[Git][security-tracker-team/security-tracker][master] new libgcrypt issue (experimental only)
Moritz Muehlenhoff
jmm at debian.org
Fri Jan 29 19:12:56 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
85a78ae7 by Moritz Muehlenhoff at 2021-01-29T20:12:25+01:00
new libgcrypt issue (experimental only)
add commit ref for tika
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-XXXX [libgcrypt heap overflow]
+ [experimental] - libgcrypt20 <unfixed>
+ - libgcrypt20 <not-affected> (Only affected 1.9)
+ NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
CVE-2021-3347 [UAF in futex]
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/1
@@ -89514,11 +89518,13 @@ CVE-2020-1951 (A carefully crafted or corrupt PSD file can cause an infinite loo
- tika <unfixed> (bug #954302)
[buster] - tika <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/4
+ NOTE: https://github.com/apache/tika/commit/ab8a9ed830ec710a32e4ffdf4989aea3aaea92ef
CVE-2020-1950 (A carefully crafted or corrupt PSD file can cause excessive memory usa ...)
{DLA-2161-1}
- tika <unfixed> (bug #954303)
[buster] - tika <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/3
+ NOTE: https://github.com/apache/tika/commit/ab8a9ed830ec710a32e4ffdf4989aea3aaea92ef
CVE-2020-1949 (Scripts in Sling CMS before 0.16.0 do not property escape the Sling Se ...)
NOT-FOR-US: Apache Sling
CVE-2020-1948 (This vulnerability can affect all Dubbo users stay on version 2.7.6 or ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85a78ae7004ad53e04fa2ad3036bf9e64572df51
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85a78ae7004ad53e04fa2ad3036bf9e64572df51
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210129/e2012b25/attachment.html>
More information about the debian-security-tracker-commits
mailing list