[Git][security-tracker-team/security-tracker][master] various bugs filed

Moritz Muehlenhoff jmm at debian.org
Mon Apr 12 10:34:06 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6391ad57 by Moritz Mühlenhoff at 2021-04-12T11:33:48+02:00
various bugs filed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -84,19 +84,19 @@ CVE-2021-30473
 	RESERVED
 CVE-2021-30472
 	RESERVED
-	- libpodofo <unfixed>
+	- libpodofo <unfixed> (bug #986794)
 	NOTE: https://sourceforge.net/p/podofo/tickets/132/
 CVE-2021-30471
 	RESERVED
-	- libpodofo <unfixed>
+	- libpodofo <unfixed> (bug #986793)
 	NOTE: https://sourceforge.net/p/podofo/tickets/131/
 CVE-2021-30470
 	RESERVED
-	- libpodofo <unfixed>
+	- libpodofo <unfixed> (bug #986792)
 	NOTE: https://sourceforge.net/p/podofo/tickets/130/
 CVE-2021-30469
 	RESERVED
-	- libpodofo <unfixed>
+	- libpodofo <unfixed> (bug #986791)
 	NOTE: https://sourceforge.net/p/podofo/tickets/129/
 CVE-2021-30468
 	RESERVED
@@ -1925,21 +1925,21 @@ CVE-2020-36284 (Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Imp
 CVE-2021-3480
 	RESERVED
 CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in versions bef ...)
-	- openexr <unfixed>
+	- openexr <unfixed> (bug #986796)
 	[buster] - openexr <no-dsa> (Minor issue)
 	[stretch] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/830
 CVE-2021-3478 (There's a flaw in OpenEXR's scanline input file functionality in versi ...)
-	- openexr <unfixed>
+	- openexr <unfixed> (bug #986796)
 	[buster] - openexr <no-dsa> (Minor issue)
 	[stretch] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939160
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/bc88cdb6c97fbf5bc5d11ad8ca55306da931283a
 CVE-2021-3477 (There's a flaw in OpenEXR's deep tile sample size calculations in vers ...)
-	- openexr <unfixed>
+	- openexr <unfixed> (bug #986796)
 	[buster] - openexr <no-dsa> (Minor issue)
 	[stretch] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956
@@ -2388,19 +2388,19 @@ CVE-2021-29426
 CVE-2021-29425
 	RESERVED
 CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality in versi ...)
-	- openexr <unfixed>
+	- openexr <unfixed> (bug #986796)
 	[buster] - openexr <no-dsa> (Minor issue)
 	[stretch] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9
 CVE-2021-3475 (There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker  ...)
-	- openexr <unfixed>
+	- openexr <unfixed> (bug #986796)
 	[buster] - openexr <no-dsa> (Minor issue)
 	[stretch] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753
 CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted inp ...)
-	- openexr <unfixed>
+	- openexr <unfixed> (bug #986796)
 	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f
@@ -11348,7 +11348,7 @@ CVE-2021-3197 (An issue was discovered in SaltStack Salt before 3002.5. The salt
 CVE-2021-3196
 	RESERVED
 CVE-2021-3195 (** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a ne ...)
-	- bitcoin <unfixed>
+	NOTE: Disputed Bitcoin issue
 	NOTE: https://github.com/bitcoin/bitcoin/issues/20866
 CVE-2021-3194
 	RESERVED
@@ -24602,7 +24602,7 @@ CVE-2021-20297 [Setting match.path and activating a profiles crashes NetworkMana
 	NOTE: Introduced by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/3ced486f4162edcd03ff42fa27535130aff0c86c (1.26-rc2)
 	NOTE: Fixed by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/420784e342da4883f6debdfe10cde68507b10d27
 CVE-2021-20296 (A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted i ...)
-	- openexr <unfixed>
+	- openexr <unfixed> (bug #986796)
 	[buster] - openexr <no-dsa> (Minor issue)
 	[stretch] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854
@@ -31260,10 +31260,10 @@ CVE-2021-1407 (Multiple vulnerabilities in the web-based management interface of
 CVE-2021-1406 (A vulnerability in Cisco Unified Communications Manager (Unified CM) a ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1405 (A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) S ...)
-	- clamav <unfixed>
+	- clamav <unfixed> (bug #986790)
 	NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
 CVE-2021-1404 (A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) ...)
-	- clamav <unfixed>
+	- clamav <unfixed> (bug #986790)
 	NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
 CVE-2021-1403 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
 	NOT-FOR-US: Cisco
@@ -31568,7 +31568,7 @@ CVE-2021-1254
 CVE-2021-1253 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1252 (A vulnerability in the Excel XLM macro parsing module in Clam AntiViru ...)
-	- clamav <unfixed>
+	- clamav <unfixed> (bug #986790)
 	NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
 CVE-2021-1251 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
 	NOT-FOR-US: Cisco
@@ -42678,7 +42678,7 @@ CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in
 	NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2021-3409 (The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffectiv ...)
 	{DLA-2623-1}
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #986795)
 	[buster] - qemu <not-affected> (CVE-2020-17380/CVE-2020-25085 weren't backported to Buster)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/09/1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6391ad570e97a4e65458faefd6140054e7709ecc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6391ad570e97a4e65458faefd6140054e7709ecc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210412/7da6dfe7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list