[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Aug 8 18:59:50 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
85dd0c17 by Moritz Muehlenhoff at 2021-08-08T19:59:10+02:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -162,6 +162,8 @@ CVE-2021-38156
RESERVED
CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1 ...)
- keystone <unfixed>
+ [bullseye] - keystone <no-dsa> (Minor issue)
+ [buster] - keystone <no-dsa> (Minor issue)
[stretch] - keystone <end-of-life> (Keystone not supported in stretch)
NOTE: https://launchpad.net/bugs/1688137
CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, whic ...)
@@ -336,6 +338,8 @@ CVE-2021-38085
RESERVED
CVE-2021-38084 (An issue was discovered in the POP3 component of Courier Mail Server b ...)
- courier <unfixed> (bug #989375)
+ [bullseye] - courier <no-dsa> (Minor issue)
+ [buster] - courier <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583
NOTE: https://sourceforge.net/p/courier/mailman/message/37329216/
NOTE: https://sourceforge.net/p/courier/courier-libs.git/ci/97ed62b17a2616c758d09105b5a14dd1038cff6f/ (1.1.5)
@@ -2667,6 +2671,8 @@ CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions before
CVE-2021-3654 [novnc allows open redirection]
RESERVED
- nova <unfixed> (bug #991441)
+ [bullseye] - nova <no-dsa> (Minor issue)
+ [buster] - nova <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/nova/+bug/1927677
CVE-2021-26263
RESERVED
@@ -3182,6 +3188,7 @@ CVE-2021-36774
RESERVED
CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...)
- ublock-origin <unfixed> (bug #991386)
+ [bullseye] - ublock-origin <no-dsa> (Minor issue)
[buster] - ublock-origin <no-dsa> (Minor issue)
[stretch] - ublock-origin <no-dsa> (Minor issue)
- umatrix <unfixed> (bug #991344)
@@ -3196,6 +3203,7 @@ CVE-2021-36770
CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android, Telegr ...)
[experimental] - telegram-desktop 2.9.0+ds-1
- telegram-desktop <unfixed> (bug #991493)
+ [bullseye] - telegram-desktop <no-dsa> (Minor issue)
[buster] - telegram-desktop <no-dsa> (Minor issue)
NOTE: https://mtpsym.github.io/
CVE-2021-36768
@@ -4390,7 +4398,9 @@ CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center
CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that c ...)
- golang-1.16 1.16.7-1
- golang-1.15 <unfixed> (bug #991961)
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
- golang-1.7 <removed>
NOTE: https://github.com/golang/go/issues/46866
@@ -6416,6 +6426,8 @@ CVE-2021-35369
CVE-2021-35368 [CRS Request Body Bypass]
RESERVED
- modsecurity-crs <unfixed> (bug #992000)
+ [bullseye] - modsecurity-crs <no-dsa> (Minor issue)
+ [buster] - modsecurity-crs <no-dsa> (Minor issue)
NOTE: https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/
CVE-2021-35367
RESERVED
@@ -8857,6 +8869,8 @@ CVE-2021-3584
CVE-2021-3583 [Template Injection through yaml multi-line strings with ansible facts used in template]
RESERVED
- ansible <unfixed>
+ [bullseye] - ansible <no-dsa> (Minor issue)
+ [buster] - ansible <no-dsa> (Minor issue)
- ansible-base <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968412
NOTE: https://github.com/ansible/ansible/commit/4c8c40fd3d4a58defdc80e7d22aa8d26b731353e.patch
@@ -12799,6 +12813,8 @@ CVE-2021-32610 (In Archive_Tar before 1.4.14, symlinks can refer to targets outs
{DLA-2721-1}
- drupal7 <removed>
- php-pear <unfixed> (bug #991541)
+ [bullseye] - php-pear <no-dsa> (Minor issue)
+ [buster] - php-pear <no-dsa> (Minor issue)
NOTE: https://www.drupal.org/sa-core-2021-004
NOTE: https://pear.php.net/package/Archive_Tar/download/1.4.14/
NOTE: https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f61ca26bf7d4 (1.4.14)
@@ -12913,6 +12929,7 @@ CVE-2021-32575 (HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296
CVE-2021-32574 (HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy prox ...)
- consul <unfixed> (bug #991719)
+ [bullseye] - consul <no-dsa> (Minor issue)
[buster] - consul <not-affected> (Only affects 1.3.0 and later)
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856
NOTE: https://github.com/hashicorp/consul/pull/10619
@@ -19759,6 +19776,8 @@ CVE-2021-29923 (Go before 1.17 does not properly consider extraneous zero charac
TODO: check
CVE-2021-29922 (library/std/src/net/parser.rs in Rust before 1.53.0 does not properly ...)
- rustc <unfixed>
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
NOTE: https://github.com/rust-lang/rust/issues/83648
NOTE: https://github.com/rust-lang/rust/pull/83652
NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-015.md
@@ -63064,30 +63083,44 @@ CVE-2020-24828
RESERVED
CVE-2020-24827 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...)
- libelfin <unfixed>
+ [bullseye] - libelfin <no-dsa> (Minor issue)
+ [buster] - libelfin <no-dsa> (Minor issue)
NOTE: https://github.com/aclements/libelfin/issues/47
NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc181
CVE-2020-24826 (A vulnerability in the elf::section::as_strtab function of Libelfin v0 ...)
- libelfin <unfixed>
+ [bullseye] - libelfin <no-dsa> (Minor issue)
+ [buster] - libelfin <no-dsa> (Minor issue)
NOTE: https://github.com/aclements/libelfin/issues/49
NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-elfsectionas_strtab-at-elfelfcc284
CVE-2020-24825 (A vulnerability in the line_table::line_table function of Libelfin v0. ...)
- libelfin <unfixed>
+ [bullseye] - libelfin <no-dsa> (Minor issue)
+ [buster] - libelfin <no-dsa> (Minor issue)
NOTE: https://github.com/aclements/libelfin/issues/46
NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-line_tableline_table-at-dwarflinecc104
CVE-2020-24824 (A global buffer overflow issue in the dwarf::line_table::line_table fu ...)
- libelfin <unfixed>
+ [bullseye] - libelfin <no-dsa> (Minor issue)
+ [buster] - libelfin <no-dsa> (Minor issue)
NOTE: https://github.com/aclements/libelfin/issues/48
NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#global-buffer-overflow-in-function-dwarfline_tableline_table-at-dwarflinecc107
CVE-2020-24823 (A vulnerability in the dwarf::to_string function of Libelfin v0.3 allo ...)
- libelfin <unfixed>
+ [bullseye] - libelfin <no-dsa> (Minor issue)
+ [buster] - libelfin <no-dsa> (Minor issue)
NOTE: https://github.com/aclements/libelfin/issues/51
NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfto_string-at-dwarfvaluecc300
CVE-2020-24822 (A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 a ...)
- libelfin <unfixed>
+ [bullseye] - libelfin <no-dsa> (Minor issue)
+ [buster] - libelfin <no-dsa> (Minor issue)
NOTE: https://github.com/aclements/libelfin/issues/50
NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursoruleb128-at-dwarfinternalhh154
CVE-2020-24821 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...)
- libelfin <unfixed>
+ [bullseye] - libelfin <no-dsa> (Minor issue)
+ [buster] - libelfin <no-dsa> (Minor issue)
NOTE: https://github.com/aclements/libelfin/issues/52
NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc191
CVE-2020-24820
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85dd0c17f71aeeb150c7a887edf88f748ccef057
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85dd0c17f71aeeb150c7a887edf88f748ccef057
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210808/db6126c2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list