[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 5 09:10:29 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
080817a7 by security tracker role at 2021-08-05T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2021-38135
+	RESERVED
+CVE-2021-38134
+	RESERVED
+CVE-2021-38133
+	RESERVED
+CVE-2021-38132
+	RESERVED
+CVE-2021-38131
+	RESERVED
+CVE-2021-38130
+	RESERVED
+CVE-2021-38129
+	RESERVED
+CVE-2021-38128
+	RESERVED
+CVE-2021-38127
+	RESERVED
+CVE-2021-38126
+	RESERVED
+CVE-2021-38125
+	RESERVED
+CVE-2021-38124
+	RESERVED
+CVE-2021-38123
+	RESERVED
+CVE-2021-38122
+	RESERVED
+CVE-2021-38121
+	RESERVED
+CVE-2021-38120
+	RESERVED
+CVE-2021-38119
+	RESERVED
+CVE-2021-38118
+	RESERVED
+CVE-2021-38117
+	RESERVED
+CVE-2021-38116
+	RESERVED
+CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...)
+	TODO: check
+CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of ...)
+	TODO: check
+CVE-2021-3687
+	RESERVED
+CVE-2021-3686
+	RESERVED
+CVE-2021-3685
+	RESERVED
+CVE-2021-3684
+	RESERVED
+CVE-2021-3683
+	RESERVED
 CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) t ...)
 	NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif)
 CVE-2021-38112
@@ -1860,7 +1914,7 @@ CVE-2021-37231 (A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.
 	- atomicparsley <undetermined>
 	NOTE: https://github.com/wez/atomicparsley/issues/30
 	NOTE: https://github.com/wez/atomicparsley/pull/31#issue-687280335
-        TODO: check, old version in Debian possibly unaffected, gtkpod embedds atomic-parsley and might be affected
+	TODO: check, old version in Debian possibly unaffected, gtkpod embedds atomic-parsley and might be affected
 CVE-2021-37230
 	RESERVED
 CVE-2021-37229
@@ -2804,18 +2858,18 @@ CVE-2019-25050 (netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer over
 	NOTE: https://github.com/OSGeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a (v3.1.0RC1)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156
-CVE-2021-36805
-	RESERVED
-CVE-2021-36804
-	RESERVED
-CVE-2021-36803
-	RESERVED
-CVE-2021-36802
-	RESERVED
-CVE-2021-36801
-	RESERVED
-CVE-2021-36800
-	RESERVED
+CVE-2021-36805 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...)
+	TODO: check
+CVE-2021-36804 (Akaunting version 2.1.12 and earlier suffers from a password reset spo ...)
+	TODO: check
+CVE-2021-36803 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...)
+	TODO: check
+CVE-2021-36802 (Akaunting version 2.1.12 and earlier suffers from a denial-of-service  ...)
+	TODO: check
+CVE-2021-36801 (Akaunting version 2.1.12 and earlier suffers from an authentication by ...)
+	TODO: check
+CVE-2021-36800 (Akaunting version 2.1.12 and earlier suffers from a code injection iss ...)
+	TODO: check
 CVE-2021-36799 (KNX ETS5 uses the hard-coded password ETS5Password, with a salt value  ...)
 	NOT-FOR-US: KNX ETS5
 CVE-2021-36798
@@ -8240,6 +8294,7 @@ CVE-2021-34429 (For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm
 	NOTE: Fixed by https://github.com/eclipse/jetty.project/pull/6477
 CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, i ...)
+	{DSA-4949-1}
 	- jetty9 9.4.39-2 (bug #990578)
 	[stretch] - jetty9 <not-affected> (vulnerable code is not present)
 	- jetty8 <removed>
@@ -13664,8 +13719,8 @@ CVE-2021-32078 (An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge
 	- linux <unfixed> (unimportant)
 	NOTE: https://kirtikumarar.com/CVE-2021-32078.txt
 	NOTE: https://git.kernel.org/linus/298a58e165e447ccfaae35fe9f651f9d7e15166f (5.13-rc1)
-CVE-2021-3539
-	RESERVED
+CVE-2021-3539 (EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site ...)
+	TODO: check
 CVE-2021-3538 (A flaw was found in github.com/satori/go.uuid in versions from commit  ...)
 	- golang-github-satori-go.uuid <not-affected> (Vulnerable code introduced later and not in any released version)
 	NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488
@@ -14340,12 +14395,12 @@ CVE-2021-3520 (There's a flaw in lz4. An attacker who submits a crafted file to
 	- lz4 1.9.3-2 (bug #987856)
 	NOTE: https://github.com/lz4/lz4/pull/972
 	NOTE: Fixed by: https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7
-CVE-2021-31869
-	RESERVED
+CVE-2021-31869 (Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injec ...)
+	TODO: check
 CVE-2021-31868
 	RESERVED
-CVE-2021-31867
-	RESERVED
+CVE-2021-31867 (Pimcore Customer Data Framework version 3.0.0 and earlier suffers from ...)
+	TODO: check
 CVE-2021-3519
 	RESERVED
 CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to lear ...)
@@ -23626,7 +23681,7 @@ CVE-2021-28170 (In the Jakarta Expression Language implementation 3.0.3 and earl
 	NOTE: https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/
 	NOTE: Only affects the EL reference implementation which isn't built into the binary packages
 CVE-2021-28169 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, i ...)
-	{DLA-2688-1}
+	{DSA-4949-1 DLA-2688-1}
 	- jetty9 9.4.39-2 (bug #989999)
 	- jetty8 <removed>
 	- jetty <removed>
@@ -23643,6 +23698,7 @@ CVE-2021-28166 (In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated
 	[stretch] - mosquitto <not-affected> (Vulnerable code introduced in 2.0)
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=572608
 CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0. ...)
+	{DSA-4949-1}
 	- jetty9 9.4.39-1
 	[stretch] - jetty9 <ignored> (Minor issue, cpu-spin DoS w/o service outage, no patch for 9.2 while 9.4 refactoring in core SSL code)
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w
@@ -44860,8 +44916,8 @@ CVE-2021-20030
 	RESERVED
 CVE-2021-20029
 	RESERVED
-CVE-2021-20028
-	RESERVED
+CVE-2021-20028 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Comma ...)
+	TODO: check
 CVE-2021-20027 (A buffer overflow vulnerability in SonicOS allows a remote attacker to ...)
 	NOT-FOR-US: SonicWall
 CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an authent ...)
@@ -56905,6 +56961,7 @@ CVE-2020-27225 (In versions 4.18 and earlier of the Eclipse Platform, the Help S
 CVE-2020-27224 (In Eclipse Theia versions up to and including 1.2.0, the Markdown Prev ...)
 	NOT-FOR-US: Eclipse Theia
 CVE-2020-27223 (In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0 ...)
+	{DSA-4949-1}
 	- jetty9 9.4.38-1
 	[stretch] - jetty9 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128
@@ -56930,7 +56987,7 @@ CVE-2020-27218 (In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.a
 CVE-2020-27217 (In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does ...)
 	NOT-FOR-US: Eclipse Hono
 CVE-2020-27216 (In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thr ...)
-	{DLA-2661-1}
+	{DSA-4949-1 DLA-2661-1}
 	- jetty9 9.4.33-1
 	- jetty8 <removed>
 	- jetty <removed>
@@ -62754,8 +62811,8 @@ CVE-2020-24831
 	RESERVED
 CVE-2020-24830
 	RESERVED
-CVE-2020-24829
-	RESERVED
+CVE-2020-24829 (An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It  ...)
+	TODO: check
 CVE-2020-24828
 	RESERVED
 CVE-2020-24827 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...)
@@ -68007,8 +68064,8 @@ CVE-2020-22354
 	RESERVED
 CVE-2020-22353
 	RESERVED
-CVE-2020-22352
-	RESERVED
+CVE-2020-22352 (The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attacke ...)
+	TODO: check
 CVE-2020-22351
 	RESERVED
 CVE-2020-22350
@@ -152448,7 +152505,7 @@ CVE-2019-10249 (All Xtext & Xtend versions prior to 2.18.0 were built using
 CVE-2019-10248 (Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts fo ...)
 	NOT-FOR-US: Eclipse Vorto
 CVE-2019-10247 (In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, ...)
-	{DLA-2661-1}
+	{DSA-4949-1 DLA-2661-1}
 	[experimental] - jetty9 9.4.18-1
 	- jetty9 9.4.18-2 (bug #928444)
 	- jetty8 <removed>
@@ -152472,7 +152529,7 @@ CVE-2019-10243 (In Eclipse Kura versions up to 4.0.0, Kura exposes the underlyin
 CVE-2019-10242 (In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked  ...)
 	NOT-FOR-US: Eclipse Kura
 CVE-2019-10241 (In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.1 ...)
-	{DLA-2661-1}
+	{DSA-4949-1 DLA-2661-1}
 	[experimental] - jetty9 9.4.18-1
 	- jetty9 9.4.18-2 (bug #928444)
 	- jetty8 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/080817a7e79abee8f34f1d70811c79f320a247a9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/080817a7e79abee8f34f1d70811c79f320a247a9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210805/683e705d/attachment.htm>

More information about the debian-security-tracker-commits mailing list