[Git][security-tracker-team/security-tracker][master] automatic update

Sun Aug 8 09:10:35 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f9b37f0c by security tracker role at 2021-08-08T08:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,133 @@
+CVE-2021-38196 (An issue was discovered in the better-macro crate through 2021-07-22 f ...)
+	TODO: check
+CVE-2021-38195 (An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rus ...)
+	TODO: check
+CVE-2021-38194 (An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rus ...)
+	TODO: check
+CVE-2021-38193 (An issue was discovered in the ammonia crate before 3.1.0 for Rust. XS ...)
+	TODO: check
+CVE-2021-38192 (An issue was discovered in the prost-types crate before 0.8.0 for Rust ...)
+	TODO: check
+CVE-2021-38191 (An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon ...)
+	TODO: check
+CVE-2021-38190 (An issue was discovered in the nalgebra crate before 0.27.1 for Rust.  ...)
+	TODO: check
+CVE-2021-38189 (An issue was discovered in the lettre crate before 0.9.6 for Rust. In  ...)
+	TODO: check
+CVE-2021-38188 (An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. ...)
+	TODO: check
+CVE-2021-38187 (An issue was discovered in the anymap crate through 0.12.1 for Rust. I ...)
+	TODO: check
+CVE-2021-38186 (An issue was discovered in the comrak crate before 0.10.1 for Rust. It ...)
+	TODO: check
+CVE-2021-38185 (GNU cpio through 2.13 allows attackers to execute arbitrary code via a ...)
+	TODO: check
+CVE-2021-38184
+	RESERVED
+CVE-2021-38183
+	RESERVED
+CVE-2021-38182
+	RESERVED
+CVE-2021-38181
+	RESERVED
+CVE-2021-38180
+	RESERVED
+CVE-2021-38179
+	RESERVED
+CVE-2021-38178
+	RESERVED
+CVE-2021-38177
+	RESERVED
+CVE-2021-38176
+	RESERVED
+CVE-2021-38175
+	RESERVED
+CVE-2021-38174
+	RESERVED
+CVE-2021-3689
+	RESERVED
+CVE-2020-36472 (An issue was discovered in the max7301 crate before 0.2.0 for Rust. Th ...)
+	TODO: check
+CVE-2020-36471 (An issue was discovered in the generator crate before 0.7.0 for Rust.  ...)
+	TODO: check
+CVE-2020-36470 (An issue was discovered in the disrustor crate through 2020-12-17 for  ...)
+	TODO: check
+CVE-2020-36469 (An issue was discovered in the appendix crate through 2020-11-15 for R ...)
+	TODO: check
+CVE-2020-36468 (An issue was discovered in the cgc crate through 2020-12-10 for Rust.  ...)
+	TODO: check
+CVE-2020-36467 (An issue was discovered in the cgc crate through 2020-12-10 for Rust.  ...)
+	TODO: check
+CVE-2020-36466 (An issue was discovered in the cgc crate through 2020-12-10 for Rust.  ...)
+	TODO: check
+CVE-2020-36465 (An issue was discovered in the generic-array crate before 0.13.3 for R ...)
+	TODO: check
+CVE-2020-36464 (An issue was discovered in the heapless crate before 0.6.1 for Rust. T ...)
+	TODO: check
+CVE-2020-36463 (An issue was discovered in the multiqueue crate through 2020-12-25 for ...)
+	TODO: check
+CVE-2020-36462 (An issue was discovered in the syncpool crate before 0.1.6 for Rust. T ...)
+	TODO: check
+CVE-2020-36461 (An issue was discovered in the noise_search crate through 2020-12-10 f ...)
+	TODO: check
+CVE-2020-36460 (An issue was discovered in the model crate through 2020-11-10 for Rust ...)
+	TODO: check
+CVE-2020-36459 (An issue was discovered in the dces crate through 2020-12-09 for Rust. ...)
+	TODO: check
+CVE-2020-36458 (An issue was discovered in the lexer crate through 2020-11-10 for Rust ...)
+	TODO: check
+CVE-2020-36457 (An issue was discovered in the lever crate before 0.1.1 for Rust. Atom ...)
+	TODO: check
+CVE-2020-36456 (An issue was discovered in the toolshed crate through 2020-11-15 for R ...)
+	TODO: check
+CVE-2020-36455 (An issue was discovered in the slock crate through 2020-11-17 for Rust ...)
+	TODO: check
+CVE-2020-36454 (An issue was discovered in the parc crate through 2020-11-14 for Rust. ...)
+	TODO: check
+CVE-2020-36453 (An issue was discovered in the scottqueue crate through 2020-11-15 for ...)
+	TODO: check
+CVE-2020-36452 (An issue was discovered in the array-tools crate before 0.3.2 for Rust ...)
+	TODO: check
+CVE-2020-36451 (An issue was discovered in the rcu_cell crate through 2020-11-14 for R ...)
+	TODO: check
+CVE-2020-36450 (An issue was discovered in the bunch crate through 2020-11-12 for Rust ...)
+	TODO: check
+CVE-2020-36449 (An issue was discovered in the kekbit crate before 0.3.4 for Rust. For ...)
+	TODO: check
+CVE-2020-36448 (An issue was discovered in the cache crate through 2020-11-24 for Rust ...)
+	TODO: check
+CVE-2020-36447 (An issue was discovered in the v9 crate through 2020-12-18 for Rust. T ...)
+	TODO: check
+CVE-2020-36446 (An issue was discovered in the signal-simple crate through 2020-11-15  ...)
+	TODO: check
+CVE-2020-36445 (An issue was discovered in the convec crate through 2020-11-24 for Rus ...)
+	TODO: check
+CVE-2020-36444 (An issue was discovered in the async-coap crate through 2020-12-08 for ...)
+	TODO: check
+CVE-2020-36443 (An issue was discovered in the libp2p-deflate crate before 0.27.1 for  ...)
+	TODO: check
+CVE-2020-36442 (An issue was discovered in the beef crate before 0.5.0 for Rust. beef: ...)
+	TODO: check
+CVE-2020-36441 (An issue was discovered in the abox crate before 0.4.1 for Rust. It im ...)
+	TODO: check
+CVE-2020-36440 (An issue was discovered in the libsbc crate before 0.1.5 for Rust. For ...)
+	TODO: check
+CVE-2020-36439 (An issue was discovered in the ticketed_lock crate before 0.3.0 for Ru ...)
+	TODO: check
+CVE-2020-36438 (An issue was discovered in the tiny_future crate before 0.4.0 for Rust ...)
+	TODO: check
+CVE-2020-36437 (An issue was discovered in the conqueue crate before 0.4.0 for Rust. T ...)
+	TODO: check
+CVE-2020-36436 (An issue was discovered in the unicycle crate before 0.7.1 for Rust. P ...)
+	TODO: check
+CVE-2020-36435 (An issue was discovered in the ruspiro-singleton crate before 0.4.1 fo ...)
+	TODO: check
+CVE-2020-36434 (An issue was discovered in the sys-info crate before 0.8.0 for Rust. s ...)
+	TODO: check
+CVE-2020-36433 (An issue was discovered in the chunky crate through 2020-08-25 for Rus ...)
+	TODO: check
+CVE-2020-36432 (An issue was discovered in the alg_ds crate through 2020-08-25 for Rus ...)
+	TODO: check
 CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mishandlin ...)
 	- btrbk 0.27.1-2
 	NOTE: Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2)
@@ -37,7 +167,7 @@ CVE-2021-38156
 CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1 ...)
 	- keystone <unfixed>
 	NOTE: https://launchpad.net/bugs/1688137
-CVE-2021-38165 (HTParse in Lynx through 2.8.9 mishandles the userinfo subcomponent of  ...)
+CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, whic ...)
 	[experimental] - lynx 2.9.0dev.9-1
 	- lynx <unfixed> (bug #991971)
 	NOTE: https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
@@ -4258,8 +4388,7 @@ CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center
 	[stretch] - krb5 <not-affected> (Vulnerable code (k5memdup0()) introduced later)
 	NOTE: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
 	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=9007
-CVE-2021-36221
-	RESERVED
+CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that c ...)
 	- golang-1.16 1.16.7-1
 	- golang-1.15 <unfixed> (bug #991961)
 	- golang-1.11 <removed>
@@ -11213,7 +11342,7 @@ CVE-2021-33200 (kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforce
 	NOTE: Issue introduced due to fixes applied for CVE-2021-29155
 CVE-2021-33199
 	RESERVED
-CVE-2021-33198 (Go before 1.15.12 and 1.16.x before 1.16.5 attempts to allocate excess ...)
+CVE-2021-33198 (In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic fo ...)
 	- golang-1.16 1.16.5-1
 	- golang-1.15 1.15.9-5
 	- golang-1.11 <removed>
@@ -11224,7 +11353,7 @@ CVE-2021-33198 (Go before 1.15.12 and 1.16.x before 1.16.5 attempts to allocate
 	NOTE: https://github.com/golang/go/issues/45910
 	NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
 	NOTE: Introduced by https://github.com/golang/go/commit/e4ba40030f9ba4b61bb28dbf78bb41a7b14e6788 (go1.13beta1)
-CVE-2021-33197 (Go before 1.15.12 and 1.16.x before 1.16.5 acts as an Unintended Proxy ...)
+CVE-2021-33197 (In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of  ...)
 	- golang-1.16 1.16.5-1
 	- golang-1.15 1.15.9-5
 	- golang-1.11 <removed>
@@ -11236,7 +11365,7 @@ CVE-2021-33197 (Go before 1.15.12 and 1.16.x before 1.16.5 acts as an Unintended
 	NOTE: https://github.com/golang/go/issues/46313
 	NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
 	NOTE: https://github.com/golang/go/commit/cbd1ca84453fecf3825a6bb9f985823e8bc32b76 (1.15)
-CVE-2021-33196 (Go before 1.15.12 and 1.16.x before 1.16.5 attempts to allocate excess ...)
+CVE-2021-33196 (In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafte ...)
 	- golang-1.16 1.16.5-1 (bug #989492)
 	- golang-1.15 1.15.9-4
 	- golang-1.11 <removed>
@@ -11249,7 +11378,7 @@ CVE-2021-33196 (Go before 1.15.12 and 1.16.x before 1.16.5 attempts to allocate
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912
 	NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
 	NOTE: https://github.com/golang/go/commit/c92adf420a3d9a5510f9aea382d826f0c9216a10 (1.15)
-CVE-2021-33195 (Go before 1.15.12 and 1.16.x before 1.16.5 allows injection. ...)
+CVE-2021-33195 (Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS looku ...)
 	- golang-1.16 1.16.5-1
 	- golang-1.15 1.15.9-5
 	- golang-1.11 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9b37f0c89330e6e1b596b7f4396970a01c76e3b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9b37f0c89330e6e1b596b7f4396970a01c76e3b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210808/7ceb2e17/attachment-0001.htm>
