[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jul 31 09:10:28 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9644fa34 by security tracker role at 2021-07-31T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3475,8 +3475,7 @@ CVE-2021-36152
 	RESERVED
 CVE-2021-36151
 	RESERVED
-CVE-2021-3636
-	RESERVED
+CVE-2021-3636 (It was found in OpenShift, before version 4.8, that the generated cert ...)
 	NOT-FOR-US: OpenShift
 CVE-2021-3635
 	RESERVED
@@ -6960,10 +6959,10 @@ CVE-2021-34632
 	RESERVED
 CVE-2021-34631
 	RESERVED
-CVE-2021-34630
-	RESERVED
-CVE-2021-34629
-	RESERVED
+CVE-2021-34630 (In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtra ...)
+	TODO: check
+CVE-2021-34629 (The SendGrid WordPress plugin is vulnerable to authorization bypass vi ...)
+	TODO: check
 CVE-2021-34628
 	RESERVED
 CVE-2021-34627 (A vulnerability in the getSelectedMimeTypesByRole function of the WP U ...)
@@ -8904,7 +8903,7 @@ CVE-2021-3571 (A flaw was found in the ptp4l program of the linuxptp package. Wh
 	NOTE: https://github.com/richardcochran/linuxptp/commit/0b3ab45de6a96ca181a5cf62c3c2b97167e2ed20 (v3.1.1)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1
 CVE-2021-3570 (A flaw was found in the ptp4l program of the linuxptp package. A missi ...)
-	{DSA-4938-1}
+	{DSA-4938-1 DLA-2723-1}
 	- linuxptp 3.1-2.1 (bug #990748)
 	NOTE: https://github.com/richardcochran/linuxptp/commit/a1e63aa3a7304647913707c4df01f3df430806ab (master)
 	NOTE: https://github.com/richardcochran/linuxptp/commit/ce15e4de5926724557e8642ec762a210632f15ca (v3.1.1)
@@ -10700,7 +10699,7 @@ CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has
 	- linux 5.10.38-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3
-CVE-2021-33032 (eQ-3 HomeMatic CCU2 2.57.5 and CCU3 3.57.5 devices allow remote code e ...)
+CVE-2021-33032 (A Remote Code Execution (RCE) vulnerability in the WebUI component of  ...)
 	NOT-FOR-US: eQ-3 HomeMatic CCU2
 CVE-2021-33031 (In LabCup before <v2_next_18022, it is possible to use the save API ...)
 	NOT-FOR-US: LabCup
@@ -11203,8 +11202,8 @@ CVE-2021-32809
 	RESERVED
 CVE-2021-32808
 	RESERVED
-CVE-2021-32807
-	RESERVED
+CVE-2021-32807 (The module `AccessControl` defines security policies for Python code u ...)
+	TODO: check
 CVE-2021-32806
 	RESERVED
 CVE-2021-32805
@@ -24529,16 +24528,16 @@ CVE-2021-27497
 	RESERVED
 CVE-2021-27496 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
 	NOT-FOR-US: Datakit
-CVE-2021-27495
-	RESERVED
+CVE-2021-27495 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,A ...)
+	TODO: check
 CVE-2021-27494 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
 	NOT-FOR-US: Datakit
 CVE-2021-27493
 	RESERVED
 CVE-2021-27492 (When opening a specially crafted 3DXML file, the application containin ...)
 	NOT-FOR-US: Datakit
-CVE-2021-27491
-	RESERVED
+CVE-2021-27491 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,A ...)
+	TODO: check
 CVE-2021-27490 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
 	NOT-FOR-US: Datakit
 CVE-2021-27489 (ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allo ...)
@@ -28608,7 +28607,7 @@ CVE-2021-3248
 CVE-2021-3247
 	RESERVED
 CVE-2021-3246 (A heap buffer overflow vulnerability in msadpcm_decode_block of libsnd ...)
-	{DLA-2722-1}
+	{DSA-4947-1 DLA-2722-1}
 	- libsndfile 1.0.31-2 (bug #991496)
 	NOTE: https://github.com/libsndfile/libsndfile/issues/687
 	NOTE: https://github.com/libsndfile/libsndfile/commit/deb669ee8be55a94565f6f8a6b60890c2e7c6f32
@@ -36355,8 +36354,8 @@ CVE-2021-22523 (XML External Entity vulnerability in Micro Focus Verastream Host
 	NOT-FOR-US: Micro Focus
 CVE-2021-22522 (Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream ...)
 	NOT-FOR-US: Micro Focus
-CVE-2021-22521
-	RESERVED
+CVE-2021-22521 (A privileged escalation vulnerability has been identified in Micro Foc ...)
+	TODO: check
 CVE-2021-22520
 	RESERVED
 CVE-2021-22519 (Execute arbitrary code vulnerability in Micro Focus SiteScope product, ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9644fa3484d582d984723e4da7bf9f9f4644d1c3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9644fa3484d582d984723e4da7bf9f9f4644d1c3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210731/3d5c57ec/attachment.htm>

More information about the debian-security-tracker-commits mailing list