[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 27 08:10:20 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0f62dde9 by security tracker role at 2021-12-27T08:10:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for Rust. The it ...)
+	TODO: check
+CVE-2021-45719 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+	TODO: check
+CVE-2021-45718 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+	TODO: check
+CVE-2021-45717 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+	TODO: check
+CVE-2021-45716 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+	TODO: check
+CVE-2021-45715 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+	TODO: check
+CVE-2021-45714 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+	TODO: check
+CVE-2021-45713 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+	TODO: check
+CVE-2021-45712 (An issue was discovered in the rust-embed crate before 6.3.0 for Rust. ...)
+	TODO: check
+CVE-2021-45711 (An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 fo ...)
+	TODO: check
+CVE-2021-45710 (An issue was discovered in the tokio crate before 1.8.4, and 1.9.x thr ...)
+	TODO: check
+CVE-2021-45709 (An issue was discovered in the crypto2 crate through 2021-10-08 for Ru ...)
+	TODO: check
+CVE-2021-45708 (An issue was discovered in the abomonation crate through 2021-10-17 fo ...)
+	TODO: check
+CVE-2021-45707 (An issue was discovered in the nix crate before 0.20.2, 0.21.x before  ...)
+	TODO: check
+CVE-2021-45706 (An issue was discovered in the zeroize_derive crate before 1.1.1 for R ...)
+	TODO: check
+CVE-2021-45705 (An issue was discovered in the nanorand crate before 0.6.1 for Rust. T ...)
+	TODO: check
+CVE-2021-45704 (An issue was discovered in the metrics-util crate before 0.7.0 for Rus ...)
+	TODO: check
+CVE-2021-45703 (An issue was discovered in the tectonic_xdv crate before 0.1.12 for Ru ...)
+	TODO: check
+CVE-2021-45702 (An issue was discovered in the tremor-script crate before 0.11.6 for R ...)
+	TODO: check
+CVE-2021-45701 (An issue was discovered in the tremor-script crate before 0.11.6 for R ...)
+	TODO: check
+CVE-2021-45700 (An issue was discovered in the ckb crate before 0.40.0 for Rust. Attac ...)
+	TODO: check
+CVE-2021-45699 (An issue was discovered in the ckb crate before 0.40.0 for Rust. Remot ...)
+	TODO: check
+CVE-2021-45698 (An issue was discovered in the ckb crate before 0.40.0 for Rust. A get ...)
+	TODO: check
+CVE-2021-45697 (An issue was discovered in the molecule crate before 0.7.2 for Rust. A ...)
+	TODO: check
+CVE-2021-45696 (An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. ...)
+	TODO: check
+CVE-2021-45695 (An issue was discovered in the mopa crate through 2021-06-01 for Rust. ...)
+	TODO: check
+CVE-2021-45694 (An issue was discovered in the rdiff crate through 2021-02-03 for Rust ...)
+	TODO: check
+CVE-2021-45693 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
+	TODO: check
+CVE-2021-45692 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
+	TODO: check
+CVE-2021-45691 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
+	TODO: check
+CVE-2021-45690 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
+	TODO: check
+CVE-2021-45689 (An issue was discovered in the gfx-auxil crate through 2021-01-07 for  ...)
+	TODO: check
+CVE-2021-45688 (An issue was discovered in the ash crate before 0.33.1 for Rust. util: ...)
+	TODO: check
+CVE-2021-45687 (An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust.  ...)
+	TODO: check
+CVE-2021-45686 (An issue was discovered in the csv-sniffer crate through 2021-01-05 fo ...)
+	TODO: check
+CVE-2021-45685 (An issue was discovered in the columnar crate through 2021-01-07 for R ...)
+	TODO: check
+CVE-2021-45684 (An issue was discovered in the flumedb crate through 2021-01-07 for Ru ...)
+	TODO: check
+CVE-2021-45683 (An issue was discovered in the binjs_io crate through 2021-01-03 for R ...)
+	TODO: check
+CVE-2021-45682 (An issue was discovered in the bronzedb-protocol crate through 2021-01 ...)
+	TODO: check
+CVE-2021-45681 (An issue was discovered in the derive-com-impl crate before 0.1.2 for  ...)
+	TODO: check
+CVE-2021-45680 (An issue was discovered in the vec-const crate before 2.0.0 for Rust.  ...)
+	TODO: check
+CVE-2021-45111
+	RESERVED
+CVE-2021-45071
+	RESERVED
+CVE-2021-44547
+	RESERVED
+CVE-2021-44476
+	RESERVED
+CVE-2021-44475
+	RESERVED
+CVE-2021-44461
+	RESERVED
+CVE-2021-44460
+	RESERVED
+CVE-2021-4178
+	RESERVED
+CVE-2021-4177
+	RESERVED
+CVE-2021-4176
+	RESERVED
+CVE-2021-4175
+	RESERVED
+CVE-2021-26947
+	RESERVED
+CVE-2021-23186
+	RESERVED
+CVE-2021-23178
+	RESERVED
+CVE-2021-23176
+	RESERVED
+CVE-2021-23166
+	RESERVED
+CVE-2020-36514 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...)
+	TODO: check
+CVE-2020-36513 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...)
+	TODO: check
+CVE-2020-36512 (An issue was discovered in the buffoon crate through 2020-12-31 for Ru ...)
+	TODO: check
+CVE-2020-36511 (An issue was discovered in the bite crate through 2020-12-31 for Rust. ...)
+	TODO: check
+CVE-2019-25055 (An issue was discovered in the libpulse-binding crate before 2.6.0 for ...)
+	TODO: check
+CVE-2019-25054 (An issue was discovered in the pnet crate before 0.27.2 for Rust. Ther ...)
+	TODO: check
+CVE-2018-25028 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...)
+	TODO: check
+CVE-2018-25027 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...)
+	TODO: check
+CVE-2018-25026 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...)
+	TODO: check
+CVE-2018-25025 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...)
+	TODO: check
+CVE-2018-25024 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...)
+	TODO: check
+CVE-2018-25023 (An issue was discovered in the smallvec crate before 0.6.13 for Rust.  ...)
+	TODO: check
 CVE-2021-4174
 	RESERVED
 CVE-2021-4173
@@ -2013,7 +2151,7 @@ CVE-2022-21945
 CVE-2022-21944
 	RESERVED
 CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) di ...)
-	{DSA-5024-1}
+	{DSA-5024-1 DLA-2852-1}
 	- apache-log4j2 2.17.0-1 (bug #1001891)
 	NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105
 	NOTE: https://issues.apache.org/jira/browse/LOG4J2-3230
@@ -13919,6 +14057,7 @@ CVE-2021-41820
 	RESERVED
 CVE-2021-41819 [Cookie Prefix Spoofing in CGI::Cookie.parse]
 	RESERVED
+	{DLA-2853-1}
 	- ruby3.0 <unfixed>
 	- ruby2.7 2.7.5-1
 	- ruby2.5 <removed>
@@ -13930,6 +14069,7 @@ CVE-2021-41818
 	RESERVED
 CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsing Methods]
 	RESERVED
+	{DLA-2853-1}
 	- ruby3.0 <unfixed>
 	- ruby2.7 2.7.5-1
 	- ruby2.5 <removed>
@@ -125413,6 +125553,7 @@ CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit in
 	[jessie] - tika <ignored> (the fix is too invasive to backport)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/1
 CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache Log4j  ...)
+	{DLA-2852-1}
 	- apache-log4j2 2.13.3-1 (bug #959450)
 	[buster] - apache-log4j2 2.15.0-1~deb10u1
 	[jessie] - apache-log4j2 <no-dsa> (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f62dde9629170452511821da87828875b6bc860

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f62dde9629170452511821da87828875b6bc860
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211227/176918a0/attachment.htm>

More information about the debian-security-tracker-commits mailing list