[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 11 09:10:26 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
18ca315f by security tracker role at 2021-06-11T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,235 @@
+CVE-2021-34674
+ RESERVED
+CVE-2021-34673
+ RESERVED
+CVE-2021-34672
+ RESERVED
+CVE-2021-34671
+ RESERVED
+CVE-2021-34670
+ RESERVED
+CVE-2021-34669
+ RESERVED
+CVE-2021-34668
+ RESERVED
+CVE-2021-34667
+ RESERVED
+CVE-2021-34666
+ RESERVED
+CVE-2021-34665
+ RESERVED
+CVE-2021-34664
+ RESERVED
+CVE-2021-34663
+ RESERVED
+CVE-2021-34662
+ RESERVED
+CVE-2021-34661
+ RESERVED
+CVE-2021-34660
+ RESERVED
+CVE-2021-34659
+ RESERVED
+CVE-2021-34658
+ RESERVED
+CVE-2021-34657
+ RESERVED
+CVE-2021-34656
+ RESERVED
+CVE-2021-34655
+ RESERVED
+CVE-2021-34654
+ RESERVED
+CVE-2021-34653
+ RESERVED
+CVE-2021-34652
+ RESERVED
+CVE-2021-34651
+ RESERVED
+CVE-2021-34650
+ RESERVED
+CVE-2021-34649
+ RESERVED
+CVE-2021-34648
+ RESERVED
+CVE-2021-34647
+ RESERVED
+CVE-2021-34646
+ RESERVED
+CVE-2021-34645
+ RESERVED
+CVE-2021-34644
+ RESERVED
+CVE-2021-34643
+ RESERVED
+CVE-2021-34642
+ RESERVED
+CVE-2021-34641
+ RESERVED
+CVE-2021-34640
+ RESERVED
+CVE-2021-34639
+ RESERVED
+CVE-2021-34638
+ RESERVED
+CVE-2021-34637
+ RESERVED
+CVE-2021-34636
+ RESERVED
+CVE-2021-34635
+ RESERVED
+CVE-2021-34634
+ RESERVED
+CVE-2021-34633
+ RESERVED
+CVE-2021-34632
+ RESERVED
+CVE-2021-34631
+ RESERVED
+CVE-2021-34630
+ RESERVED
+CVE-2021-34629
+ RESERVED
+CVE-2021-34628
+ RESERVED
+CVE-2021-34627
+ RESERVED
+CVE-2021-34626
+ RESERVED
+CVE-2021-34625
+ RESERVED
+CVE-2021-34624
+ RESERVED
+CVE-2021-34623
+ RESERVED
+CVE-2021-34622
+ RESERVED
+CVE-2021-34621
+ RESERVED
+CVE-2021-34620
+ RESERVED
+CVE-2021-34619
+ RESERVED
+CVE-2021-34618
+ RESERVED
+CVE-2021-34617
+ RESERVED
+CVE-2021-34616
+ RESERVED
+CVE-2021-34615
+ RESERVED
+CVE-2021-34614
+ RESERVED
+CVE-2021-34613
+ RESERVED
+CVE-2021-34612
+ RESERVED
+CVE-2021-34611
+ RESERVED
+CVE-2021-34610
+ RESERVED
+CVE-2021-34609
+ RESERVED
+CVE-2021-34608
+ RESERVED
+CVE-2021-34607
+ RESERVED
+CVE-2021-34606
+ RESERVED
+CVE-2021-34605
+ RESERVED
+CVE-2021-34604
+ RESERVED
+CVE-2021-34603
+ RESERVED
+CVE-2021-34602
+ RESERVED
+CVE-2021-34601
+ RESERVED
+CVE-2021-34600
+ RESERVED
+CVE-2021-34599
+ RESERVED
+CVE-2021-34598
+ RESERVED
+CVE-2021-34597
+ RESERVED
+CVE-2021-34596
+ RESERVED
+CVE-2021-34595
+ RESERVED
+CVE-2021-34594
+ RESERVED
+CVE-2021-34593
+ RESERVED
+CVE-2021-34592
+ RESERVED
+CVE-2021-34591
+ RESERVED
+CVE-2021-34590
+ RESERVED
+CVE-2021-34589
+ RESERVED
+CVE-2021-34588
+ RESERVED
+CVE-2021-34587
+ RESERVED
+CVE-2021-34586
+ RESERVED
+CVE-2021-34585
+ RESERVED
+CVE-2021-34584
+ RESERVED
+CVE-2021-34583
+ RESERVED
+CVE-2021-34582
+ RESERVED
+CVE-2021-34581
+ RESERVED
+CVE-2021-34580
+ RESERVED
+CVE-2021-34579
+ RESERVED
+CVE-2021-34578
+ RESERVED
+CVE-2021-34577
+ RESERVED
+CVE-2021-34576
+ RESERVED
+CVE-2021-34575
+ RESERVED
+CVE-2021-34574
+ RESERVED
+CVE-2021-34573
+ RESERVED
+CVE-2021-34572
+ RESERVED
+CVE-2021-34571
+ RESERVED
+CVE-2021-34570
+ RESERVED
+CVE-2021-34569
+ RESERVED
+CVE-2021-34568
+ RESERVED
+CVE-2021-34567
+ RESERVED
+CVE-2021-34566
+ RESERVED
+CVE-2021-34565
+ RESERVED
+CVE-2021-34564
+ RESERVED
+CVE-2021-34563
+ RESERVED
+CVE-2021-34562
+ RESERVED
+CVE-2021-34561
+ RESERVED
+CVE-2021-34560
+ RESERVED
+CVE-2021-34559
+ RESERVED
CVE-2021-3596
RESERVED
CVE-2021-3595
@@ -5736,7 +5968,7 @@ CVE-2021-32027 (A flaw was found in postgresql in versions before 13.3, before 1
NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=467395bfdf33f1ccf67ca388ffdcc927271544cb (REL_13_3)
CVE-2018-25014 (A flaw was found in libwebp in versions before 1.0.1. An unitialized v ...)
- {DLA-2677-1}
+ {DSA-4930-1 DLA-2677-1}
- libwebp 0.6.1-2.1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496
CVE-2021-3534
@@ -6134,27 +6366,28 @@ CVE-2021-31870 (An issue was discovered in klibc before 2.0.9. Multiplication in
NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2
NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
CVE-2020-36332 (A flaw was found in libwebp in versions before 1.0.1. When reading a f ...)
+ {DSA-4930-1}
- libwebp 0.6.1-2.1
[stretch] - libwebp <ignored> (Patch is too destructive to implement it in oldstable. Minor issue)
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=391
NOTE: https://chromium.googlesource.com/webm/libwebp/+/39cb9aad85ca7bb1d193013460db1f8cc6bff109
CVE-2020-36331 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
- {DLA-2677-1}
+ {DSA-4930-1 DLA-2677-1}
- libwebp 0.6.1-2.1
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=388
NOTE: https://chromium.googlesource.com/webm/libwebp/+/be738c6d396fa5a272c1b209be4379a7532debfe
CVE-2020-36330 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
- {DLA-2677-1}
+ {DSA-4930-1 DLA-2677-1}
- libwebp 0.6.1-2.1
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=386
NOTE: https://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01
CVE-2020-36329 (A flaw was found in libwebp in versions before 1.0.1. A use-after-free ...)
- {DLA-2677-1}
+ {DSA-4930-1 DLA-2677-1}
- libwebp 0.6.1-2.1
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=385
NOTE: https://chromium.googlesource.com/webm/libwebp/+/569001f19fc81fcb5ab358f587a54c62e7c4665c
CVE-2020-36328 (A flaw was found in libwebp in versions before 1.0.1. A heap-based buf ...)
- {DLA-2677-1}
+ {DSA-4930-1 DLA-2677-1}
- libwebp 0.6.1-2.1
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=383
NOTE: https://chromium.googlesource.com/webm/libwebp/+/71ed73cf86132394ea25ae9c7ed431e0d71043f5
@@ -8951,7 +9184,7 @@ CVE-2020-36322 (An issue was discovered in the FUSE filesystem implementation in
- linux 5.10.9-1
NOTE: https://git.kernel.org/linus/5d069dbe8aaf2a197142558b6fb2978189ba3454
CVE-2018-25013 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
- {DLA-2677-1}
+ {DSA-4930-1 DLA-2677-1}
- libwebp 0.6.1-2.1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417
NOTE: https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6
@@ -8961,16 +9194,16 @@ CVE-2018-25012 (A flaw was found in libwebp in versions before 1.0.1. An out-of-
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123
NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/
CVE-2018-25011 (A flaw was found in libwebp in versions before 1.0.1. A heap-based buf ...)
- {DLA-2677-1}
+ {DSA-4930-1 DLA-2677-1}
- libwebp 0.6.1-2.1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119
CVE-2018-25010 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
- {DLA-2677-1}
+ {DSA-4930-1 DLA-2677-1}
- libwebp 0.6.1-2.1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105
NOTE: https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63%5E%21/#F0
CVE-2018-25009 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
- {DLA-2677-1}
+ {DSA-4930-1 DLA-2677-1}
- libwebp 0.6.1-2.1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100
NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/
@@ -13611,8 +13844,8 @@ CVE-2021-28816
RESERVED
CVE-2021-28815
RESERVED
-CVE-2021-28814
- RESERVED
+CVE-2021-28814 (An improper access control vulnerability has been reported to affect Q ...)
+ TODO: check
CVE-2021-28813
RESERVED
CVE-2021-28812 (A command injection vulnerability has been reported to affect certain ...)
@@ -13629,16 +13862,16 @@ CVE-2021-28807 (A post-authentication reflected XSS vulnerability has been repor
NOT-FOR-US: QNAP
CVE-2021-28806 (A DOM-based XSS vulnerability has been reported to affect QNAP NAS run ...)
NOT-FOR-US: QNAP
-CVE-2021-28805
- RESERVED
+CVE-2021-28805 (Inclusion of sensitive information in the source code has been reporte ...)
+ TODO: check
CVE-2021-28804
RESERVED
CVE-2021-28803
RESERVED
CVE-2021-28802
RESERVED
-CVE-2021-28801
- RESERVED
+CVE-2021-28801 (An out-of-bounds read vulnerability has been reported to affect certai ...)
+ TODO: check
CVE-2021-28800
RESERVED
CVE-2021-28799 (An improper authorization vulnerability has been reported to affect QN ...)
@@ -19918,18 +20151,18 @@ CVE-2021-26201 (The Login Panel of CASAP Automated Enrollment System 1.0 is vuln
NOT-FOR-US: Login Panel of CASAP Automated Enrollment System
CVE-2021-26200 (The user area for Library System 1.0 is vulnerable to SQL injection wh ...)
NOT-FOR-US: Library System
-CVE-2021-26199
- RESERVED
-CVE-2021-26198
- RESERVED
-CVE-2021-26197
- RESERVED
+CVE-2021-26199 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...)
+ TODO: check
+CVE-2021-26198 (An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_ ...)
+ TODO: check
+CVE-2021-26197 (An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_ ...)
+ TODO: check
CVE-2021-26196
RESERVED
-CVE-2021-26195
- RESERVED
-CVE-2021-26194
- RESERVED
+CVE-2021-26195 (An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-o ...)
+ TODO: check
+CVE-2021-26194 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...)
+ TODO: check
CVE-2021-26193
RESERVED
CVE-2021-26192
@@ -21300,14 +21533,11 @@ CVE-2021-25686
RESERVED
CVE-2021-25685
RESERVED
-CVE-2021-25684
- RESERVED
+CVE-2021-25684 (It was discovered that apport in data/apport did not properly open a r ...)
NOT-FOR-US: Apport
-CVE-2021-25683
- RESERVED
+CVE-2021-25683 (It was discovered that the get_starttime() function in data/apport did ...)
NOT-FOR-US: Apport
-CVE-2021-25682
- RESERVED
+CVE-2021-25682 (It was discovered that the get_pid_info() function in data/apport did ...)
NOT-FOR-US: Apport
CVE-2021-25681 (** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 s ...)
NOT-FOR-US: AdTran Personal Phone Manager
@@ -24912,8 +25142,8 @@ CVE-2021-24037
RESERVED
CVE-2021-24036
RESERVED
-CVE-2021-24035
- RESERVED
+CVE-2021-24035 (A lack of filename validation when unzipping archives prior to WhatsAp ...)
+ TODO: check
CVE-2021-24034
RESERVED
CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort ...)
@@ -26454,8 +26684,8 @@ CVE-2021-23395
RESERVED
CVE-2021-23394
RESERVED
-CVE-2021-23393
- RESERVED
+CVE-2021-23393 (This affects the package Flask-Unchained before 0.9.0. When using the ...)
+ TODO: check
CVE-2021-23392 (The package locutus before 2.0.15 are vulnerable to Regular Expression ...)
TODO: check
CVE-2021-23391 (This affects all versions of package calipso. It is possible for a mal ...)
@@ -57075,16 +57305,16 @@ CVE-2020-23325
RESERVED
CVE-2020-23324
RESERVED
-CVE-2020-23323
- RESERVED
-CVE-2020-23322
- RESERVED
-CVE-2020-23321
- RESERVED
-CVE-2020-23320
- RESERVED
-CVE-2020-23319
- RESERVED
+CVE-2020-23323 (There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape ...)
+ TODO: check
+CVE-2020-23322 (There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRAC ...)
+ TODO: check
+CVE-2020-23321 (There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_ ...)
+ TODO: check
+CVE-2020-23320 (There is an Assertion in 'context_p->next_scanner_info_p->type = ...)
+ TODO: check
+CVE-2020-23319 (There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) > ...)
+ TODO: check
CVE-2020-23318
RESERVED
CVE-2020-23317
@@ -57093,32 +57323,32 @@ CVE-2020-23316
RESERVED
CVE-2020-23315
RESERVED
-CVE-2020-23314
- RESERVED
-CVE-2020-23313
- RESERVED
-CVE-2020-23312
- RESERVED
-CVE-2020-23311
- RESERVED
-CVE-2020-23310
- RESERVED
-CVE-2020-23309
- RESERVED
-CVE-2020-23308
- RESERVED
+CVE-2020-23314 (There is an Assertion 'block_found' failed at js-parser-statm.c:2003 p ...)
+ TODO: check
+CVE-2020-23313 (There is an Assertion 'scope_stack_p > context_p->scope_stack_p' ...)
+ TODO: check
+CVE-2020-23312 (There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCC ...)
+ TODO: check
+CVE-2020-23311 (There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE | ...)
+ TODO: check
+CVE-2020-23310 (There is an Assertion 'context_p->next_scanner_info_p->type == S ...)
+ TODO: check
+CVE-2020-23309 (There is an Assertion 'context_p->stack_depth == context_p->cont ...)
+ TODO: check
+CVE-2020-23308 (There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSI ...)
+ TODO: check
CVE-2020-23307
RESERVED
-CVE-2020-23306
- RESERVED
+CVE-2020-23306 (There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_m ...)
+ TODO: check
CVE-2020-23305
RESERVED
CVE-2020-23304
RESERVED
-CVE-2020-23303
- RESERVED
-CVE-2020-23302
- RESERVED
+CVE-2020-23303 (There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_co ...)
+ TODO: check
+CVE-2020-23302 (There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_re ...)
+ TODO: check
CVE-2020-23301
RESERVED
CVE-2020-23300
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18ca315f230c8be17aeaeaead7fb7b65d43bc07d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18ca315f230c8be17aeaeaead7fb7b65d43bc07d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210611/53775f38/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list