[Git][security-tracker-team/security-tracker][master] new u-boot, asterisk issues

Moritz Muehlenhoff jmm at debian.org
Fri Feb 19 22:07:56 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e48f4435 by Moritz Muehlenhoff at 2021-02-19T23:07:42+01:00
new u-boot, asterisk issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -213,15 +213,15 @@ CVE-2021-27401
 CVE-2021-27400
 	RESERVED
 CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has one out ...)
-	TODO: check
+	- owncloud <removed>
 CVE-2020-36251 (ownCloud Server before 10.3.0 allows an attacker, who has received non ...)
-	TODO: check
+	- owncloud <removed>
 CVE-2020-36250 (In the ownCloud application before 2.15 for Android, the lock protecti ...)
-	TODO: check
+	NOT-FOR-US: ownCloud app for Android
 CVE-2020-36249 (The File Firewall before 2.8.0 for ownCloud Server does not properly e ...)
-	TODO: check
+	NOT-FOR-US: ownCloud addon
 CVE-2020-36248 (The ownCloud application before 2.15 for Android allows attackers to u ...)
-	TODO: check
+	NOT-FOR-US: ownCloud app for Android
 CVE-2020-36247 (Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. ...)
 	NOT-FOR-US: Open OnDemand
 CVE-2020-36246 (Amaze File Manager before 3.5.1 allows attackers to obtain root privil ...)
@@ -792,7 +792,11 @@ CVE-2021-27140 (An issue was discovered on FiberHome HG6245D devices through RP2
 CVE-2021-27139 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
 	NOT-FOR-US: FiberHome devices
 CVE-2021-27138 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of uni ...)
-	TODO: check
+	- u-boot <unfixed>
+	[buster] - u-boot <no-dsa> (Minor issue)
+	NOTE: https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917
+	NOTE: https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4
+	NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
 CVE-2021-27137
 	RESERVED
 CVE-2021-27136
@@ -880,7 +884,11 @@ CVE-2021-27099
 CVE-2021-27098
 	RESERVED
 CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified ...)
-	TODO: check
+	- u-boot <unfixed>
+	[buster] - u-boot <no-dsa> (Minor issue)
+	NOTE: https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01
+	NOTE: https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b
+	NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
 CVE-2021-27096
 	RESERVED
 CVE-2021-27095
@@ -1312,7 +1320,8 @@ CVE-2021-26908
 CVE-2021-26907
 	RESERVED
 CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium Asterisk thro ...)
-	TODO: check
+	- asterisk <unfixed>
+	NOTE: https://downloads.asterisk.org/pub/security/AST-2021-005.html
 CVE-2021-3402
 	RESERVED
 	- yara 4.0.4-1
@@ -1672,7 +1681,7 @@ CVE-2021-26748
 CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metach ...)
 	NOT-FOR-US: Netis devices
 CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= U ...)
-	TODO: check
+	NOT-FOR-US: Chamilo
 CVE-2021-26745
 	RESERVED
 CVE-2021-26744
@@ -1734,7 +1743,9 @@ CVE-2021-26719 (A directory traversal issue was discovered in Gradle gradle-ente
 CVE-2021-26718
 	RESERVED
 CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x  ...)
-	TODO: check
+	- asterisk <unfixed>
+	[buster] - asterisk <not-affected> (Introduced in 16.15.0)
+	NOTE: https://downloads.asterisk.org/pub/security/AST-2021-002.html
 CVE-2021-26716
 	RESERVED
 CVE-2021-26715
@@ -1744,7 +1755,8 @@ CVE-2021-26714
 CVE-2021-26713
 	RESERVED
 CVE-2021-26712 (Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 1 ...)
-	TODO: check
+	- asterisk <not-affected> (Only affects 16.16)
+	NOTE: https://downloads.asterisk.org/pub/security/AST-2021-002.html
 CVE-2021-26711 (A frame-injection issue in the online help in Redwood Report2Web 4.3.4 ...)
 	NOT-FOR-US: Redwood Report2Web
 CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in Redwood Repor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e48f44356a7105bacca6394b393039eb5118dcbd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e48f44356a7105bacca6394b393039eb5118dcbd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210219/96c576a1/attachment.html>

More information about the debian-security-tracker-commits mailing list