[Git][security-tracker-team/security-tracker][master] Merge in changes accepted for bullseye 11.2
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Dec 18 09:52:17 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
38958deb by Salvatore Bonaccorso at 2021-12-18T10:51:34+01:00
Merge in changes accepted for bullseye 11.2
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1342,6 +1342,7 @@ CVE-2021-44717
RESERVED
- golang-1.17 1.17.5-1
- golang-1.15 1.15.15-5
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
- golang-1.11 <removed>
- golang-1.8 <removed>
- golang-1.7 <removed>
@@ -1353,6 +1354,7 @@ CVE-2021-44716
RESERVED
- golang-1.17 1.17.5-1
- golang-1.15 1.15.15-5
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
- golang-1.11 <removed>
- golang-1.8 <removed>
- golang-1.7 <removed>
@@ -1805,14 +1807,14 @@ CVE-2021-44543
RESERVED
{DLA-2844-1}
- privoxy 3.0.33-1
- [bullseye] - privoxy <no-dsa> (Minor issue)
+ [bullseye] - privoxy 3.0.32-2+deb11u1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409cbf4ab8bf2d79be204bd4e81a00d85 (v_3_0_33)
CVE-2021-44542
RESERVED
- privoxy 3.0.33-1
- [bullseye] - privoxy <no-dsa> (Minor issue)
+ [bullseye] - privoxy 3.0.32-2+deb11u1
[buster] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
[stretch] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
@@ -1820,7 +1822,7 @@ CVE-2021-44542
CVE-2021-44541
RESERVED
- privoxy 3.0.33-1
- [bullseye] - privoxy <no-dsa> (Minor issue)
+ [bullseye] - privoxy 3.0.32-2+deb11u1
[buster] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
[stretch] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
@@ -1829,7 +1831,7 @@ CVE-2021-44540
RESERVED
{DLA-2844-1}
- privoxy 3.0.33-1
- [bullseye] - privoxy <no-dsa> (Minor issue)
+ [bullseye] - privoxy 3.0.32-2+deb11u1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb07592c0912cf938a50fcd009fa29a0a (v_3_0_33)
@@ -2175,7 +2177,7 @@ CVE-2021-44421
RESERVED
CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...)
- python-django 2:3.2.10-1
- [bullseye] - python-django <no-dsa> (Minor issue)
+ [bullseye] - python-django 2:2.2.25-1~deb11u1
[buster] - python-django <no-dsa> (Minor issue)
[stretch] - python-django <not-affected> (Vulnerable code not present; path converters added later)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/07/1
@@ -2724,7 +2726,7 @@ CVE-2021-4022
RESERVED
CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficiently re ...)
- keepalived 1:2.2.4-0.2
- [bullseye] - keepalived <no-dsa> (Minor issue)
+ [bullseye] - keepalived 1:2.1.5-0.2+deb11u1
[buster] - keepalived <no-dsa> (Minor issue)
[stretch] - keepalived <no-dsa> (Minor issue)
NOTE: https://github.com/acassen/keepalived/pull/2063
@@ -5213,7 +5215,7 @@ CVE-2021-43619
CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an m ...)
{DLA-2837-1}
- gmp 2:6.2.1+dfsg-3 (bug #994405)
- [bullseye] - gmp <no-dsa> (Minor issue)
+ [bullseye] - gmp 2:6.2.1+dfsg-1+deb11u1
[buster] - gmp <no-dsa> (Minor issue)
NOTE: https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
NOTE: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
@@ -5236,7 +5238,7 @@ CVE-2021-43613
CVE-2021-43612 [crash in SONMP decoder]
RESERVED
- lldpd 1.0.13-1
- [bullseye] - lldpd <no-dsa> (Minor issue)
+ [bullseye] - lldpd 1.0.11-1+deb11u1
[buster] - lldpd <no-dsa> (Minor issue)
[stretch] - lldpd <no-dsa> (Minor issue)
NOTE: https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7 (1.0.13)
@@ -5321,6 +5323,7 @@ CVE-2021-43580
RESERVED
CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC before 1. ...)
- htmldoc 1.9.13-1 (unimportant)
+ [bullseye] - htmldoc 1.9.11-4+deb11u1
NOTE: https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b (v1.9.13)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/453
NOTE: Crash in CLI tool, no security impact
@@ -7414,7 +7417,7 @@ CVE-2021-43175 (The GOautodial API prior to commit 3c3a979 made on October 13th,
NOT-FOR-US: GOautodial API
CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification of Obj ...)
- node-json-schema 0.4.0+~7.0.9-1 (bug #999765)
- [bullseye] - node-json-schema <no-dsa> (Minor issue)
+ [bullseye] - node-json-schema 0.3.0+~7.0.6-1+deb11u1
[buster] - node-json-schema <no-dsa> (Minor issue)
NOTE: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 (v0.4.0)
CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, suppo ...)
@@ -8040,7 +8043,7 @@ CVE-2021-42918
RESERVED
CVE-2021-42917 (Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attacker ...)
- kodi 2:19.3+dfsg1-1 (bug #998419)
- [bullseye] - kodi <no-dsa> (Minor issue)
+ [bullseye] - kodi 2:19.1+dfsg2-2+deb11u1
[buster] - kodi <no-dsa> (Minor issue)
[stretch] - kodi <postponed> (no point in fixing this when the more severe CVE-2017-5982 is ignored)
- xbmc <removed>
@@ -12025,7 +12028,7 @@ CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go befor
- golang-1.17 1.17.3-1
- golang-1.16 1.16.10-1
- golang-1.15 1.15.15-5
- [bullseye] - golang-1.15 <no-dsa> (Minor issue; will be fixed via point release)
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
@@ -13373,17 +13376,20 @@ CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An
NOT-FOR-US: Mycodo
CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
- jqueryui 1.13.0+dfsg-1
+ [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
[stretch] - jqueryui <no-dsa> (Minor issue)
NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
- jqueryui 1.13.0+dfsg-1
+ [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
[stretch] - jqueryui <no-dsa> (Minor issue)
NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
NOTE: https://bugs.jqueryui.com/ticket/15284
NOTE: https://github.com/jquery/jquery-ui/pull/1953
CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
- jqueryui 1.13.0+dfsg-1
+ [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
[stretch] - jqueryui <no-dsa> (Minor issue)
NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
NOTE: https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce
@@ -13609,13 +13615,13 @@ CVE-2021-41093 (Wire is an open source secure messenger. In affected versions if
NOT-FOR-US: Wire iOS
CVE-2021-41092 (Docker CLI is the command line interface for the docker container runt ...)
- docker.io 20.10.10+dfsg1-1 (bug #998292)
- [bullseye] - docker.io <no-dsa> (Minor issue)
+ [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
[buster] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
NOTE: https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
CVE-2021-41091 (Moby is an open-source project created by Docker to enable software co ...)
- docker.io 20.10.10+dfsg1-1
- [bullseye] - docker.io <no-dsa> (Minor issue)
+ [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
[buster] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
NOTE: https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
@@ -13623,7 +13629,7 @@ CVE-2021-41090 (Grafana Agent is a telemetry collector for sending metrics, logs
NOT-FOR-US: Grafana Agent
CVE-2021-41089 (Moby is an open-source project created by Docker to enable software co ...)
- docker.io 20.10.10+dfsg1-1
- [bullseye] - docker.io <no-dsa> (Minor issue)
+ [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
[buster] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4
CVE-2021-41088 (Elvish is a programming language and interactive shell, combined into ...)
@@ -13659,7 +13665,7 @@ CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complex
CVE-2021-3802 (A vulnerability found in udisks2. This flaw allows an attacker to inpu ...)
{DLA-2809-1}
- udisks2 2.9.4-1
- [bullseye] - udisks2 <no-dsa> (Minor issue)
+ [bullseye] - udisks2 2.9.2-2+deb11u1
[buster] - udisks2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2003649
NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt
@@ -13877,6 +13883,7 @@ CVE-2021-3800
RESERVED
CVE-2021-40985 (Buffer overflow vulnerability in htmldoc before 1.9.12, allows attacke ...)
- htmldoc 1.9.13-1 (unimportant)
+ [bullseye] - htmldoc 1.9.11-4+deb11u1
NOTE: https://github.com/michaelrsweet/htmldoc/issues/444
NOTE: https://github.com/michaelrsweet/htmldoc/commit/f12b9666e582a8e7b70f11b28e5ffc49ad625d43 (v1.9.13)
NOTE: Crash in CLI tool, no security impact
@@ -14154,7 +14161,7 @@ CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String Compari
NOT-FOR-US: Hestia Control Panel
CVE-2021-3796 (vim is vulnerable to Use After Free ...)
- vim 2:8.2.3455-1 (bug #994497)
- [bullseye] - vim <no-dsa> (Minor issue)
+ [bullseye] - vim 2:8.2.2434-3+deb11u1
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d/
@@ -14609,7 +14616,7 @@ CVE-2021-3779
RESERVED
CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.3455-1 (bug #994498)
- [bullseye] - vim <no-dsa> (Minor issue)
+ [bullseye] - vim 2:8.2.2434-3+deb11u1
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273
@@ -15010,7 +15017,7 @@ CVE-2021-40515
RESERVED
CVE-2021-3770 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.3455-1 (bug #994076)
- [bullseye] - vim <no-dsa> (Minor issue)
+ [bullseye] - vim 2:8.2.2434-3+deb11u1
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/
@@ -15306,7 +15313,7 @@ CVE-2021-40392
CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format T-code ...)
{DLA-2839-1}
- gerbv 2.7.1-1
- [bullseye] - gerbv <no-dsa> (Minor issue)
+ [bullseye] - gerbv 2.7.0-2+deb11u1
[buster] - gerbv <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1402
NOTE: https://github.com/gerbv/gerbv/commit/9f83950b772b37b49ee188300e444546e6aab17e
@@ -17917,6 +17924,7 @@ CVE-2021-39293
- golang-1.17 1.17.1-1
- golang-1.16 1.16.8-1
- golang-1.15 1.15.15-2
+ [bullseye] - golang-1.15 1.15.15-1~deb11u1
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
@@ -19320,7 +19328,7 @@ CVE-2021-38715
CVE-2021-38714 (In Plib through 1.85, there is an integer overflow vulnerability that ...)
{DLA-2775-1}
- plib 1.8.5-10 (bug #992973)
- [bullseye] - plib <no-dsa> (Minor issue)
+ [bullseye] - plib 1.8.5-8+deb11u1
[buster] - plib <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/plib/bugs/55/
CVE-2021-38713 (imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. ...)
@@ -20381,7 +20389,7 @@ CVE-2021-38297 (Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow
- golang-1.17 1.17.2-1
- golang-1.16 1.16.9-1
- golang-1.15 1.15.15-5
- [bullseye] - golang-1.15 <no-dsa> (Minor issue; will be fixed via point release)
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <not-affected> (Vulnerable code not present)
@@ -20834,7 +20842,7 @@ CVE-2021-38156 (In Nagios XI before 5.8.6, XSS exists in the dashboard page (/da
NOT-FOR-US: Nagios XI
CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1 ...)
- keystone 2:19.0.0-3 (bug #992070)
- [bullseye] - keystone <no-dsa> (Minor issue)
+ [bullseye] - keystone 2:18.0.0-3+deb11u1
[buster] - keystone <no-dsa> (Minor issue)
[stretch] - keystone <end-of-life> (Keystone not supported in stretch)
NOTE: https://launchpad.net/bugs/1688137
@@ -23198,7 +23206,7 @@ CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authenticat
CVE-2021-3657 [multiple buffer overflows in isync/mbsync]
RESERVED
- isync 1.4.4-1
- [bullseye] - isync <no-dsa> (Minor issue)
+ [bullseye] - isync 1.3.0-2.2+deb11u1
[buster] - isync <no-dsa> (Minor issue)
[stretch] - isync <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/1
@@ -23231,7 +23239,7 @@ CVE-2021-37147 (Improper input validation vulnerability in header parsing of Apa
CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...)
[experimental] - ros-ros-comm 1.15.13+ds1-1
- ros-ros-comm 1.15.13+ds1-2
- [bullseye] - ros-ros-comm <no-dsa> (Minor issue)
+ [bullseye] - ros-ros-comm 1.15.9+ds1-7+deb11u1
[buster] - ros-ros-comm <no-dsa> (Minor issue)
[stretch] - ros-ros-comm <no-dsa> (Minor issue)
NOTE: https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446
@@ -25356,7 +25364,7 @@ CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center
CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that c ...)
- golang-1.16 1.16.7-1
- golang-1.15 1.15.15-1 (bug #991961)
- [bullseye] - golang-1.15 <no-dsa> (Minor issue)
+ [bullseye] - golang-1.15 1.15.15-1~deb11u1
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
@@ -57035,7 +57043,7 @@ CVE-2021-23446 (The package handsontable before 10.0.0; the package handsontable
NOT-FOR-US: Node handsontable
CVE-2021-23445 (This affects the package datatables.net before 1.11.3. If an array is ...)
- datatables.js 1.10.21+dfsg-3 (bug #995229)
- [bullseye] - datatables.js <no-dsa> (Minor issue)
+ [bullseye] - datatables.js 1.10.21+dfsg-2+deb11u1
[buster] - datatables.js <no-dsa> (Minor issue)
[stretch] - datatables.js <no-dsa> (Minor issue)
NOTE: https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b (v1.11.3)
@@ -76102,7 +76110,7 @@ CVE-2020-28283 (Prototype pollution vulnerability in 'libnested' versions 0.0.0
NOT-FOR-US: libnested
CVE-2020-28282 (Prototype pollution vulnerability in 'getobject' version 0.1.0 allows ...)
- node-getobject 1.0.2-1
- [bullseye] - node-getobject <no-dsa> (Minor issue)
+ [bullseye] - node-getobject 0.1.0-2+deb11u1
[buster] - node-getobject <no-dsa> (Minor issue)
[stretch] - node-getobject <no-dsa> (Minor issue)
NOTE: https://github.com/cowboy/node-getobject/commit/84071748fa407caa8f824e0d0b9c1cde9ec56633 (v1.0.0)
@@ -173203,7 +173211,7 @@ CVE-2019-11099
CVE-2019-11098 (Insufficient input validation in MdeModulePkg in EDKII may allow an un ...)
[experimental] - edk2 2021.02-1
- edk2 2020.11-5 (bug #991495)
- [bullseye] - edk2 <no-dsa> (Minor issue)
+ [bullseye] - edk2 2020.11-2+deb11u1
[buster] - edk2 <no-dsa> (Minor issue)
[stretch] - edk2 <no-dsa> (Minor issue)
NOTE: https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability
=====================================
data/next-point-update.txt
=====================================
@@ -1,75 +1,3 @@
-CVE-2019-11098
- [bullseye] - edk2 2020.11-2+deb11u1
-CVE-2021-38155
- [bullseye] - keystone 2:18.0.0-3+deb11u1
-CVE-2021-36221
- [bullseye] - golang-1.15 1.15.15-1~deb11u1
-CVE-2021-39293
- [bullseye] - golang-1.15 1.15.15-1~deb11u1
-CVE-2021-3770
- [bullseye] - vim 2:8.2.2434-3+deb11u1
-CVE-2021-3778
- [bullseye] - vim 2:8.2.2434-3+deb11u1
-CVE-2021-3796
- [bullseye] - vim 2:8.2.2434-3+deb11u1
-CVE-2020-28282
- [bullseye] - node-getobject 0.1.0-2+deb11u1
-CVE-2021-38714
- [bullseye] - plib 1.8.5-8+deb11u1
-CVE-2021-3802
- [bullseye] - udisks2 2.9.2-2+deb11u1
-CVE-2021-41182
- [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
-CVE-2021-41183
- [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
-CVE-2021-41184
- [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
-CVE-2021-42917
- [bullseye] - kodi 2:19.1+dfsg2-2+deb11u1
-CVE-2021-43612
- [bullseye] - lldpd 1.0.11-1+deb11u1
-CVE-2021-40985
- [bullseye] - htmldoc 1.9.11-4+deb11u1
-CVE-2021-43579
- [bullseye] - htmldoc 1.9.11-4+deb11u1
-CVE-2021-3918
- [bullseye] - node-json-schema 0.3.0+~7.0.6-1+deb11u1
-CVE-2021-43618
- [bullseye] - gmp 2:6.2.1+dfsg-1+deb11u1
-CVE-2021-37146
- [bullseye] - ros-ros-comm 1.15.9+ds1-7+deb11u1
-CVE-2021-44225
- [bullseye] - keepalived 1:2.1.5-0.2+deb11u1
-CVE-2021-38297
- [bullseye] - golang-1.15 1.15.15-1~deb11u2
-CVE-2021-41771
- [bullseye] - golang-1.15 1.15.15-1~deb11u2
-CVE-2021-44716
- [bullseye] - golang-1.15 1.15.15-1~deb11u2
-CVE-2021-44717
- [bullseye] - golang-1.15 1.15.15-1~deb11u2
-CVE-2021-41089
- [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
-CVE-2021-41091
- [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
-CVE-2021-41092
- [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
-CVE-2021-3657
- [bullseye] - isync 1.3.0-2.2+deb11u1
-CVE-2021-44420
- [bullseye] - python-django 2:2.2.25-1~deb11u1
-CVE-2021-23445
- [bullseye] - datatables.js 1.10.21+dfsg-2+deb11u1
-CVE-2021-40391
- [bullseye] - gerbv 2.7.0-2+deb11u1
-CVE-2021-44543
- [bullseye] - privoxy 3.0.32-2+deb11u1
-CVE-2021-44542
- [bullseye] - privoxy 3.0.32-2+deb11u1
-CVE-2021-44541
- [bullseye] - privoxy 3.0.32-2+deb11u1
-CVE-2021-44540
- [bullseye] - privoxy 3.0.32-2+deb11u1
CVE-2021-42343
[bullseye] - dask.distributed 2021.01.0+ds.1-2.1+deb11u1
CVE-2021-3654
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38958debc4afbf19aeb124b7df29de78e4ab84b3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38958debc4afbf19aeb124b7df29de78e4ab84b3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211218/a183bc95/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list