[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dfd3844c by security tracker role at 2021-06-05T20:10:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -707,6 +707,7 @@ CVE-2021-33572
 	RESERVED
 CVE-2021-33571 [Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses]
 	RESERVED
+	{DLA-2676-1}
 	- python-django 2:2.2.24-1 (bug #989394)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1
 	NOTE: https://github.com/django/django/commit/e1d787f1b36d13b95187f8f425425ae1b98da188 (main)
@@ -1509,6 +1510,7 @@ CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4.
 	NOTE: https://github.com/pgpartman/pg_partman/commit/0b6565ad378c358f8a6cd1d48ddc482eb7f854d3
 CVE-2021-33203 [Potential directory traversal via admindocs]
 	RESERVED
+	{DLA-2676-1}
 	- python-django 2:2.2.24-1 (bug #989394)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1
 	NOTE: https://github.com/django/django/commit/46572de2e92fdeaf047f80c44d52269e54ad68db (main)
@@ -4253,6 +4255,7 @@ CVE-2021-32027 (A flaw was found in postgresql in versions before 13.3, before 1
 	NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
 	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=467395bfdf33f1ccf67ca388ffdcc927271544cb (REL_13_3)
 CVE-2018-25014 (A flaw was found in libwebp in versions before 1.0.1. An unitialized v ...)
+	{DLA-2677-1}
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496
 CVE-2021-3534
@@ -4657,18 +4660,22 @@ CVE-2020-36332 (A flaw was found in libwebp in versions before 1.0.1. When readi
 	NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=391
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/39cb9aad85ca7bb1d193013460db1f8cc6bff109
 CVE-2020-36331 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
+	{DLA-2677-1}
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=388
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/be738c6d396fa5a272c1b209be4379a7532debfe
 CVE-2020-36330 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
+	{DLA-2677-1}
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=386
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01
 CVE-2020-36329 (A flaw was found in libwebp in versions before 1.0.1. A use-after-free ...)
+	{DLA-2677-1}
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=385
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/569001f19fc81fcb5ab358f587a54c62e7c4665c
 CVE-2020-36328 (A flaw was found in libwebp in versions before 1.0.1. A heap-based buf ...)
+	{DLA-2677-1}
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=383
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/71ed73cf86132394ea25ae9c7ed431e0d71043f5
@@ -7441,21 +7448,26 @@ CVE-2020-36322 (An issue was discovered in the FUSE filesystem implementation in
 	- linux 5.10.9-1
 	NOTE: https://git.kernel.org/linus/5d069dbe8aaf2a197142558b6fb2978189ba3454
 CVE-2018-25013 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
+	{DLA-2677-1}
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6
 CVE-2018-25012 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
+	{DLA-2677-1}
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/
 CVE-2018-25011 (A flaw was found in libwebp in versions before 1.0.1. A heap-based buf ...)
+	{DLA-2677-1}
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119
 CVE-2018-25010 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
+	{DLA-2677-1}
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63%5E%21/#F0
 CVE-2018-25009 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
+	{DLA-2677-1}
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfd3844cc8b0bf1430b1406c2b25fb4acf467585

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfd3844cc8b0bf1430b1406c2b25fb4acf467585
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210605/ad2a685b/attachment.htm>