[Git][security-tracker-team/security-tracker][master] 3 commits: Add Debian bug reference for CVE-2021-22895

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 14 20:15:19 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eb983059 by Salvatore Bonaccorso at 2021-06-14T21:00:10+02:00
Add Debian bug reference for CVE-2021-22895

- - - - -
aa1c7b7e by Salvatore Bonaccorso at 2021-06-14T21:09:20+02:00
Add Debian bug reference for CVE-2021-22212/ntpsec

- - - - -
1dade929 by Salvatore Bonaccorso at 2021-06-14T21:11:02+02:00
Add Debian bug reference for CVE-2021-33503/python-urllib3

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2621,7 +2621,7 @@ CVE-2021-33504
 	RESERVED
 CVE-2021-33503 [Catastrophic backtracking in URL authority parser when passed URL containing many @ characters]
 	RESERVED
-	- python-urllib3 <unfixed>
+	- python-urllib3 <unfixed> (bug #989848)
 	NOTE: https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
 	NOTE: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
 CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x befo ...)
@@ -27862,7 +27862,7 @@ CVE-2021-22897 (curl 7.61.0 through 7.76.1 suffers from exposure of data element
 CVE-2021-22896 (Nextcloud Mail before 1.9.5 suffers from improper access control due t ...)
 	NOT-FOR-US: Nextcloud Mail
 CVE-2021-22895 (Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certif ...)
-	- nextcloud-desktop <unfixed>
+	- nextcloud-desktop <unfixed> (bug #989846)
 	[buster] - nextcloud-desktop <no-dsa> (Minor issue)
 	NOTE: https://github.com/nextcloud/desktop/pull/2926
 	NOTE: https://github.com/nextcloud/desktop/commit/b1ddd0e491b2af0ed040e658d8bcde2a7a61c9fc (stable-3.1)
@@ -29426,7 +29426,7 @@ CVE-2021-22214 (When requests to the internal network for webhooks are enabled,
 CVE-2021-22213 (A cross-site leak vulnerability in the OAuth flow of all versions of G ...)
 	- gitlab <unfixed>
 CVE-2021-22212 (ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 all ...)
-	- ntpsec <unfixed>
+	- ntpsec <unfixed> (bug #989847)
 	[buster] - ntpsec <not-affected> (Only affects 1.2.0)
 	NOTE: https://gitlab.com/NTPsec/ntpsec/-/issues/699
 	NOTE: https://gitlab.com/NTPsec/ntpsec/-/commit/b09be47d650280cc7ebdcd45dfa07eca4b9a52f8



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/82d99617598ed2f8774f08579495da4947356bac...1dade9295ecd809f8ae26d18f5d7ec50ac8e7468

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/82d99617598ed2f8774f08579495da4947356bac...1dade9295ecd809f8ae26d18f5d7ec50ac8e7468
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210614/d714c967/attachment.htm>

More information about the debian-security-tracker-commits mailing list