[Git][security-tracker-team/security-tracker][master] automatic update

Sun Aug 1 21:10:26 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c160d7ee by security tracker role at 2021-08-01T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-37762
+	RESERVED
+CVE-2021-37761
+	RESERVED
 CVE-2021-37760 (A Session ID leak in the audit log in Graylog before 4.1.2 allows atta ...)
 	- graylog2 <itp> (bug #652273)
 CVE-2021-37759 (A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows ...)
@@ -2029,7 +2033,7 @@ CVE-2020-36428 (matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a hea
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2020-799.yaml
 CVE-2019-25051 (objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acom ...)
-	{DLA-2720-1}
+	{DSA-4948-1 DLA-2720-1}
 	- aspell 0.60.8-3 (bug #991307)
 	NOTE: https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml
@@ -12901,8 +12905,7 @@ CVE-2021-32068
 	RESERVED
 CVE-2021-32067
 	RESERVED
-CVE-2021-32066 [A StartTLS stripping vulnerability in Net::IMAP]
-	RESERVED
+CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
 	- ruby2.7 2.7.4-1 (bug #990815)
 	- ruby2.5 <removed>
 	- ruby2.3 <removed>
@@ -122242,6 +122245,7 @@ CVE-2019-18825 (Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200
 CVE-2019-18824 (Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Miss ...)
 	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
 CVE-2019-18823 (HTCondor up to and including stable series 8.8.6 and development serie ...)
+	{DLA-2724-1}
 	- condor <unfixed> (bug #963777)
 	NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0003.html
 	NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html
@@ -128923,7 +128927,7 @@ CVE-2019-17545 (GDAL through 3.0.1 has a poolDestroy double free in OGRExpatReal
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
 	NOTE: https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb
 CVE-2019-17544 (libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over- ...)
-	{DLA-2720-1 DLA-1966-1}
+	{DSA-4948-1 DLA-2720-1 DLA-1966-1}
 	- aspell 0.60.8-1 (low)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109
 	NOTE: https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c160d7eea5fae8db78376c4c062be4cbcadab1ea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c160d7eea5fae8db78376c4c062be4cbcadab1ea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210801/04f9fbaa/attachment.htm>
