[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Aug 1 21:10:26 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c160d7ee by security tracker role at 2021-08-01T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-37762
+ RESERVED
+CVE-2021-37761
+ RESERVED
CVE-2021-37760 (A Session ID leak in the audit log in Graylog before 4.1.2 allows atta ...)
- graylog2 <itp> (bug #652273)
CVE-2021-37759 (A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows ...)
@@ -2029,7 +2033,7 @@ CVE-2020-36428 (matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a hea
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2020-799.yaml
CVE-2019-25051 (objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acom ...)
- {DLA-2720-1}
+ {DSA-4948-1 DLA-2720-1}
- aspell 0.60.8-3 (bug #991307)
NOTE: https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml
@@ -12901,8 +12905,7 @@ CVE-2021-32068
RESERVED
CVE-2021-32067
RESERVED
-CVE-2021-32066 [A StartTLS stripping vulnerability in Net::IMAP]
- RESERVED
+CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
- ruby2.3 <removed>
@@ -122242,6 +122245,7 @@ CVE-2019-18825 (Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200
CVE-2019-18824 (Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Miss ...)
NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18823 (HTCondor up to and including stable series 8.8.6 and development serie ...)
+ {DLA-2724-1}
- condor <unfixed> (bug #963777)
NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0003.html
NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html
@@ -128923,7 +128927,7 @@ CVE-2019-17545 (GDAL through 3.0.1 has a poolDestroy double free in OGRExpatReal
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
NOTE: https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb
CVE-2019-17544 (libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over- ...)
- {DLA-2720-1 DLA-1966-1}
+ {DSA-4948-1 DLA-2720-1 DLA-1966-1}
- aspell 0.60.8-1 (low)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109
NOTE: https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c160d7eea5fae8db78376c4c062be4cbcadab1ea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c160d7eea5fae8db78376c4c062be4cbcadab1ea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210801/04f9fbaa/attachment.htm>
More information about the debian-security-tracker-commits
mailing list