51,9 @@ runc sogo (jmm) Maintainer preparing updates -- +spip + Maintainer proposed updates +-- thunderbird (jmm) Rust toolchain updates needed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27b3705975d01a201c2ad16763445ab602be1fa5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27b3705975d01a201c2ad16763445ab602be1fa5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add temporary entry for spip issues (no CVEs assigned)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eba5f13d by Salvatore Bonaccorso at 2021-12-19T16:36:01+01:00 Add temporary entry for spip issues (no CVEs assigned) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2021- [several SQL injection, remote code execution, XSS issues] + - spip 3.2.12-1 + NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html CVE-2021- [Fix possible privilege escalation] - glewlwyd 2.6.1-1 [bullseye] - glewlwyd (Minor issue; can be fixed via point release) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eba5f13de3e2f126481651d330069f37f33981d6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eba5f13de3e2f126481651d330069f37f33981d6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-43820/seafile-server, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9696dfcf by Salvatore Bonaccorso at 2021-12-19T16:13:31+01:00 Add CVE-2021-43820/seafile-server, itped - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3963,7 +3963,9 @@ CVE-2021-43822 (Jackalope Doctrine-DBAL is an implementation of the PHP Content CVE-2021-43821 (Opencast is an Open Source Lecture Capture Video Management for ...) TODO: check CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is used i ...) - TODO: check + - seafile-server (bug #865830) + NOTE: https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8 + NOTE: https://github.com/haiwen/seafile-server/pull/520 CVE-2021-43819 RESERVED CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python language. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9696dfcf8ac2d928f30e6bb9c851e75083a04223 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9696dfcf8ac2d928f30e6bb9c851e75083a04223 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] amend CVE list
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fd71a331 by Moritz Mühlenhoff at 2021-12-19T16:06:23+01:00
amend CVE list
- - - - -
1 changed file:
- data/DSA/list
Changes:
=
data/DSA/list
=
@@ -1,4 +1,5 @@
[19 Dec 2021] DSA-5026-1 firefox-esr - security update
+ {CVE-2021-43546 CVE-2021-43545 CVE-2021-43543 CVE-2021-43542
CVE-2021-43541 CVE-2021-43539 CVE-2021-43538 CVE-2021-43537 CVE-2021-43536
CVE-2021-43535 CVE-2021-43534 CVE-2021-38509 CVE-2021-38508 CVE-2021-38507
CVE-2021-38506 CVE-2021-38504 CVE-2021-38503}
[bullseye] - firefox-esr 91.4.1esr-1~deb11u1
[19 Dec 2021] DSA-5025-1 tang - security update
{CVE-2021-4076}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd71a33117d08c945f43b698378d799b4e2c397b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd71a33117d08c945f43b698378d799b4e2c397b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] firefox DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4c1df6ef by Moritz Mühlenhoff at 2021-12-19T16:04:29+01:00
firefox DSA
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,5 @@
+[19 Dec 2021] DSA-5026-1 firefox-esr - security update
+ [bullseye] - firefox-esr 91.4.1esr-1~deb11u1
[19 Dec 2021] DSA-5025-1 tang - security update
{CVE-2021-4076}
[bullseye] - tang 8-3+deb11u1
=
data/dsa-needed.txt
=
@@ -23,9 +23,6 @@ djvulibre
--
faad2/oldstable (jmm)
--
-firefox-esr (jmm)
- Rust toolchain updates needed
---
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v4.19.y versions.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c1df6ef1ab062dec7bc6ab38948c361dd46f6a1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c1df6ef1ab062dec7bc6ab38948c361dd46f6a1
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for tang update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
96f14b73 by Salvatore Bonaccorso at 2021-12-19T09:44:11+01:00
Reserve DSA number for tang update
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[19 Dec 2021] DSA-5025-1 tang - security update
+ {CVE-2021-4076}
+ [bullseye] - tang 8-3+deb11u1
[18 Dec 2021] DSA-5024-1 apache-log4j2 - security update
{CVE-2021-45105}
[buster] - apache-log4j2 2.17.0-1~deb10u1
=
data/dsa-needed.txt
=
@@ -54,9 +54,6 @@ runc
sogo (jmm)
Maintainer preparing updates
--
-tang (carnil)
- Maintainer preparing updates
---
thunderbird (jmm)
Rust toolchain updates needed
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96f14b73772af2165c3d1049872f086fb56233e8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96f14b73772af2165c3d1049872f086fb56233e8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fa2693bc by security tracker role at 2021-12-19T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -25,6 +25,7 @@ CVE-2022-21944
RESERVED
CVE-2021-45105 [Certain strings can cause infinite recursion]
RESERVED
+ {DSA-5024-1}
- apache-log4j2 2.17.0-1 (bug #1001891)
NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105
NOTE: https://issues.apache.org/jira/browse/LOG4J2-3230
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa2693bc9218b18fe0740e0837c033b4e866957a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa2693bc9218b18fe0740e0837c033b4e866957a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
