[Git][security-tracker-team/security-tracker][master] various bugs filed

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
06bf3953 by Moritz Mühlenhoff at 2021-07-25T21:18:36+02:00
various bugs filed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1440,7 +1440,7 @@ CVE-2021-36771 (Zoho ManageEngine ADManager Plus before 7110 allows reflected XS
 CVE-2021-36770
 	RESERVED
 CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android, Telegr ...)
-	- telegram-desktop <unfixed>
+	- telegram-desktop <unfixed> (bug #991493)
 	NOTE: https://mtpsym.github.io/
 CVE-2021-36768
 	RESERVED
@@ -10638,7 +10638,7 @@ CVE-2021-32744 (Collabora Online is a collaborative online office suite. In vers
 	NOT-FOR-US: Collabora Online
 CVE-2021-32743 (Icinga is a monitoring system which checks the availability of network ...)
 	[experimental] - icinga2 2.12.5-1~exp1
-	- icinga2 <unfixed>
+	- icinga2 <unfixed> (bug #991494)
 	NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
 	NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7
 CVE-2021-32742 (Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug  ...)
@@ -10651,7 +10651,7 @@ CVE-2021-32740 (Addressable is an alternative implementation to the URI implemen
 	NOTE: https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76
 CVE-2021-32739 (Icinga is a monitoring system which checks the availability of network ...)
 	[experimental] - icinga2 2.12.5-1~exp1
-	- icinga2 <unfixed>
+	- icinga2 <unfixed> (bug #991494)
 	NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
 	NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5
 CVE-2021-32738 (js-stellar-sdk is a Javascript library for communicating with a Stella ...)
@@ -27763,7 +27763,7 @@ CVE-2021-3248
 CVE-2021-3247
 	RESERVED
 CVE-2021-3246 (A heap buffer overflow vulnerability in msadpcm_decode_block of libsnd ...)
-	- libsndfile <unfixed>
+	- libsndfile <unfixed> (bug #991496)
 	NOTE: https://github.com/libsndfile/libsndfile/issues/687
 	NOTE: https://github.com/libsndfile/libsndfile/commit/deb669ee8be55a94565f6f8a6b60890c2e7c6f32
 CVE-2021-3245
@@ -34440,7 +34440,7 @@ CVE-2021-22925 [TELNET stack contents disclosure again]
 	NOTE: insufficient and the security vulnerability remained.
 CVE-2021-22924 [Bad connection reuse due to flawed path name checks]
 	RESERVED
-	- curl <unfixed>
+	- curl <unfixed> (bug #991492)
 	NOTE: https://curl.se/docs/CVE-2021-22924.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/89721ff04af70f527baae1368f3b992777bf6526 (curl-7_10_4)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/5ea3145850ebff1dc2b13d17440300a01ca38161 (curl-7_78_0)
@@ -148362,7 +148362,8 @@ CVE-2019-11100 (Insufficient input validation in the subsystem for Intel(R) AMT
 CVE-2019-11099
 	RESERVED
 CVE-2019-11098 (Insufficient input validation in MdeModulePkg in EDKII may allow an un ...)
-	- edk2 <unfixed>
+	- edk2 <unfixed> (bug #991495)
+	[bullseye] - edk2 <no-dsa> (Minor issue)
 	[buster] - edk2 <no-dsa> (Minor issue)
 	[stretch] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06bf39531d56ba5363398de7c72da78718f9716d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06bf39531d56ba5363398de7c72da78718f9716d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210725/956bc88b/attachment.htm>