[Git][security-tracker-team/security-tracker][master] Update information for several binutils issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Aug 15 21:09:34 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
26812c44 by Salvatore Bonaccorso at 2021-08-15T22:08:57+02:00
Update information for several binutils issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13979,7 +13979,7 @@ CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, wri
 CVE-2021-32616 (1CDN is open-source file sharing software. In 1CDN before commit f88a2 ...)
 	NOT-FOR-US: 1CDN
 CVE-2021-3549 (An out of bounds flaw was found in GNU binutils objdump utility versio ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.37-3 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27294
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1cfcf3004e1830f8fe9112cfcd15285508d2c2b7
 	NOTE: binutils not covered by security support
@@ -19530,7 +19530,7 @@ CVE-2021-30477 (An issue was discovered in Zulip Server before 3.4. A bug in the
 CVE-2021-30476 (HashiCorp Terraform’s Vault Provider (terraform-provider-vault)  ...)
 	NOT-FOR-US: HashiCorp Terraform Vault Provider
 CVE-2021-3487 (There's a flaw in the BFD library of binutils in versions before 2.36. ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.37-3 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26946
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24
 	NOTE: binutils not covered by security support
@@ -45340,8 +45340,9 @@ CVE-2021-20295 [Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Ha
 	RESERVED
 	- qemu <not-affected> (RHEL 8.3 specific security regression)
 CVE-2021-20294 (A flaw was found in binutils readelf 2.35 program. An attacker who is  ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.35.2-1 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26929
+	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=372dd157272e0674d13372655cc60eaca9c06926
 	NOTE: binutils not covered by security support
 CVE-2021-20293 (A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in a ...)
 	- resteasy <undetermined>
@@ -45383,8 +45384,9 @@ CVE-2021-20285 (A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. Thi
 	NOTE: https://github.com/upx/upx/issues/421
 	NOTE: https://github.com/upx/upx/commit/3781df9da23840e596d5e9e8493f22666802fe6c
 CVE-2021-20284 (A flaw was found in GNU Binutils 2.35.1, where there is a heap-based b ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.37-3 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26931
+	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f60742b2a1988d276c77d5c1011143f320d9b4cb
 	NOTE: binutils not covered by security support
 CVE-2021-20283 (The web service responsible for fetching other users' enrolled courses ...)
 	- moodle <removed>
@@ -45817,7 +45819,7 @@ CVE-2021-20198 (A flaw was found in the OpenShift Installer before version v0.9.
 	NOT-FOR-US: OpenShift
 CVE-2021-20197 (There is an open race window when writing output in the following util ...)
 	[experimental] - binutils 2.35.50.20201209-1
-	- binutils <unfixed> (unimportant)
+	- binutils 2.37-3 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26945
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=014cc7f849e8209623fc99264814bce7b3b6faf2
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8
@@ -81567,7 +81569,7 @@ CVE-2020-16600 (A Use After Free vulnerability exists in Artifex Software, Inc.
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702253
 	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=96751b25462f83d6e16a9afaf8980b0c3f979c8b
 CVE-2020-16599 (A Null Pointer Dereference vulnerability exists in the Binary File Des ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.35-1 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25842
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4
 	NOTE: binutils not covered by security support
@@ -81582,22 +81584,22 @@ CVE-2020-16595
 CVE-2020-16594
 	RESERVED
 CVE-2020-16593 (A Null Pointer Dereference vulnerability exists in the Binary File Des ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.35-1 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25827
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aec72fda3b320c36eb99fc1c4cf95b10fc026729
 	NOTE: binutils not covered by security support
 CVE-2020-16592 (A use after free issue exists in the Binary File Descriptor (BFD) libr ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.35-1 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25823
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7ecb51549ab1ec22aba5aaf34b70323cf0b8509a
 	NOTE: binutils not covered by security support
 CVE-2020-16591 (A Denial of Service vulnerability exists in the Binary File Descriptor ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.35-1 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25822
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=001890e1f9269697f7e0212430a51479271bdab2
 	NOTE: binutils not covered by security support
 CVE-2020-16590 (A double free vulnerability exists in the Binary File Descriptor (BFD) ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.35-1 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25821
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c98a4545dc7bf2bcaf1de539c4eb84784680eaa4
 	NOTE: binutils not covered by security support
@@ -131795,12 +131797,12 @@ CVE-2019-17453 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorL
 CVE-2019-17452 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListIns ...)
 	NOT-FOR-US: Bento4
 CVE-2019-17451 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.34-1 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25070
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848f4b9558456fdcf283ee8a32d7fd1
 	NOTE: binutils not covered by security support
 CVE-2019-17450 (find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.34-1 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25078
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79281f33fd33f0964541a73511b9e2b
 	NOTE: binutils not covered by security support



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26812c4484544a4dc4050153094828b2c5a942c1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26812c4484544a4dc4050153094828b2c5a942c1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210815/9b23bf64/attachment.htm>

More information about the debian-security-tracker-commits mailing list