[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jul 19 21:10:29 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
12cac4f7 by security tracker role at 2021-07-19T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2021-36805
+ RESERVED
+CVE-2021-36804
+ RESERVED
+CVE-2021-36803
+ RESERVED
+CVE-2021-36802
+ RESERVED
+CVE-2021-36801
+ RESERVED
+CVE-2021-36800
+ RESERVED
+CVE-2021-36799 (KNX ETS5 uses the hard-coded password ETS5Password, with a salt value ...)
+ TODO: check
+CVE-2021-36798
+ RESERVED
+CVE-2021-36797 (** DISPUTED ** In Victron Energy Venus OS through 2.72, root access is ...)
+ TODO: check
+CVE-2021-36796
+ RESERVED
+CVE-2021-36795
+ RESERVED
+CVE-2021-36794
+ RESERVED
+CVE-2021-36793
+ RESERVED
+CVE-2021-36792
+ RESERVED
+CVE-2021-36791
+ RESERVED
+CVE-2021-36790
+ RESERVED
+CVE-2021-36789
+ RESERVED
+CVE-2021-36788
+ RESERVED
+CVE-2021-36787
+ RESERVED
+CVE-2021-36786
+ RESERVED
+CVE-2021-36785
+ RESERVED
+CVE-2021-36784
+ RESERVED
+CVE-2021-36783
+ RESERVED
+CVE-2021-36782
+ RESERVED
+CVE-2021-36781
+ RESERVED
+CVE-2021-36780
+ RESERVED
+CVE-2021-36779
+ RESERVED
+CVE-2021-36778
+ RESERVED
+CVE-2021-36777
+ RESERVED
+CVE-2021-36776
+ RESERVED
+CVE-2021-36775
+ RESERVED
+CVE-2021-3653
+ RESERVED
+CVE-2020-36427 (GNOME gThumb before 3.10.1 allows an application crash via a malformed ...)
+ TODO: check
+CVE-2020-36426 (An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_cr ...)
+ TODO: check
+CVE-2020-36425 (An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly ...)
+ TODO: check
+CVE-2020-36424 (An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can ...)
+ TODO: check
+CVE-2020-36423 (An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attack ...)
+ TODO: check
+CVE-2020-36422 (An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel ...)
+ TODO: check
+CVE-2020-36421 (An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a si ...)
+ TODO: check
CVE-2021-36774
RESERVED
CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...)
@@ -1195,7 +1273,7 @@ CVE-2021-36215
RESERVED
CVE-2021-36214 (LINE client for iOS before 10.16.3 allows cross site script with speci ...)
NOT-FOR-US: LINE client for iOS
-CVE-2021-36213 (In HashiCorp Consul before 1.10.1 (and Consul Enterprise), xds can gen ...)
+CVE-2021-36213 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default de ...)
TODO: check
CVE-2021-36212 (app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored X ...)
NOT-FOR-US: MISP
@@ -1839,18 +1917,18 @@ CVE-2021-35970 (Talk 4 in Coral before 4.12.1 allows remote attackers to discove
NOT-FOR-US: Coral
CVE-2021-35969
RESERVED
-CVE-2021-35968
- RESERVED
-CVE-2021-35967
- RESERVED
-CVE-2021-35966
- RESERVED
-CVE-2021-35965
- RESERVED
-CVE-2021-35964
- RESERVED
-CVE-2021-35963
- RESERVED
+CVE-2021-35968 (The directory list page parameter of the Orca HCM digital learning pla ...)
+ TODO: check
+CVE-2021-35967 (The directory page parameter of the Orca HCM digital learning platform ...)
+ TODO: check
+CVE-2021-35966 (The specific function of the Orca HCM digital learning platform does n ...)
+ TODO: check
+CVE-2021-35965 (The Orca HCM digital learning platform uses a weak factory default adm ...)
+ TODO: check
+CVE-2021-35964 (The management page of the Orca HCM digital learning platform does not ...)
+ TODO: check
+CVE-2021-35963 (The specific parameter of upload function of the Orca HCM digital lear ...)
+ TODO: check
CVE-2021-35962 (Specific page parameters in Dr. ID Door Access Control and Personnel A ...)
NOT-FOR-US: Dr. ID Door Access Control and Personnel Attendance Management system
CVE-2021-35961 (Dr. ID Door Access Control and Personnel Attendance Management system ...)
@@ -2966,8 +3044,8 @@ CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an unau
NOT-FOR-US: Teradici PCoIP Management Console-Enterprise
CVE-2021-35450
RESERVED
-CVE-2021-35449
- RESERVED
+CVE-2021-35449 (The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driv ...)
+ TODO: check
CVE-2021-35448 (Emote Interactive Remote Mouse 3.008 on Windows allows attackers to ex ...)
NOT-FOR-US: Emote Interactive Remote Mouse on Windows
CVE-2021-35447
@@ -3835,8 +3913,8 @@ CVE-2021-35045 (Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, a
NOT-FOR-US: Ice Hrm
CVE-2021-35044
RESERVED
-CVE-2021-35043
- RESERVED
+CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using ...)
+ TODO: check
CVE-2021-35042 (Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orde ...)
- python-django <not-affected> (Vulnerable code introduced in 3.1)
NOTE: https://www.djangoproject.com/weblog/2021/jul/01/security-releases/
@@ -4307,16 +4385,16 @@ CVE-2021-34823
RESERVED
CVE-2021-34822
RESERVED
-CVE-2021-34821
- RESERVED
-CVE-2021-34820
- RESERVED
+CVE-2021-34821 (Cross Site Scripting (XSS) vulnerability exists in AAT Novus Managemen ...)
+ TODO: check
+CVE-2021-34820 (Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP ...)
+ TODO: check
CVE-2021-34819
RESERVED
CVE-2021-34818
RESERVED
-CVE-2021-34817
- RESERVED
+CVE-2021-34817 (A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1 ...)
+ TODO: check
CVE-2021-34816
RESERVED
CVE-2021-34815 (CheckSec Canopy before 3.5.2 allows XSS attacks against the login page ...)
@@ -4651,10 +4729,10 @@ CVE-2021-34678
RESERVED
CVE-2021-34677
RESERVED
-CVE-2021-34676
- RESERVED
-CVE-2021-34675
- RESERVED
+CVE-2021-34676 (Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel r ...)
+ TODO: check
+CVE-2021-34675 (Basix NEX-Forms through 7.8.7 allows authentication bypass for stored ...)
+ TODO: check
CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in ...)
{DLA-2701-1}
- openexr <unfixed> (bug #990450)
@@ -7360,7 +7438,7 @@ CVE-2021-33507 (Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthSer
NOT-FOR-US: Zope Products.CMFCore (as used in Plone)
CVE-2021-33506 (jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure tha ...)
NOT-FOR-US: jitsi-meet-prosody
-CVE-2021-33505 (Falco through 0.28.1 has a Time-of-check Time-of-use (TOCTOU) Race Con ...)
+CVE-2021-33505 (A local malicious user can circumvent the Falco detection engine throu ...)
- falco <itp> (bug #842306)
CVE-2021-33504
RESERVED
@@ -7375,8 +7453,8 @@ CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.
[buster] - node-got <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1
NOTE: https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103
-CVE-2021-33501
- RESERVED
+CVE-2021-33501 (Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Exec ...)
+ TODO: check
CVE-2021-33500 (PuTTY before 0.75 on Windows allows remote servers to cause a denial o ...)
- putty <not-affected> (Windows-specific)
CVE-2021-33499
@@ -8475,8 +8553,8 @@ CVE-2021-33029
RESERVED
CVE-2021-33028
RESERVED
-CVE-2021-33027
- RESERVED
+CVE-2021-33027 (Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy i ...)
+ TODO: check
CVE-2021-33033 (The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genop ...)
- linux 5.10.24-1
[buster] - linux 4.19.181-1
@@ -9533,7 +9611,7 @@ CVE-2021-3543 (A flaw null pointer dereference in the Nitro Enclaves kernel driv
CVE-2021-32575 (HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networ ...)
- nomad 0.12.10+dfsg1-3 (bug #990581)
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296
-CVE-2021-32574 (HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL ...)
+CVE-2021-32574 (HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy prox ...)
TODO: check
CVE-2021-32573 (** DISPUTED ** The express-cart package through 1.1.10 for Node.js all ...)
NOT-FOR-US: Node express-cart
@@ -10856,12 +10934,12 @@ CVE-2021-32016
RESERVED
CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated mal ...)
NOT-FOR-US: Nuvoton NPCT75x TPM 1.2 firmware
-CVE-2021-32014
- RESERVED
-CVE-2021-32013
- RESERVED
-CVE-2021-32012
- RESERVED
+CVE-2021-32014 (SheetJS Pro through 0.16.9 allows attackers to cause a denial of servi ...)
+ TODO: check
+CVE-2021-32013 (SheetJS Pro through 0.16.9 allows attackers to cause a denial of servi ...)
+ TODO: check
+CVE-2021-32012 (SheetJS Pro through 0.16.9 allows attackers to cause a denial of servi ...)
+ TODO: check
CVE-2021-3532 (A flaw was found in Ansible where the secret information present in as ...)
- ansible <unfixed>
[bullseye] - ansible <no-dsa> (Minor issue)
@@ -12985,8 +13063,8 @@ CVE-2021-31218
RESERVED
CVE-2021-31217 (In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure ...)
NOT-FOR-US: SolarWinds
-CVE-2021-31216
- RESERVED
+CVE-2021-31216 (Siren Investigate before 11.1.1 contains a server side request forgery ...)
+ TODO: check
CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...)
- slurm-wlm 20.11.7+really20.11.4-2 (bug #988439)
- slurm-llnl <removed>
@@ -14500,7 +14578,7 @@ CVE-2021-30548 (Use after free in Loader in Google Chrome prior to 91.0.4472.101
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30547 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 a ...)
- {DSA-4940-1 DSA-4939-1 DLA-2709-1}
+ {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1}
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
- firefox 90.0-1
@@ -16022,7 +16100,7 @@ CVE-2021-29977
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29977
CVE-2021-29976
RESERVED
- {DSA-4940-1 DSA-4939-1 DLA-2709-1}
+ {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1}
- firefox 90.0-1
- firefox-esr 78.12.0esr-1
- thunderbird 1:78.12.0-1
@@ -16051,7 +16129,7 @@ CVE-2021-29971
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29971
CVE-2021-29970
RESERVED
- {DSA-4940-1 DSA-4939-1 DLA-2709-1}
+ {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1}
- firefox 90.0-1
- firefox-esr 78.12.0esr-1
- thunderbird 1:78.12.0-1
@@ -16060,7 +16138,7 @@ CVE-2021-29970
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29970
CVE-2021-29969
RESERVED
- {DSA-4940-1}
+ {DSA-4940-1 DLA-2711-1}
- thunderbird 1:78.12.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29969
CVE-2021-29968 (When drawing text onto a canvas with WebRender disabled, an out of bou ...)
@@ -16526,8 +16604,8 @@ CVE-2021-29782
RESERVED
CVE-2021-29781
RESERVED
-CVE-2021-29780
- RESERVED
+CVE-2021-29780 (IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authent ...)
+ TODO: check
CVE-2021-29779
RESERVED
CVE-2021-29778
@@ -16672,8 +16750,8 @@ CVE-2021-29709
RESERVED
CVE-2021-29708 (IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI ...)
NOT-FOR-US: IBM
-CVE-2021-29707
- RESERVED
+CVE-2021-29707 (IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could ...)
+ TODO: check
CVE-2021-29706 (IBM AIX 7.1 could allow a non-privileged local user to exploit a vulne ...)
NOT-FOR-US: IBM
CVE-2021-29705
@@ -26098,8 +26176,8 @@ CVE-2020-36202 (An issue was discovered in the async-h1 crate before 2.3.0 for R
NOT-FOR-US: Rust crate async-h1
CVE-2021-3280
RESERVED
-CVE-2021-3279
- RESERVED
+CVE-2021-3279 (sz.chat version 4 allows injection of web scripts and HTML in the mess ...)
+ TODO: check
CVE-2021-3278 (Local Service Search Engine Management System 1.0 has a vulnerability ...)
NOT-FOR-US: Local Service Search Engine Management System
CVE-2021-3277 (Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbi ...)
@@ -29380,8 +29458,8 @@ CVE-2021-24484
RESERVED
CVE-2021-24483
RESERVED
-CVE-2021-24482
- RESERVED
+CVE-2021-24482 (The Related Posts for WordPress plugin through 2.0.4 does not sanitise ...)
+ TODO: check
CVE-2021-24481
RESERVED
CVE-2021-24480
@@ -29438,10 +29516,10 @@ CVE-2021-24455
RESERVED
CVE-2021-24454 (In the YOP Poll WordPress plugin before 6.2.8, when a pool is created ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-24453
- RESERVED
-CVE-2021-24452
- RESERVED
+CVE-2021-24453 (The Include Me WordPress plugin through 1.2.1 is vulnerable to path tr ...)
+ TODO: check
+CVE-2021-24452 (The W3 Total Cache WordPress plugin before 2.1.5 was affected by a ref ...)
+ TODO: check
CVE-2021-24451 (The Export Users With Meta WordPress plugin before 0.6.5 did not escap ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24450
@@ -29450,8 +29528,8 @@ CVE-2021-24449
RESERVED
CVE-2021-24448
RESERVED
-CVE-2021-24447
- RESERVED
+CVE-2021-24447 (The WP Image Zoom WordPress plugin before 1.47 did not validate its ta ...)
+ TODO: check
CVE-2021-24446
RESERVED
CVE-2021-24445
@@ -29472,8 +29550,8 @@ CVE-2021-24438
RESERVED
CVE-2021-24437
RESERVED
-CVE-2021-24436
- RESERVED
+CVE-2021-24436 (The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a r ...)
+ TODO: check
CVE-2021-24435
RESERVED
CVE-2021-24434 (The Glass WordPress plugin through 1.3.2 does not sanitise or escape i ...)
@@ -34741,6 +34819,7 @@ CVE-2021-22118 (In Spring Framework, versions 5.2.x prior to 5.2.15 and versions
CVE-2021-22117 (RabbitMQ installers on Windows prior to version 3.8.16 do not harden p ...)
- rabbitmq-server <not-affected> (Windows-specific)
CVE-2021-22116 (RabbitMQ all versions prior to 3.8.16 are prone to a denial of service ...)
+ {DLA-2710-1}
- rabbitmq-server <unfixed> (bug #989056)
NOTE: https://tanzu.vmware.com/security/cve-2021-22116
NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/2953
@@ -39902,8 +39981,8 @@ CVE-2021-20509
RESERVED
CVE-2021-20508
RESERVED
-CVE-2021-20507
- RESERVED
+CVE-2021-20507 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
+ TODO: check
CVE-2021-20506 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
NOT-FOR-US: IBM
CVE-2021-20505
@@ -41118,12 +41197,12 @@ CVE-2021-20112
RESERVED
CVE-2021-20111
RESERVED
-CVE-2021-20110
- RESERVED
-CVE-2021-20109
- RESERVED
-CVE-2021-20108
- RESERVED
+CVE-2021-20110 (Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS ...)
+ TODO: check
+CVE-2021-20109 (Due to the Asset Explorer agent not validating HTTPS certificates, an ...)
+ TODO: check
+CVE-2021-20108 (Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for inc ...)
+ TODO: check
CVE-2021-20107 (There exists an unauthenticated BLE Interface in Sloan SmartFaucets in ...)
NOT-FOR-US: Sloan
CVE-2021-20106
@@ -63795,8 +63874,8 @@ CVE-2020-22743
RESERVED
CVE-2020-22742
RESERVED
-CVE-2020-22741
- RESERVED
+CVE-2020-22741 (An issue was discovered in Xuperchain 3.6.0 that allows for attackers ...)
+ TODO: check
CVE-2020-22740
RESERVED
CVE-2020-22739
@@ -63977,8 +64056,8 @@ CVE-2020-22652
RESERVED
CVE-2020-22651
RESERVED
-CVE-2020-22650
- RESERVED
+CVE-2020-22650 (A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 ...)
+ TODO: check
CVE-2020-22649
RESERVED
CVE-2020-22648
@@ -68919,10 +68998,10 @@ CVE-2020-20251
RESERVED
CVE-2020-20250 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...)
NOT-FOR-US: Mikrotik
-CVE-2020-20249
- RESERVED
-CVE-2020-20248
- RESERVED
+CVE-2020-20249 (Mikrotik RouterOs before stable 6.47 suffers from a memory corruption ...)
+ TODO: check
+CVE-2020-20248 (Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled reso ...)
+ TODO: check
CVE-2020-20247 (Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory co ...)
NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20246 (Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulne ...)
@@ -68957,8 +69036,8 @@ CVE-2020-20232
RESERVED
CVE-2020-20231 (Mikrotik RouterOs through stable version 6.48.3 suffers from a memory ...)
NOT-FOR-US: Mikrotik
-CVE-2020-20230
- RESERVED
+CVE-2020-20230 (Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled reso ...)
+ TODO: check
CVE-2020-20229
RESERVED
CVE-2020-20228
@@ -108502,8 +108581,8 @@ CVE-2020-5033
RESERVED
CVE-2020-5032 (IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable t ...)
NOT-FOR-US: IBM
-CVE-2020-5031
- RESERVED
+CVE-2020-5031 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
+ TODO: check
CVE-2020-5030 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
NOT-FOR-US: IBM
CVE-2020-5029
@@ -146201,6 +146280,7 @@ CVE-2019-11289 (Cloud Foundry Routing, all versions before 0.193.0, does not pro
CVE-2019-11288 (In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions pr ...)
NOT-FOR-US: Pivotal
CVE-2019-11287 (Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3. ...)
+ {DLA-2710-1}
- rabbitmq-server 3.8.3-1 (bug #945600)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <postponed> (Minor issue)
@@ -146216,6 +146296,7 @@ CVE-2019-11283 (Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally
CVE-2019-11282 (Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint tha ...)
NOT-FOR-US: Cloud Foundry
CVE-2019-11281 (Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, ver ...)
+ {DLA-2710-1}
- rabbitmq-server 3.7.18-1 (low)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <no-dsa> (Minor issue; one plugin not vulnerable, the other only exploitable by malicious admin)
@@ -271301,16 +271382,19 @@ CVE-2017-4969 (The Cloud Controller in Cloud Foundry cf-release versions prior t
CVE-2017-4968
REJECTED
CVE-2017-4967 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...)
+ {DLA-2710-1}
- rabbitmq-server 3.6.10-1 (low; bug #863586)
[jessie] - rabbitmq-server <no-dsa> (Minor issue)
[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
CVE-2017-4966 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...)
+ {DLA-2710-1}
- rabbitmq-server 3.6.10-1 (low; bug #863586)
[jessie] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
[wheezy] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/2371633f99ad0d293899384f078872ff9e9f3e10 (rabbitmq_v3_6_9)
NOTE: Introduced by: https://github.com/rabbitmq/rabbitmq-management/commit/ced47b0bdca862a58e8f31833643e948655f8368 (rabbitmq_v3_4_0)
CVE-2017-4965 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...)
+ {DLA-2710-1}
- rabbitmq-server 3.6.10-1 (low; bug #863586)
[jessie] - rabbitmq-server <no-dsa> (Minor issue)
[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12cac4f745cbe41b39c9c3ff26250bc89a51bc68
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12cac4f745cbe41b39c9c3ff26250bc89a51bc68
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210719/2ddfa332/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list