[Git][security-tracker-team/security-tracker][master] automatic update

Sat Apr 24 21:10:33 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ada5739 by security tracker role at 2021-04-24T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2021-31795 (The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for th ...)
+	TODO: check
+CVE-2021-31794
+	RESERVED
+CVE-2021-31793
+	RESERVED
+CVE-2021-31792
+	RESERVED
 CVE-2021-31791 (In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext passw ...)
 	NOT-FOR-US: Sentry KM
 CVE-2021-31790
@@ -393,8 +401,8 @@ CVE-2021-31600
 	RESERVED
 CVE-2021-31599
 	RESERVED
-CVE-2021-31598
-	RESERVED
+CVE-2021-31598 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
+	TODO: check
 CVE-2021-31597 (The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL c ...)
 	- node-xmlhttprequest-ssl <unfixed>
 	[buster] - node-xmlhttprequest-ssl <ignored> (Minor issue, should possibly be removed from stable as well)
@@ -2418,6 +2426,7 @@ CVE-2021-XXXX [stack corruption when handling files with more than 64 audio chan
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/a339f8f9641382b92b43e6d146bdc5d87a9704f8 (1.18.4)
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/issues/92
 CVE-2021-3498 (GStreamer before 1.18.4 might cause heap corruption when parsing certa ...)
+	{DSA-4900-1}
 	[experimental] - gst-plugins-good1.0 1.18.4-1
 	- gst-plugins-good1.0 1.18.4-2 (bug #986911)
 	[stretch] - gst-plugins-good1.0 <not-affected> (Vulnerable code introduced later)
@@ -2425,6 +2434,7 @@ CVE-2021-3498 (GStreamer before 1.18.4 might cause heap corruption when parsing
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0
 	NOTE: Introduced by: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/f279bc5336dda19741a5996a108da42dd3201366
 CVE-2021-3497 (GStreamer before 1.18.4 might access already-freed memory in error cod ...)
+	{DSA-4900-1}
 	[experimental] - gst-plugins-good1.0 1.18.4-1
 	- gst-plugins-good1.0 1.18.4-2 (bug #986910)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0002.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ada57394d250de191d40bac6c6189266f81b3f7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ada57394d250de191d40bac6c6189266f81b3f7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210424/73dad10f/attachment.htm>
