[Git][security-tracker-team/security-tracker][master] 3 commits: Add Debian bug reference for CVE-2021-22895
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 14 20:15:19 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eb983059 by Salvatore Bonaccorso at 2021-06-14T21:00:10+02:00
Add Debian bug reference for CVE-2021-22895
- - - - -
aa1c7b7e by Salvatore Bonaccorso at 2021-06-14T21:09:20+02:00
Add Debian bug reference for CVE-2021-22212/ntpsec
- - - - -
1dade929 by Salvatore Bonaccorso at 2021-06-14T21:11:02+02:00
Add Debian bug reference for CVE-2021-33503/python-urllib3
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2621,7 +2621,7 @@ CVE-2021-33504
RESERVED
CVE-2021-33503 [Catastrophic backtracking in URL authority parser when passed URL containing many @ characters]
RESERVED
- - python-urllib3 <unfixed>
+ - python-urllib3 <unfixed> (bug #989848)
NOTE: https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
NOTE: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x befo ...)
@@ -27862,7 +27862,7 @@ CVE-2021-22897 (curl 7.61.0 through 7.76.1 suffers from exposure of data element
CVE-2021-22896 (Nextcloud Mail before 1.9.5 suffers from improper access control due t ...)
NOT-FOR-US: Nextcloud Mail
CVE-2021-22895 (Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certif ...)
- - nextcloud-desktop <unfixed>
+ - nextcloud-desktop <unfixed> (bug #989846)
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE: https://github.com/nextcloud/desktop/pull/2926
NOTE: https://github.com/nextcloud/desktop/commit/b1ddd0e491b2af0ed040e658d8bcde2a7a61c9fc (stable-3.1)
@@ -29426,7 +29426,7 @@ CVE-2021-22214 (When requests to the internal network for webhooks are enabled,
CVE-2021-22213 (A cross-site leak vulnerability in the OAuth flow of all versions of G ...)
- gitlab <unfixed>
CVE-2021-22212 (ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 all ...)
- - ntpsec <unfixed>
+ - ntpsec <unfixed> (bug #989847)
[buster] - ntpsec <not-affected> (Only affects 1.2.0)
NOTE: https://gitlab.com/NTPsec/ntpsec/-/issues/699
NOTE: https://gitlab.com/NTPsec/ntpsec/-/commit/b09be47d650280cc7ebdcd45dfa07eca4b9a52f8
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/82d99617598ed2f8774f08579495da4947356bac...1dade9295ecd809f8ae26d18f5d7ec50ac8e7468
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/82d99617598ed2f8774f08579495da4947356bac...1dade9295ecd809f8ae26d18f5d7ec50ac8e7468
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210614/d714c967/attachment.htm>
More information about the debian-security-tracker-commits
mailing list