[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Apr 20 09:10:35 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
09ae9916 by security tracker role at 2021-04-20T08:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,8 +2,7 @@ CVE-2021-3508
 	RESERVED
 CVE-2021-3507
 	RESERVED
-CVE-2021-3506 [Out of bounds memory access bug in get_next_net_page() in fs/f2fs/node.c]
-	RESERVED
+CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c  ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2
 	NOTE: https://lore.kernel.org/lkml/20210322114730.71103-1-yuchao0@huawei.com/
@@ -13,8 +12,7 @@ CVE-2021-XXXX [xscreensaver allows starting external programs with cap_net_raw]
 	[stretch] - xscreensaver <no-dsa> (Minor issue)
 	NOTE: Fixed upstream in 6.00 (no public version control): https://twitter.com/jwz/status/1383503845217554444
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/17/1
-CVE-2021-3505
-	RESERVED
+CVE-2021-3505 (A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implem ...)
 	- libtpms 0.8.0~dev1-1
 	NOTE: https://github.com/stefanberger/libtpms/issues/183
 	NOTE: https://github.com/stefanberger/libtpms/commit/625171be0c8225824740b5d0fb7e8562f6a1c6a8 (v0.8.0)
@@ -1824,14 +1822,12 @@ CVE-2017-20004 (In the standard library in Rust before 1.19.0, there is a synchr
 	NOTE: https://github.com/rust-lang/rust/pull/41624
 CVE-2015-20002
 	RESERVED
-CVE-2021-3498 [gstreamer-plugins-good: Heap corruption in matroska demuxing]
-	RESERVED
+CVE-2021-3498 (GStreamer before 1.18.4 might cause heap corruption when parsing certa ...)
 	[experimental] - gst-plugins-good1.0 1.18.4-1
 	- gst-plugins-good1.0 <unfixed> (bug #986911)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0003.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0?merge_request_iid=903
-CVE-2021-3497 [gstreamer-plugins-good: Use-after-free in matroska demuxing]
-	RESERVED
+CVE-2021-3497 (GStreamer before 1.18.4 might access already-freed memory in error cod ...)
 	[experimental] - gst-plugins-good1.0 1.18.4-1
 	- gst-plugins-good1.0 <unfixed> (bug #986910)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0002.html
@@ -2819,8 +2815,8 @@ CVE-2021-30201
 	RESERVED
 CVE-2021-30200
 	RESERVED
-CVE-2021-30199
-	RESERVED
+CVE-2021-30199 (In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Derefe ...)
+	TODO: check
 CVE-2021-30198
 	RESERVED
 CVE-2021-30197
@@ -3272,24 +3268,24 @@ CVE-2021-30024
 	RESERVED
 CVE-2021-30023
 	RESERVED
-CVE-2021-30022
-	RESERVED
+CVE-2021-30022 (There is a integer overflow in media_tools/av_parsers.c in the gf_avc_ ...)
+	TODO: check
 CVE-2021-30021
 	RESERVED
-CVE-2021-30020
-	RESERVED
-CVE-2021-30019
-	RESERVED
+CVE-2021-30020 (In the function gf_hevc_read_pps_bs_internal function in media_tools/a ...)
+	TODO: check
+CVE-2021-30019 (In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0 ...)
+	TODO: check
 CVE-2021-30018
 	RESERVED
 CVE-2021-30017
 	RESERVED
 CVE-2021-30016
 	RESERVED
-CVE-2021-30015
-	RESERVED
-CVE-2021-30014
-	RESERVED
+CVE-2021-30015 (There is a Null Pointer Dereference in function filter_core/filter_pck ...)
+	TODO: check
+CVE-2021-30014 (There is a integer overflow in media_tools/av_parsers.c in the hevc_pa ...)
+	TODO: check
 CVE-2021-30013
 	RESERVED
 CVE-2021-30012
@@ -4949,8 +4945,8 @@ CVE-2021-29281
 	RESERVED
 CVE-2021-29280
 	RESERVED
-CVE-2021-29279
-	RESERVED
+CVE-2021-29279 (There is a integer overflow in function filter_core/filter_props.c:gf_ ...)
+	TODO: check
 CVE-2021-29278
 	RESERVED
 CVE-2021-29277
@@ -9148,8 +9144,8 @@ CVE-2021-27460
 	RESERVED
 CVE-2021-27459
 	RESERVED
-CVE-2021-27458
-	RESERVED
+CVE-2021-27458 (If Ethernet communication of the JTEKT Corporation TOYOPUC product ser ...)
+	TODO: check
 CVE-2021-27457
 	RESERVED
 CVE-2021-27456
@@ -19201,14 +19197,14 @@ CVE-2021-3040
 	RESERVED
 CVE-2021-3039
 	RESERVED
-CVE-2021-3038
-	RESERVED
-CVE-2021-3037
-	RESERVED
-CVE-2021-3036
-	RESERVED
-CVE-2021-3035
-	RESERVED
+CVE-2021-3038 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...)
+	TODO: check
+CVE-2021-3037 (An information exposure through log file vulnerability exists in Palo  ...)
+	TODO: check
+CVE-2021-3036 (An information exposure through log file vulnerability exists in Palo  ...)
+	TODO: check
+CVE-2021-3035 (An unsafe deserialization vulnerability in Bridgecrew Checkov by Prism ...)
+	TODO: check
 CVE-2021-3034 (An information exposure through log file vulnerability exists in Corte ...)
 	NOT-FOR-US: Cortex XSOAR software (Palo Alto Networks)
 CVE-2021-3033 (An improper verification of cryptographic signature vulnerability exis ...)
@@ -27444,8 +27440,7 @@ CVE-2021-20209
 	[buster] - privoxy 3.0.28-2+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c62254a686dcd40e3b6e5753d0c7c0308209a7b6 (3.0.29)
-CVE-2021-20208 [Container can use kerberos cache from the host via mount.cifs/cifs.upcall]
-	RESERVED
+CVE-2021-20208 (A flaw was found in cifs-utils in versions before 6.13. A user when mo ...)
 	- cifs-utils <unfixed>
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14651
 	NOTE: https://lists.samba.org/archive/samba-technical/2021-April/136467.html
@@ -39965,10 +39960,10 @@ CVE-2020-27243
 	RESERVED
 CVE-2020-27242
 	RESERVED
-CVE-2020-27241
-	RESERVED
-CVE-2020-27240
-	RESERVED
+CVE-2020-27241 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
+	TODO: check
+CVE-2020-27240 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
+	TODO: check
 CVE-2020-27239 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
 	NOT-FOR-US: OpenClinic
 CVE-2020-27238 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09ae9916ef472ac85089db1b1e4850bef8b0f948

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09ae9916ef472ac85089db1b1e4850bef8b0f948
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210420/8ad29839/attachment.htm>

More information about the debian-security-tracker-commits mailing list