[Git][security-tracker-team/security-tracker][master] automatic update

Mon Jan 18 08:10:29 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
06b8e699 by security tracker role at 2021-01-18T08:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2021-3173
+	RESERVED
+CVE-2021-3172
+	RESERVED
+CVE-2021-3171
+	RESERVED
+CVE-2021-3170
+	RESERVED
+CVE-2021-3169
+	RESERVED
+CVE-2021-3168
+	RESERVED
+CVE-2021-3167
+	RESERVED
+CVE-2021-3166 (An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An at ...)
+	TODO: check
+CVE-2021-3165
+	RESERVED
+CVE-2021-3164
+	RESERVED
+CVE-2021-3163
+	RESERVED
+CVE-2021-25301
+	RESERVED
+CVE-2021-25300
+	RESERVED
+CVE-2021-25299
+	RESERVED
+CVE-2021-25298
+	RESERVED
+CVE-2021-25297
+	RESERVED
+CVE-2021-25296
+	RESERVED
+CVE-2021-25295 (OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issue ...)
+	TODO: check
+CVE-2021-25294 (OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity re ...)
+	TODO: check
+CVE-2021-25293
+	RESERVED
+CVE-2021-25292
+	RESERVED
+CVE-2021-25291
+	RESERVED
+CVE-2021-25290
+	RESERVED
+CVE-2021-25289
+	RESERVED
+CVE-2021-25288
+	RESERVED
+CVE-2021-25287
+	RESERVED
 CVE-2021-XXXX [gstreamer: stack buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking]
 	- gst-plugins-bad1.0 1.18.1-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1917192
@@ -15628,8 +15680,8 @@ CVE-2020-29448
 	RESERVED
 CVE-2020-29447 (Affected versions of Atlassian Crucible allow remote attackers to impa ...)
 	NOT-FOR-US: Atlassian
-CVE-2020-29446
-	RESERVED
+CVE-2020-29446 (Affected versions of Atlassian Fisheye & Crucible allow remote att ...)
+	TODO: check
 CVE-2020-29445
 	RESERVED
 CVE-2020-29444
@@ -48249,8 +48301,8 @@ CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the m
 	NOTE: https://github.com/mruby/mruby/commit/63956036e116ef6a33a91e16348c4d1a09f6f72c (2.1.2-rc2)
 CVE-2020-15865 (A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Re ...)
 	NOT-FOR-US: Stimulsoft
-CVE-2020-15864
-	RESERVED
+CVE-2020-15864 (An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability  ...)
+	TODO: check
 CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2 ...)
 	{DSA-4760-1 DLA-2288-1}
 	- qemu 1:5.0-12
@@ -114123,7 +114175,7 @@ CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsi
 	NOTE: https://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
 	NOTE: Upstream feels that this is not a security issue. See https://github.com/golang/go/issues/41200.
 CVE-2019-11840 (An issue was discovered in supplementary Go cryptography libraries, ak ...)
-	{DLA-2454-1 DLA-2442-1 DLA-2402-1 DLA-1840-1}
+	{DLA-2527-1 DLA-2454-1 DLA-2442-1 DLA-2402-1 DLA-1840-1}
 	- golang-go.crypto 1:0.0~git20200221.2aa609c-1
 	NOTE: https://github.com/golang/go/issues/30965
 	NOTE: https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06b8e6996a1411794541835abfaa6c61c3dc8e0b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06b8e6996a1411794541835abfaa6c61c3dc8e0b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210118/781826ba/attachment.html>
