[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jul 2 20:14:39 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e2c8733c by Moritz Muehlenhoff at 2021-07-02T21:01:21+02:00
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -112,6 +112,7 @@ CVE-2021-36084 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_ve
 CVE-2021-36083 (KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overf ...)
 	[experimental] - kimageformats 5.83.0-1
 	- kimageformats 5.78.0-5 (bug #990527)
+	[buster] - kimageformats <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33742
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/kimageformats/OSV-2021-695.yaml
 	NOTE: https://invent.kde.org/frameworks/kimageformats/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f
@@ -122,6 +123,7 @@ CVE-2021-36082 (ntop nDPI 3.4 has a stack-based buffer overflow in processClient
 	NOTE: https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3
 CVE-2021-36081 (Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-fr ...)
 	- tesseract <unfixed> (bug #990529)
+	[buster] - tesseract <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tesseract-ocr/OSV-2021-211.yaml
 	NOTE: https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55
@@ -49914,6 +49916,7 @@ CVE-2020-27782 (A flaw was found in the Undertow AJP connector. Malicious reques
 	NOTE: https://github.com/undertow-io/undertow/commit/fdac349cbcd1da41fe8b9d4e7ebbab6879990c2a (2.2.4.Final)
 CVE-2020-27781 (User credentials can be manipulated and stolen by Native CephFS consum ...)
 	- ceph 14.2.16-1 (bug #985670)
+	[buster] - ceph <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/manila/+bug/1904015
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1900109
 	NOTE: https://github.com/ceph/ceph/commit/1b8a634fdcd94dfb3ba650793fb1b6d09af65e05 (octopus)
@@ -55452,6 +55455,7 @@ CVE-2020-25679
 	RESERVED
 CVE-2020-25678 (A flaw was found in ceph in versions prior to 16.y.z where ceph stores ...)
 	- ceph 14.2.18-1
+	[buster] - ceph <no-dsa> (Minor issue)
 	NOTE: https://tracker.ceph.com/issues/37503
 	NOTE: https://github.com/ceph/ceph/pull/38614 (v14.2.17)
 CVE-2020-25677 (A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph ...)
@@ -86845,6 +86849,7 @@ CVE-2020-12060
 	RESERVED
 CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request with an ...)
 	- ceph 14.2.4-1
+	[buster] - ceph <no-dsa> (Minor issue)
 	[stretch] - ceph <not-affected> (Vulnerable code introduced later)
 	[jessie] - ceph <not-affected> (Vulnerable code introduced later)
 	NOTE: https://tracker.ceph.com/issues/44967
@@ -91777,6 +91782,7 @@ CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkMana
 	NOTE: plugin).
 CVE-2020-10753 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...)
 	- ceph 14.2.15-1 (bug #975300)
+	[buster] - ceph <no-dsa> (Minor issue)
 	[jessie] - ceph <no-dsa> (Minor issue)
 	NOTE: https://github.com/ceph/ceph/pull/35773
 	NOTE: Fix: https://github.com/ceph/ceph/commit/1524d3c0c5cb11775313ea1e2bb36a93257947f2
@@ -115964,6 +115970,7 @@ CVE-2020-1761 (A flaw was found in the OpenShift web console, where the access t
 CVE-2020-1760 (A flaw was found in the Ceph Object Gateway, where it supports request ...)
 	{DLA-2171-1}
 	- ceph 14.2.9-1 (bug #956142)
+	[buster] - ceph <no-dsa> (Minor issue)
 	NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/f4a0b2d9260a4523745875e3977a8a1ef9dc5e2e
 	NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/8aa1f77363ec32bdc57744a143035033291ab5e1
 	NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/18eb4d918b27d362312c29a3bbd57a421897c0a5



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2c8733c0ac638662e2d56f0c43271638191f077

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2c8733c0ac638662e2d56f0c43271638191f077
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210702/01986ca9/attachment.htm>

More information about the debian-security-tracker-commits mailing list