[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 30 08:10:25 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
76039389 by security tracker role at 2021-01-30T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,303 @@
+CVE-2021-26460
+ RESERVED
+CVE-2021-26459
+ RESERVED
+CVE-2021-26458
+ RESERVED
+CVE-2021-26457
+ RESERVED
+CVE-2021-26456
+ RESERVED
+CVE-2021-26455
+ RESERVED
+CVE-2021-26454
+ RESERVED
+CVE-2021-26453
+ RESERVED
+CVE-2021-26452
+ RESERVED
+CVE-2021-26451
+ RESERVED
+CVE-2021-26450
+ RESERVED
+CVE-2021-26449
+ RESERVED
+CVE-2021-26448
+ RESERVED
+CVE-2021-26447
+ RESERVED
+CVE-2021-26446
+ RESERVED
+CVE-2021-26445
+ RESERVED
+CVE-2021-26444
+ RESERVED
+CVE-2021-26443
+ RESERVED
+CVE-2021-26442
+ RESERVED
+CVE-2021-26441
+ RESERVED
+CVE-2021-26440
+ RESERVED
+CVE-2021-26439
+ RESERVED
+CVE-2021-26438
+ RESERVED
+CVE-2021-26437
+ RESERVED
+CVE-2021-26436
+ RESERVED
+CVE-2021-26435
+ RESERVED
+CVE-2021-26434
+ RESERVED
+CVE-2021-26433
+ RESERVED
+CVE-2021-26432
+ RESERVED
+CVE-2021-26431
+ RESERVED
+CVE-2021-26430
+ RESERVED
+CVE-2021-26429
+ RESERVED
+CVE-2021-26428
+ RESERVED
+CVE-2021-26427
+ RESERVED
+CVE-2021-26426
+ RESERVED
+CVE-2021-26425
+ RESERVED
+CVE-2021-26424
+ RESERVED
+CVE-2021-26423
+ RESERVED
+CVE-2021-26422
+ RESERVED
+CVE-2021-26421
+ RESERVED
+CVE-2021-26420
+ RESERVED
+CVE-2021-26419
+ RESERVED
+CVE-2021-26418
+ RESERVED
+CVE-2021-26417
+ RESERVED
+CVE-2021-26416
+ RESERVED
+CVE-2021-26415
+ RESERVED
+CVE-2021-26414
+ RESERVED
+CVE-2021-26413
+ RESERVED
+CVE-2021-26412
+ RESERVED
+CVE-2021-26411
+ RESERVED
+CVE-2021-26410
+ RESERVED
+CVE-2021-26409
+ RESERVED
+CVE-2021-26408
+ RESERVED
+CVE-2021-26407
+ RESERVED
+CVE-2021-26406
+ RESERVED
+CVE-2021-26405
+ RESERVED
+CVE-2021-26404
+ RESERVED
+CVE-2021-26403
+ RESERVED
+CVE-2021-26402
+ RESERVED
+CVE-2021-26401
+ RESERVED
+CVE-2021-26400
+ RESERVED
+CVE-2021-26399
+ RESERVED
+CVE-2021-26398
+ RESERVED
+CVE-2021-26397
+ RESERVED
+CVE-2021-26396
+ RESERVED
+CVE-2021-26395
+ RESERVED
+CVE-2021-26394
+ RESERVED
+CVE-2021-26393
+ RESERVED
+CVE-2021-26392
+ RESERVED
+CVE-2021-26391
+ RESERVED
+CVE-2021-26390
+ RESERVED
+CVE-2021-26389
+ RESERVED
+CVE-2021-26388
+ RESERVED
+CVE-2021-26387
+ RESERVED
+CVE-2021-26386
+ RESERVED
+CVE-2021-26385
+ RESERVED
+CVE-2021-26384
+ RESERVED
+CVE-2021-26383
+ RESERVED
+CVE-2021-26382
+ RESERVED
+CVE-2021-26381
+ RESERVED
+CVE-2021-26380
+ RESERVED
+CVE-2021-26379
+ RESERVED
+CVE-2021-26378
+ RESERVED
+CVE-2021-26377
+ RESERVED
+CVE-2021-26376
+ RESERVED
+CVE-2021-26375
+ RESERVED
+CVE-2021-26374
+ RESERVED
+CVE-2021-26373
+ RESERVED
+CVE-2021-26372
+ RESERVED
+CVE-2021-26371
+ RESERVED
+CVE-2021-26370
+ RESERVED
+CVE-2021-26369
+ RESERVED
+CVE-2021-26368
+ RESERVED
+CVE-2021-26367
+ RESERVED
+CVE-2021-26366
+ RESERVED
+CVE-2021-26365
+ RESERVED
+CVE-2021-26364
+ RESERVED
+CVE-2021-26363
+ RESERVED
+CVE-2021-26362
+ RESERVED
+CVE-2021-26361
+ RESERVED
+CVE-2021-26360
+ RESERVED
+CVE-2021-26359
+ RESERVED
+CVE-2021-26358
+ RESERVED
+CVE-2021-26357
+ RESERVED
+CVE-2021-26356
+ RESERVED
+CVE-2021-26355
+ RESERVED
+CVE-2021-26354
+ RESERVED
+CVE-2021-26353
+ RESERVED
+CVE-2021-26352
+ RESERVED
+CVE-2021-26351
+ RESERVED
+CVE-2021-26350
+ RESERVED
+CVE-2021-26349
+ RESERVED
+CVE-2021-26348
+ RESERVED
+CVE-2021-26347
+ RESERVED
+CVE-2021-26346
+ RESERVED
+CVE-2021-26345
+ RESERVED
+CVE-2021-26344
+ RESERVED
+CVE-2021-26343
+ RESERVED
+CVE-2021-26342
+ RESERVED
+CVE-2021-26341
+ RESERVED
+CVE-2021-26340
+ RESERVED
+CVE-2021-26339
+ RESERVED
+CVE-2021-26338
+ RESERVED
+CVE-2021-26337
+ RESERVED
+CVE-2021-26336
+ RESERVED
+CVE-2021-26335
+ RESERVED
+CVE-2021-26334
+ RESERVED
+CVE-2021-26333
+ RESERVED
+CVE-2021-26332
+ RESERVED
+CVE-2021-26331
+ RESERVED
+CVE-2021-26330
+ RESERVED
+CVE-2021-26329
+ RESERVED
+CVE-2021-26328
+ RESERVED
+CVE-2021-26327
+ RESERVED
+CVE-2021-26326
+ RESERVED
+CVE-2021-26325
+ RESERVED
+CVE-2021-26324
+ RESERVED
+CVE-2021-26323
+ RESERVED
+CVE-2021-26322
+ RESERVED
+CVE-2021-26321
+ RESERVED
+CVE-2021-26320
+ RESERVED
+CVE-2021-26319
+ RESERVED
+CVE-2021-26318
+ RESERVED
+CVE-2021-26317
+ RESERVED
+CVE-2021-26316
+ RESERVED
+CVE-2021-26315
+ RESERVED
+CVE-2021-26314
+ RESERVED
+CVE-2021-26313
+ RESERVED
+CVE-2021-26312
+ RESERVED
+CVE-2021-26311
+ RESERVED
CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...)
TODO: check
CVE-2021-3344
@@ -12,7 +312,7 @@ CVE-2018-25005
RESERVED
CVE-2018-25004
RESERVED
-CVE-2021-3345 [libgcrypt heap overflow]
+CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt before 1.9.1 ...)
[experimental] - libgcrypt20 <unfixed> (bug #981370)
- libgcrypt20 <not-affected> (Only affected 1.9)
NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
@@ -1790,8 +2090,8 @@ CVE-2021-25648
RESERVED
CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows stored XS ...)
NOT-FOR-US: Mobile application "Testes de Codigo"
-CVE-2021-25646
- RESERVED
+CVE-2021-25646 (Apache Druid includes the ability to execute user-provided JavaScript ...)
+ TODO: check
CVE-2019-25014 (A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go ge ...)
NOT-FOR-US: Istio
CVE-2021-3308 (An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 throug ...)
@@ -12275,8 +12575,8 @@ CVE-2021-21256
RESERVED
CVE-2021-21255
RESERVED
-CVE-2021-21254
- RESERVED
+CVE-2021-21254 (CKEditor 5 is an open source rich text editor framework with a modular ...)
+ TODO: check
CVE-2021-21253 (OnlineVotingSystem is an open source project hosted on GitHub. OnlineV ...)
NOT-FOR-US: OnlineVotingSystem
CVE-2021-21252 (The jQuery Validation Plugin provides drop-in validation for your exis ...)
@@ -17973,8 +18273,8 @@ CVE-2020-29559
RESERVED
CVE-2020-29558
RESERVED
-CVE-2020-29557
- RESERVED
+CVE-2020-29557 (An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 bef ...)
+ TODO: check
CVE-2020-29556
RESERVED
CVE-2020-29555
@@ -47677,8 +47977,7 @@ CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow
NOT-FOR-US: MSI AmbientLink MsIo64 driver
CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due to insuff ...)
NOT-FOR-US: Ghisler Total Commander
-CVE-2020-17380 [heap buffer overflow in sdhci_sdma_transfer_multi_blocks() in hw/sd/sdhci.c]
- RESERVED
+CVE-2020-17380 (A heap-based buffer overflow was found in QEMU through 5.0.0 in the SD ...)
- qemu <unfixed> (bug #970937)
[buster] - qemu <postponed> (Minor issue, fix along in future DSA)
[stretch] - qemu <postponed> (Minor issue, fix along in future DLA)
@@ -51607,8 +51906,8 @@ CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL a
[stretch] - nim <no-dsa> (Minor issue)
CVE-2020-15691
RESERVED
-CVE-2020-15690
- RESERVED
+CVE-2020-15690 (In Nim before 1.2.6, the standard library asyncftpclient lacks a check ...)
+ TODO: check
CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, ...)
NOT-FOR-US: Appweb
CVE-2020-15688 (The HTTP Digest Authentication in the GoAhead web server before 5.1.2 ...)
@@ -52024,8 +52323,8 @@ CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-afte
- milkytracker 1.02.00+dfsg-2.1 (bug #964797)
[buster] - milkytracker 1.02.00+dfsg-1+deb10u1
NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf
-CVE-2020-15568
- RESERVED
+CVE-2020-15568 (TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that lead ...)
+ TODO: check
CVE-2020-15567 (An issue was discovered in Xen through 4.13.x, allowing Intel guest OS ...)
{DSA-4723-1}
- xen 4.11.4+24-gddaaccbbab-1
@@ -55039,8 +55338,8 @@ CVE-2020-14420
RESERVED
CVE-2020-14419
RESERVED
-CVE-2020-14418
- RESERVED
+CVE-2020-14418 (A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that al ...)
+ TODO: check
CVE-2020-14417
RESERVED
CVE-2020-14415 (oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer ...)
@@ -150493,11 +150792,11 @@ CVE-2018-19542 (An issue was discovered in JasPer 2.0.14. There is a NULL pointe
{DLA-1628-1}
- jasper <removed>
NOTE: https://github.com/mdadams/jasper/issues/182
-CVE-2018-19541 (An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...)
+CVE-2018-19541 (An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11 ...)
{DLA-1628-1}
- jasper <removed>
NOTE: https://github.com/mdadams/jasper/issues/182
-CVE-2018-19540 (An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...)
+CVE-2018-19540 (An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11 ...)
{DLA-1628-1}
- jasper <removed>
NOTE: https://github.com/mdadams/jasper/issues/182
@@ -211931,7 +212230,7 @@ CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allow
[wheezy] - redis <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/antirez/redis/issues/4278
NOTE: Pull request: https://github.com/antirez/redis/pull/4365
-CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples i ...)
+CVE-2017-15046 (LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based ...)
- lame 3.99.5+repack1-8
[jessie] - lame 3.99.5+repack1-7+deb8u2
NOTE: https://sourceforge.net/p/lame/bugs/479/
@@ -212075,7 +212374,7 @@ CVE-2017-15019 (LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_ini
[stretch] - lame <ignored> (Minor issue)
[jessie] - lame <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/lame/bugs/477/
-CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer over-read when handling a malforme ...)
+CVE-2017-15018 (LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and ...)
- lame 3.99.5+repack1-8
[jessie] - lame 3.99.5+repack1-7+deb8u2
NOTE: https://sourceforge.net/p/lame/bugs/480/
@@ -214778,7 +215077,7 @@ CVE-2017-14134 (A Reflected XSS Vulnerability affects the forgotten password pag
NOT-FOR-US: Maplesoft Maple
CVE-2017-14133
RESERVED
-CVE-2017-14132 (JasPer 2.0.13 allows remote attackers to cause a denial of service (he ...)
+CVE-2017-14132 (JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900 ...)
{DLA-1583-1}
- jasper <removed> (low)
[wheezy] - jasper <ignored> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76039389455e9e30d873381f262c1df2b3260f7b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76039389455e9e30d873381f262c1df2b3260f7b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210130/ed3808c5/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list