[Git][security-tracker-team/security-tracker][master] Add two new icinga2 issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 15 20:31:56 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
50f345eb by Salvatore Bonaccorso at 2021-07-15T21:31:27+02:00
Add two new icinga2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9026,8 +9026,11 @@ CVE-2021-32745
 	RESERVED
 CVE-2021-32744
 	RESERVED
-CVE-2021-32743
+CVE-2021-32743 [Passwords used to access external services inadvertently exposed through API]
 	RESERVED
+	- icinga2 <unfixed>
+	NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
+	NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7
 CVE-2021-32742 (Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug  ...)
 	NOT-FOR-US: Vapor
 CVE-2021-32741 (Nextcloud Server is a Nextcloud package that handles data storage. In  ...)
@@ -9036,8 +9039,11 @@ CVE-2021-32740 (Addressable is an alternative implementation to the URI implemen
 	- ruby-addressable 2.7.0-2 (bug #990791)
 	NOTE: https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g
 	NOTE: https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76
-CVE-2021-32739
+CVE-2021-32739 [Results of queries for ApiListener objects include the ticket salt which allows in turn to steal (more privileged) identities]
 	RESERVED
+	- icinga2 <unfixed>
+	NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
+	NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5
 CVE-2021-32738 (js-stellar-sdk is a Javascript library for communicating with a Stella ...)
 	NOT-FOR-US: js-stellar-sdk
 CVE-2021-32737 (Sulu is an open-source PHP content management system based on the Symf ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50f345eb813f8fffa88b60dcd99f374d3b40d9b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50f345eb813f8fffa88b60dcd99f374d3b40d9b3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210715/31980a3c/attachment.htm>

More information about the debian-security-tracker-commits mailing list