[Git][security-tracker-team/security-tracker][master] automatic update

Mon Apr 5 09:10:23 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b30ccab by security tracker role at 2021-04-05T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1890,8 +1890,8 @@ CVE-2021-3468 [Local DoS by event-busy-loop from writing long lines to /run/avah
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3
 CVE-2021-29262
 	RESERVED
-CVE-2021-29261
-	RESERVED
+CVE-2021-29261 (The unofficial Svelte extension before 104.8.0 for Visual Studio Code  ...)
+	TODO: check
 CVE-2021-29260
 	RESERVED
 CVE-2021-29259
@@ -2820,8 +2820,8 @@ CVE-2021-28834 (Kramdown before 2.3.1 does not restrict Rouge formatters to the
 	NOTE: Fixed by: https://github.com/gettalong/kramdown/commit/d6a1cbcb2caa2f8a70927f176070d126b2422760
 CVE-2021-28833
 	RESERVED
-CVE-2021-28832
-	RESERVED
+CVE-2021-28832 (VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via ...)
+	TODO: check
 CVE-2021-28831 (decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit ...)
 	{DLA-2614-1}
 	- busybox <unfixed> (bug #985674)
@@ -9213,9 +9213,11 @@ CVE-2021-26122
 CVE-2021-26121
 	RESERVED
 CVE-2021-26120 (Smarty before 3.1.39 allows code injection via an unexpected function  ...)
+	{DLA-2618-1}
 	- smarty3 3.1.39-1
 	NOTE: https://github.com/smarty-php/smarty/commit/4f634c0097ab4a8b2adc2a97caacd1676e88f9c8
 CVE-2021-26119 (Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_ ...)
+	{DLA-2618-1}
 	- smarty3 3.1.39-1
 	NOTE: https://github.com/smarty-php/smarty/commit/c9272058d972045dda9c99c64a82acb21c93c6ad
 CVE-2021-26118 (While investigating ARTEMIS-2964 it was found that the creation of adv ...)
@@ -175632,6 +175634,7 @@ CVE-2018-13984
 CVE-2018-13983 (ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.ph ...)
 	NOT-FOR-US: ImpressCMS
 CVE-2018-13982 (Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is pro ...)
+	{DLA-2618-1}
 	- smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1
 	[stretch] - smarty3 <no-dsa> (Minor issue; can be fixed via point release)
 	[jessie] - smarty3 <not-affected> (vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b30ccab87b0656e4d96b0842ca7364981df68d6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b30ccab87b0656e4d96b0842ca7364981df68d6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210405/e2a0fff5/attachment.htm>
