[Git][security-tracker-team/security-tracker][master] automatic update

Sun Apr 18 21:10:35 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b1e6779 by security tracker role at 2021-04-18T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9906,6 +9906,7 @@ CVE-2021-3406 (A flaw was found in keylime 5.8.1 and older. The issue in the Key
 	NOT-FOR-US: Keylime
 	NOTE: https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m
 CVE-2021-3405 (A flaw was found in libebml before 1.4.2. A heap overflow bug exists i ...)
+	{DLA-2629-1}
 	- libebml 1.4.2-1 (bug #982597)
 	[buster] - libebml <no-dsa> (Minor issue)
 	NOTE: https://github.com/Matroska-Org/libebml/issues/74
@@ -17249,7 +17250,7 @@ CVE-2021-23981 (A texture upload of a Pixel Buffer Object could have confused th
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23981
 CVE-2021-23980 [mutation XSS via allowed math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with strip_comments=False]
 	RESERVED
-	{DLA-2620-1}
+	{DSA-4892-1 DLA-2620-1}
 	- python-bleach 3.2.1-2.1 (bug #986251)
 	NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1689399
@@ -18609,22 +18610,22 @@ CVE-2021-23383
 	RESERVED
 CVE-2021-23382
 	RESERVED
-CVE-2021-23381
-	RESERVED
-CVE-2021-23380
-	RESERVED
-CVE-2021-23379
-	RESERVED
-CVE-2021-23378
-	RESERVED
-CVE-2021-23377
-	RESERVED
-CVE-2021-23376
-	RESERVED
-CVE-2021-23375
-	RESERVED
-CVE-2021-23374
-	RESERVED
+CVE-2021-23381 (This affects all versions of package killing. If attacker-controlled u ...)
+	TODO: check
+CVE-2021-23380 (This affects all versions of package roar-pidusage. If attacker-contro ...)
+	TODO: check
+CVE-2021-23379 (This affects all versions of package portkiller. If (attacker-controll ...)
+	TODO: check
+CVE-2021-23378 (This affects all versions of package picotts. If attacker-controlled u ...)
+	TODO: check
+CVE-2021-23377 (This affects all versions of package onion-oled-js. If attacker-contro ...)
+	TODO: check
+CVE-2021-23376 (This affects all versions of package ffmpegdotjs. If attacker-controll ...)
+	TODO: check
+CVE-2021-23375 (This affects all versions of package psnode. If attacker-controlled us ...)
+	TODO: check
+CVE-2021-23374 (This affects all versions of package ps-visitor. If attacker-controlle ...)
+	TODO: check
 CVE-2021-23373
 	RESERVED
 CVE-2021-23372 (All versions of package mongo-express are vulnerable to Denial of Serv ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b1e67798c0198a473fc41d7ce71b46b03331f93

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b1e67798c0198a473fc41d7ce71b46b03331f93
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210418/dc95c19a/attachment.htm>
