[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Apr 25 09:10:33 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6785f406 by security tracker role at 2021-04-25T08:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2021-31795 (The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for th ...)
 	NOT-FOR-US: PowerVR GPU kernel driver (OOT)
-CVE-2021-31794
-	RESERVED
+CVE-2021-31794 (Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP Use ...)
+	TODO: check
 CVE-2021-31793
 	RESERVED
 CVE-2021-31792
@@ -172,8 +172,8 @@ CVE-2021-31714
 	RESERVED
 CVE-2021-31713
 	RESERVED
-CVE-2021-31712
-	RESERVED
+CVE-2021-31712 (react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a j ...)
+	TODO: check
 CVE-2021-31711
 	RESERVED
 CVE-2021-31710
@@ -2736,8 +2736,8 @@ CVE-2021-30504
 	RESERVED
 CVE-2021-30503 (The unofficial GLSL Linting extension before 1.4.0 for Visual Studio C ...)
 	NOT-FOR-US: GLSL Linting extension for Visual Studio Code
-CVE-2021-30502
-	RESERVED
+CVE-2021-30502 (The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) ...)
+	TODO: check
 CVE-2021-3495
 	RESERVED
 CVE-2021-3494
@@ -20788,6 +20788,7 @@ CVE-2021-22698 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulne
 CVE-2021-22697 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
 	NOT-FOR-US: EcoStruxure Power Build
 CVE-2020-36189 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2996
@@ -20795,6 +20796,7 @@ CVE-2020-36189 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 	NOTE: but still an issue when Default Typing is enabled.
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4
 CVE-2020-36188 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2996
@@ -20802,6 +20804,7 @@ CVE-2020-36188 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 	NOTE: but still an issue when Default Typing is enabled.
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4
 CVE-2020-36187 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2997
@@ -20809,6 +20812,7 @@ CVE-2020-36187 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 	NOTE: but still an issue when Default Typing is enabled.
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1
 CVE-2020-36186 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2997
@@ -20816,6 +20820,7 @@ CVE-2020-36186 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 	NOTE: but still an issue when Default Typing is enabled.
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1
 CVE-2020-36185 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2998
@@ -20823,6 +20828,7 @@ CVE-2020-36185 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 	NOTE: but still an issue when Default Typing is enabled.
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a
 CVE-2020-36184 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2998
@@ -20830,6 +20836,7 @@ CVE-2020-36184 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 	NOTE: but still an issue when Default Typing is enabled.
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a
 CVE-2020-36183 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/3003
@@ -20837,6 +20844,7 @@ CVE-2020-36183 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 	NOTE: but still an issue when Default Typing is enabled.
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/1cddeaf9524e903d08a91fdd9f3dde46d2a68536
 CVE-2020-36182 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
@@ -20844,6 +20852,7 @@ CVE-2020-36182 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 	NOTE: but still an issue when Default Typing is enabled.
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
 CVE-2020-36181 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
@@ -20851,6 +20860,7 @@ CVE-2020-36181 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 	NOTE: but still an issue when Default Typing is enabled.
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
 CVE-2020-36180 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
@@ -20858,6 +20868,7 @@ CVE-2020-36180 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 	NOTE: but still an issue when Default Typing is enabled.
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
 CVE-2020-36179 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
@@ -24532,6 +24543,7 @@ CVE-2020-35730 (An XSS issue was discovered in Roundcube Webmail before 1.2.13,
 CVE-2020-35729 (KLog Server 2.4.1 allows OS command injection via shell metacharacters ...)
 	NOT-FOR-US: KLog Server
 CVE-2020-35728 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2999
@@ -28210,6 +28222,7 @@ CVE-2021-20191
 	NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227
 	NOTE: https://github.com/ansible-collections/cisco.nxos/commit/120956963f47502151a358e4a7bc2a87f71813aa
 CVE-2021-20190 (A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishan ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2854
@@ -28723,6 +28736,7 @@ CVE-2020-35492 (A flaw was found in cairo's image-compositor.c in all versions p
 	NOTE: Additional meson support (test): https://gitlab.freedesktop.org/cairo/cairo/-/commit/0677e0a94968447e132c69f58cb04e5377e0c828
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1898396
 CVE-2020-35491 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2986
@@ -28730,6 +28744,7 @@ CVE-2020-35491 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 	NOTE: but still an issue when Default Typing is enabled.
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d
 CVE-2020-35490 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2986
@@ -46589,6 +46604,7 @@ CVE-2020-24752
 CVE-2020-24751
 	RESERVED
 CVE-2020-24750 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2798
@@ -46883,6 +46899,7 @@ CVE-2020-24618 (In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008,
 CVE-2020-24617 (Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribe ...)
 	NOT-FOR-US: Mailtrain
 CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...)
+	{DLA-2638-1}
 	- jackson-databind 2.12.1-1
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2814
@@ -74311,6 +74328,7 @@ CVE-2020-12462 (The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF
 CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an in ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2020-12460 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper nul ...)
+	{DLA-2639-1}
 	- opendmarc 1.4.0~beta1+dfsg-3 (bug #966464)
 	[buster] - opendmarc <no-dsa> (Minor issue)
 	NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/64



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6785f406a08df6ade848cf353b5ace8e5f318688

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6785f406a08df6ade848cf353b5ace8e5f318688
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210425/11ebe256/attachment.htm>

More information about the debian-security-tracker-commits mailing list