[Git][security-tracker-team/security-tracker][master] bug nums

Thu Jul 1 19:08:27 BST 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4faea9f9 by Moritz Muehlenhoff at 2021-07-01T19:22:32+02:00
bug nums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,7 +61,7 @@ CVE-2020-36403 (HTSlib 1.10 through 1.10.2 allows out-of-bounds write access in
 CVE-2020-36402 (Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLi ...)
 	NOT-FOR-US: Solidity
 CVE-2020-36401 (mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_f ...)
-	- mruby <unfixed>
+	- mruby <unfixed> (bug #990540)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml
 	NOTE: https://github.com/mruby/mruby/commit/97319697c8f9f6ff27b32589947e1918e3015503
@@ -85,7 +85,7 @@ CVE-2019-25049 (LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_i
 CVE-2019-25048 (LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_p ...)
 	 - libressl <itp> (bug #754513)
 CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write durin ...)
-	- unrar-nonfree <unfixed>
+	- unrar-nonfree <unfixed> (bug #990541)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml
 CVE-2018-25017 (RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in Tab ...)
@@ -378,7 +378,7 @@ CVE-2021-35943
 	RESERVED
 CVE-2021-35942 [Wild read in wordexp (parse_param)]
 	RESERVED
-	- glibc <unfixed>
+	- glibc <unfixed> (bug #990542)
 	[bullseye] - glibc <no-dsa> (Minor issue)
 	[buster] - glibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28011
@@ -401,19 +401,19 @@ CVE-2021-35940
 	RESERVED
 CVE-2021-35939 [checks for unsafe symlinks are not performed for intermediary directories]
 	RESERVED
-	- rpm <unfixed>
+	- rpm <unfixed> (bug #990543)
 	[bullseye] - rpm <no-dsa> (Minor issue)
 	[buster] - rpm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964129
 CVE-2021-35938 [races with chown/chmod/capabilities calls during installation]
 	RESERVED
-	- rpm <unfixed>
+	- rpm <unfixed> (bug #990543)
 	[bullseye] - rpm <no-dsa> (Minor issue)
 	[buster] - rpm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964114
 CVE-2021-35937 [TOCTOU race in checks for unsafe symlinks]
 	RESERVED
-	- rpm <unfixed>
+	- rpm <unfixed> (bug #990543)
 	[bullseye] - rpm <no-dsa> (Minor issue)
 	[buster] - rpm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964125



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4faea9f9fd4ffe56ef1411a42339ef545ee85ea5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4faea9f9fd4ffe56ef1411a42339ef545ee85ea5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210701/4fc838b2/attachment.htm>
