[Git][security-tracker-team/security-tracker][master] rust-xcb CVEfied

Wed Feb 10 10:48:31 GMT 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
28288c49 by Moritz Muehlenhoff at 2021-02-10T11:48:07+01:00
rust-xcb CVEfied
gdisk no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -297,15 +297,19 @@ CVE-2021-26961
 CVE-2021-26960
 	RESERVED
 CVE-2021-26959 (An issue was discovered in the hyper crate before 0.13.10 and 0.14.x b ...)
-	TODO: check
+	TODO: check, seems to be a duplicate of CVE-2021-21299, contacted MITRE 
 CVE-2021-26958 (An issue was discovered in the xcb crate through 2021-02-04 for Rust.  ...)
-	TODO: check
+	- rust-xcb <unfixed>
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html
 CVE-2021-26957 (An issue was discovered in the xcb crate through 2021-02-04 for Rust.  ...)
-	TODO: check
+	- rust-xcb <unfixed>
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html
 CVE-2021-26956 (An issue was discovered in the xcb crate through 2021-02-04 for Rust.  ...)
-	TODO: check
+	- rust-xcb <unfixed>
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html
 CVE-2021-26955 (An issue was discovered in the xcb crate through 2021-02-04 for Rust.  ...)
-	TODO: check
+	- rust-xcb <unfixed>
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html
 CVE-2021-26954 (An issue was discovered in the qwutils crate before 0.3.1 for Rust. Wh ...)
 	TODO: check
 CVE-2021-26953 (An issue was discovered in the postscript crate before 0.14.0 for Rust ...)
@@ -568,9 +572,6 @@ CVE-2021-21299 [hyper: Multiple Transfer-Encoding headers misinterprets request
 	- rust-hyper <unfixed>
 	NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0020.html
-CVE-2021-XXXX [xcb: Multiple soundness issues]
-	- rust-xcb <unfixed>
-	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html
 CVE-2021-XXXX [GHSL-2021-045: integer overflow in g_bytes_new/g_memdup]
 	- glib2.0 2.66.6-1
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2319
@@ -25608,6 +25609,7 @@ CVE-2021-0309 (In onCreate of grantCredentialsPermissionActivity, there is a con
 CVE-2021-0308 (In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds  ...)
 	{DLA-2549-1}
 	- gdisk 1.0.6-1
+	[buster] - gdisk <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/gptfdisk/code/ci/f523bbc0c2437fe259aa3aff5e819e24101aee29
 	NOTE: https://android.googlesource.com/platform/external/gptfdisk/+/6d369451868ce71618144c4f4bd645ae48f0d1c5
 CVE-2021-0307 (In updatePermissionSourcePackage of PermissionManagerService.java, the ...)
@@ -98854,6 +98856,7 @@ CVE-2020-0257 (In SpecializeCommon of com_android_internal_os_Zygote.cpp, there
 CVE-2020-0256 (In LoadPartitionTable of gpt.cc, there is a possible out of bounds wri ...)
 	{DLA-2549-1}
 	- gdisk 1.0.6-1
+	[buster] - gdisk <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/gptfdisk/code/ci/81c8bbee46ad6ebacf72eae70ba5147f376205a4/
 	NOTE: https://android.googlesource.com/platform/external/gptfdisk/+/7ffd0a26064cf25c0922f2bab511e4b4e8149083
 CVE-2020-0255



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28288c49da1e548265a8538e5b21a829abd25874

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28288c49da1e548265a8538e5b21a829abd25874
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210210/4f0cc2e1/attachment-0001.html>
