[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Apr 30 09:10:44 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89fbe4c7 by security tracker role at 2021-04-30T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2021-3523
+	RESERVED
+CVE-2021-31921
+	RESERVED
+CVE-2021-31920
+	RESERVED
+CVE-2021-31919 (An issue was discovered in the rkyv crate before 0.6.0 for Rust. When  ...)
+	TODO: check
 CVE-2021-31918
 	RESERVED
 	NOT-FOR-US: tripleo-ansible
@@ -93,23 +101,19 @@ CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously form
 	NOT-FOR-US: Cesanta MongooseOS mJS
 CVE-2021-31874
 	RESERVED
-CVE-2021-31873 [malloc: Fail if requested size > PTRDIFF_MAX]
-	RESERVED
+CVE-2021-31873 (An issue was discovered in klibc before 2.0.9. Additions in the malloc ...)
 	- klibc 2.0.8-6
 	[buster] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data)
 	NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=a31ae8c508fc8d1bca4f57e9f9f88127572d5202
-CVE-2021-31872 [cpio: Fix possible integer overflow on 32-bit systems]
-	RESERVED
+CVE-2021-31872 (An issue was discovered in klibc before 2.0.9. Multiple possible integ ...)
 	- klibc 2.0.8-6
 	[buster] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data)
 	NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff
-CVE-2021-31871 [cpio: Fix possible crash on 64-bit systems]
-	RESERVED
+CVE-2021-31871 (An issue was discovered in klibc before 2.0.9. An integer overflow in  ...)
 	- klibc 2.0.8-6
 	[buster] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data)
 	NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5
-CVE-2021-31870 [calloc: Fail if multiplication overflows]
-	RESERVED
+CVE-2021-31870 (An issue was discovered in klibc before 2.0.9. Multiplication in the c ...)
 	- klibc 2.0.8-6
 	[buster] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data)
 	NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2
@@ -5466,8 +5470,8 @@ CVE-2021-29486
 	RESERVED
 CVE-2021-29485
 	RESERVED
-CVE-2021-29484
-	RESERVED
+CVE-2021-29484 (Ghost is a Node.js CMS. An unused endpoint added during the developmen ...)
+	TODO: check
 CVE-2021-29483 (ManageWiki is an extension to the MediaWiki project. The 'wikiconfig'  ...)
 	NOT-FOR-US: ManageWiki MediaWiki extension
 CVE-2021-29482 (xz is a compression and decompression library focusing on the xz forma ...)
@@ -5527,8 +5531,8 @@ CVE-2021-29469 (Node-redis is a Node.js Redis client. Before version 3.1.1, when
 	NOTE: https://github.com/NodeRedis/node-redis/issues/1569
 	NOTE: https://github.com/NodeRedis/node-redis/security/advisories/GHSA-35q2-47q7-3pc3
 	NOTE: https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e
-CVE-2021-29468
-	RESERVED
+CVE-2021-29468 (Cygwin Git is a patch set for the git command line tool for the cygwin ...)
+	TODO: check
 CVE-2021-29467 (Wrongthink is an encrypted peer-to-peer chat program. A user could che ...)
 	NOT-FOR-US: Wrongthink
 CVE-2021-29466 (Discord-Recon is a bot for the Discord chat service. In versions of Di ...)
@@ -60626,8 +60630,8 @@ CVE-2020-18072
 	RESERVED
 CVE-2020-18071
 	RESERVED
-CVE-2020-18070
-	RESERVED
+CVE-2020-18070 (Path Traversal in iCMS v7.0.13 allows remote attackers to delete folde ...)
+	TODO: check
 CVE-2020-18069
 	RESERVED
 CVE-2020-18068
@@ -60696,8 +60700,8 @@ CVE-2020-18037
 	RESERVED
 CVE-2020-18036
 	RESERVED
-CVE-2020-18035
-	RESERVED
+CVE-2020-18035 (Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to ...)
+	TODO: check
 CVE-2020-18034
 	RESERVED
 CVE-2020-18033
@@ -67278,8 +67282,8 @@ CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.
 	NOTE: https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
 CVE-2020-15226 (In GLPI before version 9.5.2, there is a SQL Injection in the API's se ...)
 	- glpi <removed>
-CVE-2020-15225
-	RESERVED
+CVE-2020-15225 (django-filter is a generic system for filtering Django QuerySets based ...)
+	TODO: check
 CVE-2020-15224 (In Open Enclave before version 0.12.0, an information disclosure vulne ...)
 	NOT-FOR-US: Open Enclave
 CVE-2020-15223 (In ORY Fosite (the security first OAuth2 & OpenID Connect framewor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89fbe4c7a2fe5d64448ccdf989f9a981a05e6863

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89fbe4c7a2fe5d64448ccdf989f9a981a05e6863
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210430/5a010984/attachment.htm>

More information about the debian-security-tracker-commits mailing list