[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 5 21:10:32 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
41639c14 by security tracker role at 2021-07-05T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-36152
+	RESERVED
+CVE-2021-36151
+	RESERVED
 CVE-2021-3636
 	RESERVED
 CVE-2021-3635
@@ -1849,8 +1853,8 @@ CVE-2021-35333
 	RESERVED
 CVE-2021-35332
 	RESERVED
-CVE-2021-35331
-	RESERVED
+CVE-2021-35331 (** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehl ...)
+	TODO: check
 CVE-2021-35330
 	RESERVED
 CVE-2021-35329
@@ -6675,8 +6679,8 @@ CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allow
 	TODO: check completeness
 CVE-2021-33193
 	RESERVED
-CVE-2021-33192
-	RESERVED
+CVE-2021-33192 (A vulnerability in the HTML pages of Apache Jena Fuseki allows an atta ...)
+	TODO: check
 CVE-2021-33191
 	RESERVED
 CVE-2021-33190 (In Apache APISIX Dashboard version 2.6, we changed the default value o ...)
@@ -12673,7 +12677,7 @@ CVE-2018-25013 (A flaw was found in libwebp in versions before 1.0.1. An out-of-
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6
 CVE-2018-25012 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
-	{DLA-2677-1}
+	{DSA-4930-1 DLA-2677-1}
 	- libwebp 0.6.1-2.1
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/
@@ -15620,6 +15624,7 @@ CVE-2021-29507 (GENIVI Diagnostic Log and Trace (DLT) provides a log and trace i
 CVE-2021-29506 (GraphHopper is an open-source Java routing engine. In GrassHopper from ...)
 	NOT-FOR-US: GraphHopper
 CVE-2021-29505 (XStream is software for serializing Java objects to XML and back again ...)
+	{DLA-2704-1}
 	- libxstream-java 1.4.15-3 (bug #989491)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc
 	NOTE: https://github.com/x-stream/xstream/commit/f0c4a8d861b68ffc3119cfbbbd632deee624e227 (v1.4.17)
@@ -30235,8 +30240,8 @@ CVE-2021-23403 (All versions of package ts-nodash are vulnerable to Prototype Po
 	NOT-FOR-US: Node ts-nodash
 CVE-2021-23402 (All versions of package record-like-deep-assign are vulnerable to Prot ...)
 	NOT-FOR-US: Node record-like-deep-assign
-CVE-2021-23401
-	RESERVED
+CVE-2021-23401 (This affects all versions of package Flask-User. When using the make_s ...)
+	TODO: check
 CVE-2021-23400 (The package nodemailer before 6.6.1 are vulnerable to HTTP Header Inje ...)
 	- node-nodemailer 6.4.17-3 (bug #990485)
 	NOTE: https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f
@@ -31249,6 +31254,7 @@ CVE-2021-22919
 	RESERVED
 CVE-2021-22918
 	RESERVED
+	{DSA-4936-1}
 	- libuv1 1.40.0-2 (bug #990561)
 	[stretch] - libuv1 <not-affected> (Vulnerable code added later)
 	NOTE: https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
@@ -33982,6 +33988,7 @@ CVE-2021-21706
 	RESERVED
 CVE-2021-21705 [PHP: SSRF bypass in FILTER_VALIDATE_URL]
 	RESERVED
+	{DSA-4935-1}
 	- php8.0 8.0.8-1 (bug #990575)
 	- php7.4 7.4.21-1+deb11u1
 	- php7.3 <removed>
@@ -33990,6 +33997,7 @@ CVE-2021-21705 [PHP: SSRF bypass in FILTER_VALIDATE_URL]
 	NOTE: PHP Bug: https://bugs.php.net/81122
 CVE-2021-21704 [PHP: firebird issues]
 	RESERVED
+	{DSA-4935-1}
 	- php8.0 8.0.8-1 (bug #990575)
 	- php7.4 7.4.21-1+deb11u1
 	- php7.3 <removed>
@@ -52925,8 +52933,8 @@ CVE-2020-26765
 	RESERVED
 CVE-2020-26764
 	RESERVED
-CVE-2020-26763
-	RESERVED
+CVE-2020-26763 (The Rocket.Chat desktop application 2.17.11 opens external links witho ...)
+	TODO: check
 CVE-2020-26762 (A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3. ...)
 	NOT-FOR-US: Edimax IP-Camera
 CVE-2020-26761



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41639c1447c6c6c75f6fac0461bfa6a1a1a8da1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41639c1447c6c6c75f6fac0461bfa6a1a1a8da1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210705/d10cd040/attachment.htm>

More information about the debian-security-tracker-commits mailing list