[Git][security-tracker-team/security-tracker][master] various bugs filed

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jun 3 19:11:53 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5c263723 by Moritz Mühlenhoff at 2021-06-03T20:11:09+02:00
various bugs filed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4547,7 +4547,7 @@ CVE-2021-31857
 CVE-2021-31856 (A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2  ...)
 	NOT-FOR-US: Layer Meshery
 CVE-2021-31855 (KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages  ...)
-	- kf5-messagelib <unfixed>
+	- kf5-messagelib <unfixed> (bug #989438)
 	- kdepim4 <removed>
 	NOTE: https://kde.org/info/security/advisory-20210429-1.txt
 	NOTE: https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799
@@ -8530,48 +8530,48 @@ CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11
 	NOT-FOR-US: LG mobile devices
 CVE-2021-26948
 	RESERVED
-	- htmldoc <unfixed> (unimportant)
+	- htmldoc <unfixed> (unimportant; bug #989437)
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/410
 	NOTE: https://github.com/michaelrsweet/htmldoc/commit/008861d8339c6ec777e487770b70b95b1ed0c1d2
 	NOTE: Crash in CLI tool, no security impact
 CVE-2021-26259
 	RESERVED
-	- htmldoc <unfixed> (unimportant)
+	- htmldoc <unfixed> (unimportant; bug #989437)
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/417
 	NOTE: https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5
 	NOTE: Crash in CLI tool, no security impact
 CVE-2021-26252
 	RESERVED
-	- htmldoc <unfixed> (unimportant)
+	- htmldoc <unfixed> (unimportant; bug #989437)
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/412
 	NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
 	NOTE: Crash in CLI tool, no security impact
 CVE-2021-23206
 	RESERVED
-	- htmldoc <unfixed> (unimportant)
+	- htmldoc <unfixed> (unimportant; bug #989437)
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/416
 	NOTE: https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8
 	NOTE: Crash in CLI tool, no security impact
 CVE-2021-23191
 	RESERVED
-	- htmldoc <unfixed> (unimportant)
+	- htmldoc <unfixed> (unimportant; bug #989437)
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/415
 	NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
 	NOTE: Crash in CLI tool, no security impact
 CVE-2021-23180
 	RESERVED
-	- htmldoc <unfixed> (unimportant)
+	- htmldoc <unfixed> (unimportant; bug #989437)
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/418
 	NOTE: https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a
 	NOTE: Crash in CLI tool, no security impact
 CVE-2021-23165
 	RESERVED
-	- htmldoc <unfixed>
+	- htmldoc <unfixed> (bug #989437)
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/413
 	NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
 CVE-2021-23158
 	RESERVED
-	- htmldoc <unfixed> (unimportant)
+	- htmldoc <unfixed> (unimportant; bug #989437)
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/414
 	NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
 	NOTE: Crash in CLI tool, no security impact
@@ -57872,7 +57872,7 @@ CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at
 	NOTE: https://trac.ffmpeg.org/ticket/8236
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1331e001796c656a4a3c770a16121c15ec1db2ac
 CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavf ...)
-	- ffmpeg <unfixed>
+	- ffmpeg <unfixed> (bug #989439)
 	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	NOTE: https://trac.ffmpeg.org/ticket/8246
 	NOTE: https://trac.ffmpeg.org/ticket/8241
@@ -57934,7 +57934,7 @@ CVE-2020-22022 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=07050d7bdc32d82e53ee5bb727f5882323d00dba
 	NOTE: https://trac.ffmpeg.org/ticket/8264
 CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function i ...)
-	- ffmpeg <unfixed>
+	- ffmpeg <unfixed> (bug #989439)
 	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7971f62120a55c141ec437aa3f0bacc1c1a3526b
 	NOTE: https://trac.ffmpeg.org/ticket/8240
@@ -57945,7 +57945,7 @@ CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_ma
 	NOTE: https://trac.ffmpeg.org/ticket/8239
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765
 CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in  ...)
-	- ffmpeg <unfixed>
+	- ffmpeg <unfixed> (bug #989439)
 	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	NOTE: https://trac.ffmpeg.org/ticket/8246
 	NOTE: https://trac.ffmpeg.org/ticket/8241
@@ -57963,7 +57963,7 @@ CVE-2020-22016 (A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at liba
 	NOTE: https://trac.ffmpeg.org/ticket/8183
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145
 CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due ...)
-	- ffmpeg <unfixed>
+	- ffmpeg <unfixed> (bug #989439)
 	[buster] - ffmpeg <ignored> (Minor issue)
 	[stretch] - ffmpeg <ignored> (Minor issue)
 	NOTE: https://trac.ffmpeg.org/ticket/8190
@@ -59919,7 +59919,7 @@ CVE-2020-21042
 	RESERVED
 CVE-2020-21041 (Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse ...)
 	[experimental] - ffmpeg 7:4.4-1
-	- ffmpeg <unfixed>
+	- ffmpeg <unfixed> (bug #989439)
 	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	[stretch] - ffmpeg <postponed> (Wait for 4.1.7)
 	NOTE: https://trac.ffmpeg.org/ticket/7989



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c2637238e3a131186d9a19f69a30fbf769f6f0b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c2637238e3a131186d9a19f69a30fbf769f6f0b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210603/58079d18/attachment.htm>

More information about the debian-security-tracker-commits mailing list