[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 17 09:10:27 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4531c232 by security tracker role at 2021-04-17T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2108,8 +2108,7 @@ CVE-2021-3495
CVE-2021-3494
RESERVED
- foreman <itp> (bug #663101)
-CVE-2021-3493
- RESERVED
+CVE-2021-3493 (The overlayfs implementation in the linux kernel did not properly vali ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1
CVE-2021-30501
@@ -2179,8 +2178,7 @@ CVE-2021-30481 (Valve Steam through 2021-04-10, when a Source engine game is ins
NOT-FOR-US: Valve Steam
NOTE: Debian ships an installer as src:steam, but it auto-updates whenever Steam
NOTE: is started, so nothing really to be updated there
-CVE-2021-3492
- RESERVED
+CVE-2021-3492 (Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1
NOTE: Debian does not include the (not yet upstream accepted) shiftfs
@@ -4485,10 +4483,10 @@ CVE-2021-29454
RESERVED
CVE-2021-29453
RESERVED
-CVE-2021-29452
- RESERVED
-CVE-2021-29451
- RESERVED
+CVE-2021-29452 (a12n-server is an npm package which aims to provide a simple authentic ...)
+ TODO: check
+CVE-2021-29451 (Portofino is an open source web development framework. Portofino befor ...)
+ TODO: check
CVE-2021-29450 (Wordpress is an open source CMS. One of the blocks in the WordPress ed ...)
- wordpress 5.7.1+dfsg1-1 (bug #987065)
NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
@@ -4501,12 +4499,12 @@ CVE-2021-29447 (Wordpress is an open source CMS. A user with the ability to uplo
[stretch] - wordpress <postponed> (Minor issue; only vulnerable under PHP8)
NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh
NOTE: Only an issue when installation runs under PHP8.
-CVE-2021-29446
- RESERVED
-CVE-2021-29445
- RESERVED
-CVE-2021-29444
- RESERVED
+CVE-2021-29446 (jose-node-cjs-runtime is an npm package which provides a number of cry ...)
+ TODO: check
+CVE-2021-29445 (jose-node-esm-runtime is an npm package which provides a number of cry ...)
+ TODO: check
+CVE-2021-29444 (jose-browser-runtime is an npm package which provides a number of cryp ...)
+ TODO: check
CVE-2021-29443 (jose is an npm library providing a number of cryptographic operations. ...)
TODO: check
CVE-2021-29442
@@ -9243,8 +9241,8 @@ CVE-2021-27396
RESERVED
CVE-2021-27395
RESERVED
-CVE-2021-27394
- RESERVED
+CVE-2021-27394 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ TODO: check
CVE-2021-27393
RESERVED
CVE-2021-27392
@@ -14280,8 +14278,8 @@ CVE-2020-36197
RESERVED
CVE-2020-36196
RESERVED
-CVE-2020-36195
- RESERVED
+CVE-2020-36195 (An SQL injection vulnerability has been reported to affect QNAP NAS ru ...)
+ TODO: check
CVE-2020-36194
RESERVED
CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...)
@@ -18718,7 +18716,7 @@ CVE-2021-23337 (Lodash versions prior to 4.17.21 are vulnerable to Command Injec
[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1040724
CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ...)
- {DLA-2619-1 DLA-2569-1}
+ {DLA-2628-1 DLA-2619-1 DLA-2569-1}
- python-django 2:2.2.19-1 (bug #983090)
[buster] - python-django <no-dsa> (Minor issue; can be fixed via point release)
- python3.9 3.9.2-1
@@ -101076,8 +101074,8 @@ CVE-2018-21033 (A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hita
NOT-FOR-US: Hitachi
CVE-2018-21032 (A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi ...)
NOT-FOR-US: Hitachi
-CVE-2020-2509
- RESERVED
+CVE-2020-2509 (A command injection vulnerability has been reported to affect QTS and ...)
+ TODO: check
CVE-2020-2508 (A command injection vulnerability has been reported to affect QTS and ...)
NOT-FOR-US: QNAP
CVE-2020-2507 (The vulnerability have been reported to affect earlier versions of QTS ...)
@@ -113774,7 +113772,7 @@ CVE-2019-16937
CVE-2019-16936
RESERVED
CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x through ...)
- {DLA-2280-1}
+ {DLA-2628-1 DLA-2280-1}
- python3.8 3.8.0~rc1-1
- python3.7 3.7.5~rc1-1
[buster] - python3.7 3.7.3-2+deb10u1
@@ -145175,11 +145173,11 @@ CVE-2019-6840 (A Format String: CWE-134 vulnerability exists in U.motion Server
NOT-FOR-US: Schneider
CVE-2019-6839 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...)
NOT-FOR-US: Schneider
-CVE-2019-6838 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...)
+CVE-2019-6838 (A CWE-863: Incorrect Authorization vulnerability exists in U.motion Se ...)
NOT-FOR-US: Schneider
CVE-2019-6837 (A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in ...)
NOT-FOR-US: Schneider
-CVE-2019-6836 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...)
+CVE-2019-6836 (A CWE-863: Incorrect Authorization vulnerability exists in U.motion Se ...)
NOT-FOR-US: Schneider
CVE-2019-6835 (A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion S ...)
NOT-FOR-US: Schneider
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4531c232edaeae8abbdc67db1449fdd91bdacbb3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4531c232edaeae8abbdc67db1449fdd91bdacbb3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210417/f897ac99/attachment.htm>
More information about the debian-security-tracker-commits
mailing list