[Git][security-tracker-team/security-tracker][master] track envoyproxy RFP

Wed Apr 28 14:19:21 BST 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b59246e8 by Moritz Mühlenhoff at 2021-04-28T15:18:00+02:00
track envoyproxy RFP

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5922,7 +5922,7 @@ CVE-2021-29259
 	RESERVED
 CVE-2021-29258
 	RESERVED
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2021-29257
 	RESERVED
 CVE-2021-29256
@@ -7174,10 +7174,10 @@ CVE-2021-28684
 	RESERVED
 CVE-2021-28683
 	RESERVED
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2021-28682
 	RESERVED
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connectio ...)
 	NOT-FOR-US: Pion WebRTC
 CVE-2021-28680
@@ -25190,7 +25190,7 @@ CVE-2021-21380 (XWiki Platform is a generic wiki platform offering runtime servi
 CVE-2021-21379 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2021-21378 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...)
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2021-21377 (OMERO.web is open source Django-based software for managing microscopy ...)
 	NOT-FOR-US: OMERO.web
 CVE-2021-21376 (OMERO.web is open source Django-based software for managing microscopy ...)
@@ -29207,9 +29207,9 @@ CVE-2020-35473
 CVE-2020-35472
 	RESERVED
 CVE-2020-35471 (Envoy before 1.16.1 mishandles dropped and truncated datagrams, as dem ...)
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2020-35470 (Envoy before 1.16.1 logs an incorrect downstream address because it co ...)
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2020-35469 (The Software AG Terracotta Server OSS Docker image 5.4.1 contains a bl ...)
 	NOT-FOR-US: Software AG Terracotta Server OSS Docker image
 CVE-2020-35468 (The Appbase streams Docker image 2.1.2 contains a blank password for t ...)
@@ -46293,9 +46293,9 @@ CVE-2020-25020 (MPXJ through 8.1.3 allows XXE attacks. This affects the GanttPro
 CVE-2020-25019 (jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the E ...)
 	NOT-FOR-US: jitsi-meet-electron
 CVE-2020-25018 (Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL ...)
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2020-25017 (Envoy through 1.15.0 only considers the first value when multiple head ...)
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2020-25015 (A specific router allows changing the Wi-Fi password remotely. Genexis ...)
 	NOT-FOR-US: Genexis Platinum 4410 V2-1.28
 CVE-2020-25014 (A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and  ...)
@@ -67406,7 +67406,7 @@ CVE-2020-15106 (In etcd before versions 3.3.23 and 3.4.10, a large slice causes
 CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the user's passwo ...)
 	NOT-FOR-US: Django Two-Factor Authentication
 CVE-2020-15104 (In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when valid ...)
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2020-15103 (In FreeRDP less than or equal to 2.1.2, an integer overflow exists due ...)
 	- freerdp2 2.2.0+dfsg1-1 (bug #965979)
 	[buster] - freerdp2 <no-dsa> (Minor issue)
@@ -74284,11 +74284,11 @@ CVE-2020-12607 (An issue was discovered in fastecdsa before 2.1.2. When using th
 CVE-2020-12606 (An issue was discovered in DB Soft SGLAC before 20.05.001. The Procedi ...)
 	NOT-FOR-US: DB Soft
 CVE-2020-12605 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive  ...)
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2020-12604 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to incr ...)
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2020-12603 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive  ...)
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2020-12602
 	RESERVED
 CVE-2020-12601
@@ -80740,7 +80740,7 @@ CVE-2020-10741
 CVE-2020-10740 (A vulnerability was found in Wildfly in versions before 20.0.0.Final,  ...)
 	- wildfly <itp> (bug #752018)
 CVE-2020-10739 (Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the foll ...)
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2020-10738 (A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ...)
 	- moodle <removed>
 CVE-2020-10737 (A race condition was found in the mkhomedir tool shipped with the oddj ...)
@@ -85847,17 +85847,17 @@ CVE-2020-8666
 CVE-2020-8665
 	RESERVED
 CVE-2020-8664 (CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS  ...)
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2020-8663 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descr ...)
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2020-8662
 	RESERVED
 CVE-2020-8661 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...)
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2020-8660 (CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could ha ...)
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2020-8659 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...)
-	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+	- envoyproxy <itp> (bug #987544)
 CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp- ...)
 	NOT-FOR-US: BestWebSoft Htaccess plugin for WordPress
 CVE-2020-8657 (An issue was discovered in EyesOfNetwork 5.3. The installation uses th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b59246e8f364284ef71f707be261e338ecf9790d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b59246e8f364284ef71f707be261e338ecf9790d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210428/4378b3ca/attachment.htm>
