[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 9 21:10:29 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4e4eaa15 by security tracker role at 2021-07-09T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2021-36366
+ RESERVED
+CVE-2021-36365
+ RESERVED
+CVE-2021-36364
+ RESERVED
+CVE-2021-36363
+ RESERVED
+CVE-2021-36362
+ RESERVED
+CVE-2021-36361
+ RESERVED
+CVE-2021-36360
+ RESERVED
+CVE-2021-36359
+ RESERVED
+CVE-2021-36358
+ RESERVED
+CVE-2021-36357
+ RESERVED
+CVE-2021-36356
+ RESERVED
+CVE-2021-36355
+ RESERVED
+CVE-2021-36354
+ RESERVED
+CVE-2021-36353
+ RESERVED
+CVE-2021-36352
+ RESERVED
+CVE-2021-36351
+ RESERVED
CVE-2021-3640
RESERVED
CVE-2021-3639
@@ -291,8 +323,7 @@ CVE-2021-36213
RESERVED
CVE-2021-36212 (app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored X ...)
NOT-FOR-US: MISP
-CVE-2021-3637
- RESERVED
+CVE-2021-3637 (A flaw was found in keycloak-model-infinispan in keycloak versions bef ...)
NOT-FOR-US: Keycloak
CVE-2021-36211
RESERVED
@@ -406,12 +437,12 @@ CVE-2021-36157
RESERVED
CVE-2021-36156
RESERVED
-CVE-2021-36155
- RESERVED
-CVE-2021-36154
- RESERVED
-CVE-2021-36153
- RESERVED
+CVE-2021-36155 (LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates ...)
+ TODO: check
+CVE-2021-36154 (HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remot ...)
+ TODO: check
+CVE-2021-36153 (Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1. ...)
+ TODO: check
CVE-2021-36152
RESERVED
CVE-2021-36151
@@ -2838,8 +2869,7 @@ CVE-2021-35068
RESERVED
CVE-2021-35067
RESERVED
-CVE-2021-3612 [joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()]
- RESERVED
+CVE-2021-3612 (An out-of-bounds memory write flaw was found in the Linux kernel's joy ...)
- linux <unfixed>
NOTE: Introduced by: https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/
CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.13 ...)
@@ -5708,14 +5738,14 @@ CVE-2021-3573
- linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2
-CVE-2021-33795
- RESERVED
+CVE-2021-33795 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorr ...)
+ TODO: check
CVE-2021-33794
RESERVED
CVE-2021-33793
RESERVED
-CVE-2021-33792
- RESERVED
+CVE-2021-33792 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...)
+ TODO: check
CVE-2021-3572 [Don't split git references on unicode separators #9827]
RESERVED
- python-pip 20.3.4-2
@@ -5726,16 +5756,14 @@ CVE-2021-3572 [Don't split git references on unicode separators #9827]
NOTE: https://github.com/pypa/pip/commit/ca832b2836e0bffa7cf95589acdcd71230f5834e (21.1)
CVE-2021-33791
RESERVED
-CVE-2021-3571 [linuxptp: wrong length of one-step follow-up in transparent clock]
- RESERVED
+CVE-2021-3571 (A flaw was found in the ptp4l program of the linuxptp package. When pt ...)
- linuxptp 3.1-2.1 (bug #990749)
[buster] - linuxptp <not-affected> (Vulnerable code introduced later, transparent clock implementation in v2.0)
[stretch] - linuxptp <not-affected> (Vulnerable code introduced later, transparent clock implementation in v2.0)
NOTE: https://github.com/richardcochran/linuxptp/commit/d61d77e163dbee247819f3d88593ba111577af15 (master)
NOTE: https://github.com/richardcochran/linuxptp/commit/0b3ab45de6a96ca181a5cf62c3c2b97167e2ed20 (v3.1.1)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1
-CVE-2021-3570 [linuxptp: missing length check of forwarded messages]
- RESERVED
+CVE-2021-3570 (A flaw was found in the ptp4l program of the linuxptp package. A missi ...)
- linuxptp 3.1-2.1 (bug #990748)
NOTE: https://github.com/richardcochran/linuxptp/commit/a1e63aa3a7304647913707c4df01f3df430806ab (master)
NOTE: https://github.com/richardcochran/linuxptp/commit/ce15e4de5926724557e8642ec762a210632f15ca (v3.1.1)
@@ -7033,8 +7061,8 @@ CVE-2021-33216 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1
NOT-FOR-US: CommScope Ruckus IoT Controller
CVE-2021-33215 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
NOT-FOR-US: CommScope Ruckus IoT Controller
-CVE-2021-33214
- RESERVED
+CVE-2021-33214 (In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could ...)
+ TODO: check
CVE-2021-33213
RESERVED
CVE-2021-33212
@@ -7565,8 +7593,8 @@ CVE-2021-33014
RESERVED
CVE-2021-33013
RESERVED
-CVE-2021-33012
- RESERVED
+CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remote, un ...)
+ TODO: check
CVE-2021-33011
RESERVED
CVE-2021-33010
@@ -7645,8 +7673,8 @@ CVE-2021-32974
RESERVED
CVE-2021-32973
RESERVED
-CVE-2021-32972
- RESERVED
+CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacke ...)
+ TODO: check
CVE-2021-32971
RESERVED
CVE-2021-32970
@@ -8125,10 +8153,10 @@ CVE-2021-32755
RESERVED
CVE-2021-32754
RESERVED
-CVE-2021-32753
- RESERVED
-CVE-2021-32752
- RESERVED
+CVE-2021-32753 (EdgeX Foundry is an open source project for building a common open fra ...)
+ TODO: check
+CVE-2021-32752 (Ether Logs is a package that allows one to check one's logs in the Cra ...)
+ TODO: check
CVE-2021-32751
RESERVED
CVE-2021-32750
@@ -8147,8 +8175,8 @@ CVE-2021-32744
RESERVED
CVE-2021-32743
RESERVED
-CVE-2021-32742
- RESERVED
+CVE-2021-32742 (Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug ...)
+ TODO: check
CVE-2021-32741
RESERVED
CVE-2021-32740 (Addressable is an alternative implementation to the URI implementation ...)
@@ -8466,7 +8494,7 @@ CVE-2021-3547
RESERVED
CVE-2021-32605 (zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrar ...)
NOT-FOR-US: zzzcms
-CVE-2021-32604 (SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEma ...)
+CVE-2021-32604 (Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles ...)
NOT-FOR-US: SolarWinds
CVE-2021-32603
RESERVED
@@ -8799,8 +8827,7 @@ CVE-2021-32490 (A flaw was found in djvulibre-3.5.28 and earlier. An out of boun
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943408
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #4 / Patch8)
-CVE-2021-3541
- RESERVED
+CVE-2021-3541 (A flaw was found in libxml2. Exponential entity expansion attack its p ...)
{DLA-2669-1}
- libxml2 2.9.10+dfsg-6.7 (bug #988603)
[buster] - libxml2 2.9.4+dfsg1-7+deb10u2
@@ -10975,7 +11002,7 @@ CVE-2021-31620
CVE-2021-31619
RESERVED
CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol checks rec ...)
- {DSA-4937-1}
+ {DSA-4937-1 DLA-2706-1}
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-5 (bug #989562)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618
@@ -13262,7 +13289,7 @@ CVE-2021-3496 (A heap-based buffer overflow was found in jhead in version 3.06 i
NOTE: Fixed by: https://github.com/Matthias-Wandel/jhead/commit/ca2973f4ce79279c15a09cf400648a757c1721b0
NOTE: Crash in CLI tool, no security impact
CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behav ...)
- {DSA-4937-1}
+ {DSA-4937-1 DLA-2706-1}
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
@@ -14357,8 +14384,8 @@ CVE-2021-30203
RESERVED
CVE-2021-30202
RESERVED
-CVE-2021-30201
- RESERVED
+CVE-2021-30201 (An XML External Entity (XXE) issue exists in Kaseya VSA before 9.5.6. ...)
+ TODO: check
CVE-2021-30200
RESERVED
CVE-2021-30199 (In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Derefe ...)
@@ -14685,18 +14712,18 @@ CVE-2021-30123 (FFmpeg <=4.3 contains a buffer overflow vulnerability in liba
NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
CVE-2021-30122
RESERVED
-CVE-2021-30121
- RESERVED
-CVE-2021-30120
- RESERVED
-CVE-2021-30119
- RESERVED
-CVE-2021-30118
- RESERVED
-CVE-2021-30117
- RESERVED
-CVE-2021-30116
- RESERVED
+CVE-2021-30121 (Local file inclusion exists in Kaseya VSA before 9.5.6. ...)
+ TODO: check
+CVE-2021-30120 (Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA requiremen ...)
+ TODO: check
+CVE-2021-30119 (Cross Site Scripting (XSS) exists in Kaseya VSA before 9.5.7. ...)
+ TODO: check
+CVE-2021-30118 (Kaseya VSA before 9.5.5 allows remote code execution. ...)
+ TODO: check
+CVE-2021-30117 (SQL injection exists in Kaseya VSA before 9.5.6. ...)
+ TODO: check
+CVE-2021-30116 (Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in ...)
+ TODO: check
CVE-2021-30115
RESERVED
CVE-2021-30114 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...)
@@ -15571,8 +15598,8 @@ CVE-2021-29732
RESERVED
CVE-2021-29731
RESERVED
-CVE-2021-29730
- RESERVED
+CVE-2021-29730 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...)
+ TODO: check
CVE-2021-29729
RESERVED
CVE-2021-29728
@@ -15607,8 +15634,8 @@ CVE-2021-29714
RESERVED
CVE-2021-29713
RESERVED
-CVE-2021-29712
- RESERVED
+CVE-2021-29712 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
+ TODO: check
CVE-2021-29711 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3. ...)
NOT-FOR-US: IBM
CVE-2021-29710
@@ -22069,20 +22096,20 @@ CVE-2021-27041 (A maliciously crafted DWG file can be used to write beyond the a
NOT-FOR-US: Autodesk
CVE-2021-27040 (A maliciously crafted DWG file can be forced to read beyond allocated ...)
NOT-FOR-US: Autodesk
-CVE-2021-27039
- RESERVED
-CVE-2021-27038
- RESERVED
-CVE-2021-27037
- RESERVED
-CVE-2021-27036
- RESERVED
-CVE-2021-27035
- RESERVED
-CVE-2021-27034
- RESERVED
-CVE-2021-27033
- RESERVED
+CVE-2021-27039 (A maliciously crafted TIFF file in Autodesk 2018, 2017, 2013, 2012, 20 ...)
+ TODO: check
+CVE-2021-27038 (A Type Confusion vulnerability in Autodesk 2018, 2017, 2013, 2012, 201 ...)
+ TODO: check
+CVE-2021-27037 (A maliciously crafted PNG, PDF or DWF file in Autodesk 2018, 2017, 201 ...)
+ TODO: check
+CVE-2021-27036 (A maliciously crafted PDF, PICT or TIFF file can be used to write beyo ...)
+ TODO: check
+CVE-2021-27035 (A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk 2018, 2 ...)
+ TODO: check
+CVE-2021-27034 (A heap-based buffer overflow could occur while parsing PICT or TIFF fi ...)
+ TODO: check
+CVE-2021-27033 (A Double Free vulnerability allows remote attackers to execute arbitra ...)
+ TODO: check
CVE-2021-27032 (Autodesk Licensing Installer was found to be vulnerable to privilege e ...)
NOT-FOR-US: Autodesk
CVE-2021-27031 (A user may be tricked into opening a malicious FBX file which may expl ...)
@@ -22920,13 +22947,13 @@ CVE-2021-26693
CVE-2021-26692
RESERVED
CVE-2021-26691 (In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted Ses ...)
- {DSA-4937-1}
+ {DSA-4937-1 DLA-2706-1}
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26691
NOTE: https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b
CVE-2021-26690 (Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie ...)
- {DSA-4937-1}
+ {DSA-4937-1 DLA-2706-1}
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26690
@@ -24499,8 +24526,8 @@ CVE-2021-26108
RESERVED
CVE-2021-26107
RESERVED
-CVE-2021-26106
- RESERVED
+CVE-2021-26106 (An improper neutralization of special elements used in an OS Command v ...)
+ TODO: check
CVE-2021-26105
RESERVED
CVE-2021-26104
@@ -24511,8 +24538,8 @@ CVE-2021-26102
RESERVED
CVE-2021-26101
RESERVED
-CVE-2021-26100
- RESERVED
+CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption service ...)
+ TODO: check
CVE-2021-26099
RESERVED
CVE-2021-26098
@@ -29280,8 +29307,8 @@ CVE-2021-24022
RESERVED
CVE-2021-24021
RESERVED
-CVE-2021-24020
- RESERVED
+CVE-2021-24020 (A missing cryptographic step in the implementation of the hash digest ...)
+ TODO: check
CVE-2021-24019
RESERVED
CVE-2021-24018
@@ -29306,8 +29333,8 @@ CVE-2021-24009
RESERVED
CVE-2021-24008
RESERVED
-CVE-2021-24007
- RESERVED
+CVE-2021-24007 (Multiple improper neutralization of special elements of SQL commands v ...)
+ TODO: check
CVE-2021-24006
RESERVED
CVE-2021-24005 (Usage of hard-coded cryptographic keys to encrypt configuration files ...)
@@ -30762,8 +30789,8 @@ CVE-2021-23407
RESERVED
CVE-2021-23406
RESERVED
-CVE-2021-23405
- RESERVED
+CVE-2021-23405 (This affects the package pimcore/pimcore before 10.0.7. This issue exi ...)
+ TODO: check
CVE-2021-23404
RESERVED
CVE-2021-23403 (All versions of package ts-nodash are vulnerable to Prototype Pollutio ...)
@@ -33646,8 +33673,8 @@ CVE-2021-22131
RESERVED
CVE-2021-22130 (A stack-based buffer overflow vulnerability in FortiProxy physical app ...)
NOT-FOR-US: FortiProxy (FortiGuard)
-CVE-2021-22129
- RESERVED
+CVE-2021-22129 (Multiple instances of incorrect calculation of buffer size in the Webm ...)
+ TODO: check
CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN portal ...)
NOT-FOR-US: FortiProxy SSL VPN portal
CVE-2021-22127
@@ -40573,7 +40600,7 @@ CVE-2020-35454 (The Taidii Diibear Android application 2.4.0 and all its derivat
CVE-2020-35453 (HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorre ...)
NOT-FOR-US: HashiCorp Vault
CVE-2020-35452 (Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest ...)
- {DSA-4937-1}
+ {DSA-4937-1 DLA-2706-1}
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-35452
@@ -44694,8 +44721,8 @@ CVE-2020-29016 (A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 th
NOT-FOR-US: Fortiguard
CVE-2020-29015 (A blind SQL injection in the user interface of FortiWeb 6.3.0 through ...)
NOT-FOR-US: Fortiguard
-CVE-2020-29014
- RESERVED
+CVE-2020-29014 (A concurrent execution using shared resource with improper synchroniza ...)
+ TODO: check
CVE-2020-29013
RESERVED
CVE-2020-29012
@@ -63089,8 +63116,8 @@ CVE-2020-22537
RESERVED
CVE-2020-22536
RESERVED
-CVE-2020-22535
- RESERVED
+CVE-2020-22535 (Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list ...)
+ TODO: check
CVE-2020-22534
RESERVED
CVE-2020-22533
@@ -65601,8 +65628,8 @@ CVE-2020-21335
RESERVED
CVE-2020-21334
RESERVED
-CVE-2020-21333
- RESERVED
+CVE-2020-21333 (Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an ad ...)
+ TODO: check
CVE-2020-21332
RESERVED
CVE-2020-21331
@@ -115878,7 +115905,7 @@ CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to
NOTE: https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56 (8.5.51)
NOTE: https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d (7.0.100)
CVE-2020-1934 (In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitial ...)
- {DSA-4757-1}
+ {DSA-4757-1 DLA-2706-1}
- apache2 2.4.43-1 (low)
[jessie] - apache2 <ignored> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1934
@@ -115904,7 +115931,7 @@ CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 ha
CVE-2020-1928 (An information disclosure vulnerability was found in Apache NiFi 1.10. ...)
NOT-FOR-US: Apache NiFi
CVE-2020-1927 (In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_r ...)
- {DSA-4757-1}
+ {DSA-4757-1 DLA-2706-1}
- apache2 2.4.43-1 (low)
[jessie] - apache2 <ignored> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1927
@@ -139559,7 +139586,7 @@ CVE-2019-13225 (A NULL Pointer Dereference in match_at() in regexec.c in Oniguru
[jessie] - libonig <not-affected> (vulnerable code was introduced later)
NOTE: https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c
CVE-2019-13224 (A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 a ...)
- {DSA-4527-1 DLA-2431-1 DLA-1854-1}
+ {DSA-4529-1 DSA-4527-1 DLA-2431-1 DLA-1854-1}
- libonig 6.9.2-1 (low; bug #931878)
[buster] - libonig <no-dsa> (Minor issue)
- php7.0 <removed>
@@ -333813,7 +333840,7 @@ CVE-2015-1594 (Untrusted search path vulnerability in Siemens SIMATIC ProSave be
CVE-2013-7427
RESERVED
CVE-2012-6688
- RESERVED
+ REJECTED
CVE-2015-XXXX [incorrect memory management in Gtk2::Gdk::Display::list_devices]
- libgtk2-perl 2:1.2492-4
[wheezy] - libgtk2-perl 2:1.244-1+deb7u1
@@ -386001,7 +386028,7 @@ CVE-2012-5634 (Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthro
CVE-2012-5633 (The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6 ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-5632
- RESERVED
+ REJECTED
CVE-2012-5631 (ipa 3.0 does not properly check server identity before sending credent ...)
NOT-FOR-US: FreeIPA
CVE-2012-5630 (libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race co ...)
@@ -389145,7 +389172,7 @@ CVE-2012-4510 (cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGe
{DSA-2562-1}
- cups-pk-helper 0.2.3-1
CVE-2012-4509
- RESERVED
+ REJECTED
CVE-2012-4508 (Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 ...)
{DSA-2668-1}
- linux 3.2.35-1
@@ -393846,7 +393873,7 @@ CVE-2012-2690 (virt-edit in libguestfs before 1.18.0 does not preserve the permi
NOTE: https://www.openwall.com/lists/oss-security/2012/06/11/1
NOTE: https://www.openwall.com/lists/oss-security/2012/06/11/5
CVE-2012-2689
- RESERVED
+ REJECTED
CVE-2012-2688 (Unspecified vulnerability in the _php_stream_scandir function in the s ...)
{DSA-2527-1}
- php5 5.4.4-4 (low; bug #683274)
@@ -393913,8 +393940,8 @@ CVE-2012-2667 (Session fixation vulnerability in lib/user/sfBasicSecurityUser.cl
NOTE: http://symfony.com/blog/security-release-symfony-1-4-18-released
NOTE: http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
NOTE: http://trac.symfony-project.org/changeset/33466?format=diff&new=33466
-CVE-2012-2666
- RESERVED
+CVE-2012-2666 (golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/ ...)
+ TODO: check
CVE-2012-2665 (Multiple heap-based buffer overflows in the XML manifest encryption ta ...)
{DSA-2520-1}
- libreoffice 1:3.5.4-7
@@ -393934,7 +393961,7 @@ CVE-2012-2660 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails b
- ruby-activerecord-3.2 3.2.6-1 (bug #675429)
NOTE: http://seclists.org/oss-sec/2012/q2/449
CVE-2012-2659
- RESERVED
+ REJECTED
CVE-2012-2658
- unixodbc 2.3.6-0.1 (unimportant; bug #675058)
NOTE: Only triggerable by trusted input, not a security issue
@@ -396636,7 +396663,7 @@ CVE-2012-1610 (Integer overflow in the GetEXIFProperty function in magick/proper
{DSA-2462-1}
- imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-1609
- RESERVED
+ REJECTED
CVE-2012-1608 (The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5 ...)
{DSA-2445-1}
- typo3-src 4.5.14+dfsg1-1
@@ -396891,8 +396918,7 @@ CVE-2012-1496 (Local file inclusion in WebCalendar before 1.2.5. ...)
- webcalendar <removed>
CVE-2012-1495 (install/index.php in WebCalendar before 1.2.5 allows remote attackers ...)
- webcalendar <removed>
-CVE-2012-1102 [XML::Atom Perl module XML entity expansion]
- RESERVED
+CVE-2012-1102 (It was discovered that the XML::Atom Perl module before version 0.39 d ...)
{DSA-2424-1}
- libxml-atom-perl 0.39-1 (medium)
CVE-2012-1494
@@ -398481,7 +398507,7 @@ CVE-2012-0834 (Cross-site scripting (XSS) vulnerability in lib/QueryRender.php i
CVE-2012-0833 (The acllas__handle_group_entry function in servers/plugins/acl/acllas. ...)
- 389-ds-base <not-affected> (Fixed before initial upload)
CVE-2012-0832
- RESERVED
+ REJECTED
CVE-2012-0831 (PHP before 5.3.10 does not properly perform a temporary change to the ...)
{DSA-2408-1}
- php5 5.3.10-1
@@ -398527,7 +398553,7 @@ CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote att
[squeeze] - samba <not-affected> (Only affects 3.6.x)
[lenny] - samba <not-affected> (Only affects 3.6.x)
CVE-2012-0816
- RESERVED
+ REJECTED
CVE-2012-0815 (The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 al ...)
{DLA-140-1}
- rpm 4.9.1.3-1 (bug #667031)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e4eaa1515cb3025b37ed258ead1cb4fdbdc436e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e4eaa1515cb3025b37ed258ead1cb4fdbdc436e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210709/75a01218/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list