[Git][security-tracker-team/security-tracker][master] more bugs filed
Moritz Muehlenhoff
jmm at debian.org
Mon Apr 12 11:18:18 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
13fff8ed by Moritz Mühlenhoff at 2021-04-12T12:17:51+02:00
more bugs filed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,11 +19,11 @@ CVE-2021-30489
CVE-2021-30488
RESERVED
CVE-2020-36318 (In the standard library in Rust before 1.49.0, VecDeque::make_contiguo ...)
- - rustc <unfixed>
+ - rustc <unfixed> (bug #986803)
NOTE: https://github.com/rust-lang/rust/issues/79808
NOTE: https://github.com/rust-lang/rust/pull/79814
CVE-2020-36317 (In the standard library in Rust before 1.49.0, String::retain() functi ...)
- - rustc <unfixed>
+ - rustc <unfixed> (bug #986803)
NOTE: https://github.com/rust-lang/rust/issues/78498
NOTE: https://github.com/rust-lang/rust/pull/78499
CVE-2015-20001 (In the standard library in Rust before 1.2.0, BinaryHeap is not panic- ...)
@@ -1273,7 +1273,7 @@ CVE-2021-29941 (An issue was discovered in the reorder crate through 2021-02-24
CVE-2021-29940 (An issue was discovered in the through crate through 2021-02-18 for Ru ...)
NOT-FOR-US: Rust crate through
CVE-2021-29939 (An issue was discovered in the stackvector crate through 2021-02-19 fo ...)
- - rust-stackvector <unfixed>
+ - rust-stackvector <unfixed> (bug #986808)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0048.html
CVE-2021-29938 (An issue was discovered in the slice-deque crate through 2021-02-19 fo ...)
NOT-FOR-US: Rust crate slice-deque
@@ -3415,9 +3415,10 @@ CVE-2021-28966
RESERVED
CVE-2021-28965
RESERVED
- - ruby2.7 <unfixed>
+ - ruby2.7 <unfixed> (bug #986807)
- ruby2.5 <removed>
- ruby2.3 <removed>
+ - ruby-rexml <removed> (bug #986806)
NOTE: https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
CVE-2021-28972 (In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5. ...)
- linux 5.10.26-1
@@ -3626,22 +3627,22 @@ CVE-2021-28881
CVE-2021-28880
RESERVED
CVE-2021-28879 (In the standard library in Rust before 1.52.0, the Zip implementation ...)
- - rustc <unfixed>
+ - rustc <unfixed> (bug #986803)
NOTE: https://github.com/rust-lang/rust/issues/82282
NOTE: https://github.com/rust-lang/rust/pull/82289
CVE-2021-28878 (In the standard library in Rust before 1.52.0, the Zip implementation ...)
- - rustc <unfixed>
+ - rustc <unfixed> (bug #986803)
NOTE: https://github.com/rust-lang/rust/issues/82291
NOTE: https://github.com/rust-lang/rust/pull/82292
CVE-2021-28877 (In the standard library in Rust before 1.51.0, the Zip implementation ...)
- - rustc <unfixed>
+ - rustc <unfixed> (bug #986803)
NOTE: https://github.com/rust-lang/rust/pull/80670
CVE-2021-28876 (In the standard library in Rust before 1.52.0, the Zip implementation ...)
- - rustc <unfixed>
+ - rustc <unfixed> (bug #986803)
NOTE: https://github.com/rust-lang/rust/issues/81740
NOTE: https://github.com/rust-lang/rust/pull/81741
CVE-2021-28875 (In the standard library in Rust before 1.50.0, read_to_end() does not ...)
- - rustc <unfixed>
+ - rustc <unfixed> (bug #986803)
NOTE: https://github.com/rust-lang/rust/issues/80894
NOTE: https://github.com/rust-lang/rust/pull/80895
CVE-2021-28874 (SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contai ...)
@@ -4116,7 +4117,7 @@ CVE-2021-28658 (In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3
NOTE: https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd (main)
NOTE: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 (2.2.20)
CVE-2021-28657 (A carefully crafted or corrupt file may trigger an infinite loop in Ti ...)
- - tika <unfixed>
+ - tika <unfixed> (bug #986805)
[buster] - tika <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/03/30/3
CVE-2021-28656
@@ -5352,7 +5353,7 @@ CVE-2021-28117 (libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover
NOTE: Plasma 5.21: https://commits.kde.org/plasma/discover/94478827aab63d2e2321f0ca9ec5553718798e60
NOTE: Plasma 5.18: https://commits.kde.org/plasma/discover/fcd3b30552bf03a384b1a16f9bb8db029c111356
CVE-2021-28116 (Squid through 4.14 and 5.x through 5.0.5, in some configurations, allo ...)
- - squid <unfixed>
+ - squid <unfixed> (bug #986804)
[buster] - squid <postponed> (Minor issue, revisit once fixed upstream)
- squid3 <removed>
[stretch] - squid3 <postponed> (Check later when information is public)
@@ -17387,7 +17388,7 @@ CVE-2021-22891
CVE-2021-22890 (curl 7.63.0 to and including 7.75.0 includes vulnerability that allows ...)
{DSA-4881-1}
- curl 7.74.0-1.2 (bug #986270)
- [stretch] - curl <not-affected> (Vunerable code introduced later)
+ [stretch] - curl <not-affected> (Vulnerable code introduced later)
NOTE: https://curl.se/docs/CVE-2021-22890.html
NOTE: Fixed by: https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844
CVE-2021-22889 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnera ...)
@@ -24589,7 +24590,7 @@ CVE-2021-20298
RESERVED
CVE-2021-20297 [Setting match.path and activating a profiles crashes NetworkManager]
RESERVED
- - network-manager <unfixed>
+ - network-manager <unfixed> (bug #986809)
[buster] - network-manager <not-affected> (Vulnerable code introduced later)
[stretch] - network-manager <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942741 (not yet public)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13fff8ed9da5296ced92d097a3067cd07c3b729e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13fff8ed9da5296ced92d097a3067cd07c3b729e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210412/faf75611/attachment.htm>
More information about the debian-security-tracker-commits
mailing list