[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 10 21:10:38 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6a87fe83 by security tracker role at 2021-04-10T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2021-30481 (Valve Steam through 2021-04-10, when a Source engine game is installed ...)
+ TODO: check
CVE-2021-3492
RESERVED
CVE-2021-3491
@@ -735,14 +737,17 @@ CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup dat
CVE-2021-30160
RESERVED
CVE-2021-30159 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ {DSA-4889-1}
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T272386
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30158 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ {DSA-4889-1}
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T277009
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/670546
CVE-2021-30157 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ {DSA-4889-1}
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T278058
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674085
@@ -750,10 +755,12 @@ CVE-2021-30156 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x t
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T276306
CVE-2021-30155 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ {DSA-4889-1}
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T270988
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30154 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ {DSA-4889-1}
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T278014
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674083/
@@ -763,6 +770,7 @@ CVE-2021-30153
NOTE: https://phabricator.wikimedia.org/T270453
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30152 (An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through ...)
+ {DSA-4889-1}
- mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T270713
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
@@ -3676,6 +3684,7 @@ CVE-2021-28831 (decompress_gunzip.c in BusyBox through 1.32.1 mishandles the err
[buster] - busybox <no-dsa> (Minor issue)
NOTE: https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
CVE-2021-27851 [Local privilege escalation via guix-daemon and --keep-failed]
+ RESERVED
- guix 1.2.0-4 (bug #985467; unimportant)
NOTE: https://issues.guix.gnu.org/47229
NOTE: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf
@@ -6233,6 +6242,7 @@ CVE-2021-27803 (A vulnerability was discovered in how p2p/p2p_pd.c in wpa_suppli
CVE-2021-3417 (An internal product security audit of LXCO, prior to version 1.2.2, di ...)
NOT-FOR-US: Lenovo
CVE-2021-3416 (A potential stack overflow via infinite loop issue was found in variou ...)
+ {DLA-2623-1}
- qemu 1:5.2+dfsg-9 (bug #984448)
[buster] - qemu <postponed> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07431.html
@@ -7013,6 +7023,7 @@ CVE-2021-27381 (A vulnerability has been identified in Solid Edge SE2020 (All Ve
CVE-2021-27380 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
NOT-FOR-US: Solid Edge SE2020
CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM ...)
+ {DSA-4888-1}
- xen 4.14.0+80-gd101b417b7-1
[stretch] - xen <not-affected> (Incomplete fix for CVE-2020-15565 not applied)
NOTE: https://xenbits.xen.org/xsa/advisory-366.html
@@ -7215,7 +7226,7 @@ CVE-2021-27292 (ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expre
NOTE: https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76
NOTE: https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566
CVE-2021-27291 (In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming ...)
- {DSA-4878-1 DLA-2600-1}
+ {DSA-4889-1 DSA-4878-1 DLA-2600-1}
- pygments <unfixed> (bug #985574)
- mediawiki 1:1.35.2-1
NOTE: https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce
@@ -8026,6 +8037,7 @@ CVE-2021-26934 (An issue was discovered in the Linux kernel 4.18 through 5.10.16
NOTE: Driver never was meant to be supported and the patch in src:xen will only
NOTE: update SUPPORT.md to explicitly document the fact.
CVE-2021-26933 (An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is ...)
+ {DSA-4888-1}
- xen 4.14.1+11-gb0b734a8b3-1
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-364.html
@@ -8835,6 +8847,7 @@ CVE-2021-3393 (An information leak was discovered in postgresql in versions befo
[buster] - postgresql-11 11.11-0+deb10u1
NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
CVE-2021-3392 (A use-after-free flaw was found in the MegaRAID emulator of QEMU. This ...)
+ {DLA-2623-1}
- qemu <unfixed> (bug #984449)
[buster] - qemu <postponed> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
@@ -24638,7 +24651,7 @@ CVE-2021-20271 (A flaw was found in RPM's signature check functionality when rea
[stretch] - rpm <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1934125
CVE-2021-20270 (An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lea ...)
- {DSA-4870-1 DLA-2590-1}
+ {DSA-4889-1 DSA-4870-1 DLA-2590-1}
- pygments 2.7.1+dfsg-2 (bug #984664)
- mediawiki 1:1.35.2-1
NOTE: https://github.com/pygments/pygments/issues/1625
@@ -24700,6 +24713,7 @@ CVE-2021-20258
RESERVED
CVE-2021-20257 [net: e1000: infinite loop while processing transmit descriptors]
RESERVED
+ {DLA-2623-1}
- qemu 1:5.2+dfsg-9 (bug #984450)
[bullseye] - qemu <postponed> (Minor issue)
[buster] - qemu <postponed> (Minor issue)
@@ -24708,6 +24722,7 @@ CVE-2021-20257 [net: e1000: infinite loop while processing transmit descriptors]
CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface exposes the p ...)
NOT-FOR-US: Red Hat Satellite
CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was found in ...)
+ {DLA-2623-1}
- qemu <unfixed> (bug #984451)
[bullseye] - qemu <postponed> (Minor issue)
[buster] - qemu <postponed> (Minor issue)
@@ -24978,6 +24993,7 @@ CVE-2021-20205 (Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a deni
CVE-2021-20204
RESERVED
CVE-2021-20203 (An integer overflow issue was found in the vmxnet3 NIC emulator of the ...)
+ {DLA-2623-1}
- qemu <unfixed> (bug #984452)
[buster] - qemu <postponed> (Minor issue)
NOTE: https://bugs.launchpad.net/qemu/+bug/1913873
@@ -42600,6 +42616,7 @@ CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in
CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2021-3409 (The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffectiv ...)
+ {DLA-2623-1}
- qemu <unfixed>
[buster] - qemu <not-affected> (CVE-2020-17380/CVE-2020-25085 weren't backported to Buster)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
@@ -58357,6 +58374,7 @@ CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow
CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due to insuff ...)
NOT-FOR-US: Ghisler Total Commander
CVE-2020-17380 (A heap-based buffer overflow was found in QEMU through 5.0.0 in the SD ...)
+ {DLA-2623-1}
- qemu <unfixed> (bug #970937)
[buster] - qemu <postponed> (Minor issue, fix along in future DSA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1862167
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a87fe83efa670dc0181cce9691675307d296b17
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a87fe83efa670dc0181cce9691675307d296b17
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210410/9f778525/attachment.htm>
More information about the debian-security-tracker-commits
mailing list