[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Apr 21 09:10:35 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65324cef by security tracker role at 2021-04-21T08:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-3510
+	RESERVED
+CVE-2021-3509
+	RESERVED
+CVE-2021-31521
+	RESERVED
+CVE-2021-31520
+	RESERVED
+CVE-2021-31519
+	RESERVED
+CVE-2021-31518
+	RESERVED
+CVE-2021-31517
+	RESERVED
 CVE-2021-3508 [infinite loop in get_xref_linear_skipped() in pdf.c]
 	RESERVED
 	- pdfresurrect <unfixed>
@@ -3433,6 +3447,7 @@ CVE-2021-29951
 	RESERVED
 CVE-2021-29950
 	RESERVED
+	{DSA-4876-1}
 	- thunderbird 1:78.9.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-17/#CVE-2021-29950
 	NOTE: Was fixed in 78.8.1 (typo in advisory title)
@@ -4533,15 +4548,14 @@ CVE-2021-29464
 	RESERVED
 CVE-2021-29463
 	RESERVED
-CVE-2021-29462 [DNS rebinding vulnerability in pupnp]
-	RESERVED
+CVE-2021-29462 (The Portable SDK for UPnP Devices is an SDK for development of UPnP de ...)
 	- pupnp-1.8 <unfixed>
 	- libupnp <removed>
 	NOTE: https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg
 	NOTE: https://github.com/pupnp/pupnp/commit/21fd85815da7ed2578d0de7cac4c433008f0ecd4
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/20/4
-CVE-2021-29461
-	RESERVED
+CVE-2021-29461 (### Impact - This issue could be exploited to read internal files from ...)
+	TODO: check
 CVE-2021-29460
 	RESERVED
 CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -4571,6 +4585,7 @@ CVE-2021-29452 (a12n-server is an npm package which aims to provide a simple aut
 CVE-2021-29451 (Portofino is an open source web development framework. Portofino befor ...)
 	NOT-FOR-US: Portofino
 CVE-2021-29450 (Wordpress is an open source CMS. One of the blocks in the WordPress ed ...)
+	{DLA-2630-1}
 	- wordpress 5.7.1+dfsg1-1 (bug #987065)
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
 CVE-2021-29449 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...)
@@ -4578,6 +4593,7 @@ CVE-2021-29449 (Pi-hole is a Linux network-level advertisement and Internet trac
 CVE-2021-29448 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...)
 	NOT-FOR-US: Pi-hole
 CVE-2021-29447 (Wordpress is an open source CMS. A user with the ability to upload fil ...)
+	{DLA-2630-1}
 	- wordpress 5.7.1+dfsg1-1 (unimportant)
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh
 	NOTE: Only an issue when installation runs under PHP8.
@@ -5674,8 +5690,7 @@ CVE-2021-28967 (The unofficial MATLAB extension before 2.0.1 for Visual Studio C
 	NOT-FOR-US: MATLAB extenstion for vscode
 CVE-2021-28966
 	RESERVED
-CVE-2021-28965
-	RESERVED
+CVE-2021-28965 (The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, a ...)
 	- ruby2.7 2.7.3-1 (bug #986807)
 	- ruby2.5 <removed>
 	[buster] - ruby2.5 <postponed> (Minor issue, can be fixed along with next update)
@@ -28624,8 +28639,8 @@ CVE-2020-35316
 	RESERVED
 CVE-2020-35315
 	RESERVED
-CVE-2020-35314
-	RESERVED
+CVE-2020-35314 (An OS command injection vulnerability in the installUpdateThemePluginA ...)
+	TODO: check
 CVE-2020-35313 (A server-side request forgery (SSRF) vulnerability in the addCustomThe ...)
 	NOT-FOR-US: WonderCMS
 CVE-2020-35312
@@ -87203,8 +87218,8 @@ CVE-2020-7859
 	RESERVED
 CVE-2020-7858
 	RESERVED
-CVE-2020-7857
-	RESERVED
+CVE-2020-7857 (A vulnerability of XPlatform could allow an unauthenticated attacker t ...)
+	TODO: check
 CVE-2020-7856 (A vulnerability of Helpcom could allow an unauthenticated attacker to  ...)
 	NOT-FOR-US: Helpcom
 CVE-2020-7855



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65324cef025f24f0cfa46b772e6ad893a15de39f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65324cef025f24f0cfa46b772e6ad893a15de39f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210421/fba5f5c7/attachment.htm>

More information about the debian-security-tracker-commits mailing list