[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 25 08:10:20 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
28620589 by security tracker role at 2021-12-25T08:10:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2021-45491
+	RESERVED
+CVE-2021-45490
+	RESERVED
+CVE-2021-45489 (In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employ ...)
+	TODO: check
+CVE-2021-45488 (In NetBSD through 9.2, there is an information leak in the TCP ISN (IS ...)
+	TODO: check
+CVE-2021-45487 (In NetBSD through 9.2, the IPv4 ID generation algorithm does not use a ...)
+	TODO: check
+CVE-2021-45486 (In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4 ...)
+	TODO: check
+CVE-2021-45485 (In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6 ...)
+	TODO: check
+CVE-2021-45484 (In NetBSD through 9.2, the IPv6 fragment ID generation algorithm emplo ...)
+	TODO: check
+CVE-2021-45483 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Fram ...)
+	TODO: check
+CVE-2021-45482 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Cont ...)
+	TODO: check
+CVE-2021-45481 (In WebKitGTK before 2.32.4, there is incorrect memory allocation in We ...)
+	TODO: check
+CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. There is a ...)
+	TODO: check
+CVE-2021-4167
+	RESERVED
 CVE-2021-45479
 	RESERVED
 CVE-2021-45478
@@ -4889,8 +4915,8 @@ CVE-2021-44019 (An unnecessary privilege vulnerability in Trend Micro Worry-Free
 	NOT-FOR-US: Trend Micro
 CVE-2021-3978
 	RESERVED
-CVE-2021-3977
-	RESERVED
+CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input During  ...)
+	TODO: check
 CVE-2021-44018
 	RESERVED
 CVE-2021-44017 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
@@ -58508,8 +58534,8 @@ CVE-2021-23576
 	RESERVED
 CVE-2021-23575
 	RESERVED
-CVE-2021-23574
-	RESERVED
+CVE-2021-23574 (All versions of package js-data are vulnerable to Prototype Pollution  ...)
+	TODO: check
 CVE-2021-23573
 	RESERVED
 CVE-2021-23572
@@ -58676,8 +58702,8 @@ CVE-2021-23492
 	RESERVED
 CVE-2021-23491
 	RESERVED
-CVE-2021-23490
-	RESERVED
+CVE-2021-23490 (The package parse-link-header before 2.0.0 are vulnerable to Regular E ...)
+	TODO: check
 CVE-2021-23489
 	RESERVED
 CVE-2021-23488



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/286205898b52637d83386e44d5302c2a0f8067ac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/286205898b52637d83386e44d5302c2a0f8067ac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211225/5814e418/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list