[Git][security-tracker-team/security-tracker][master] automatic update

Tue Jun 15 21:10:36 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
854d9422 by security tracker role at 2021-06-15T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-3603
+	RESERVED
+CVE-2021-3602
+	RESERVED
 CVE-2021-34695
 	RESERVED
 CVE-2021-34694
@@ -7129,8 +7133,7 @@ CVE-2021-31620
 	RESERVED
 CVE-2021-31619
 	RESERVED
-CVE-2021-31618 [httpd: NULL pointer dereference on specially crafted HTTP/2 request]
-	RESERVED
+CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol checks rec ...)
 	[experimental] - apache2 2.4.48-1
 	- apache2 2.4.46-5 (bug #989562)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618
@@ -50993,6 +50996,7 @@ CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access P
 CVE-2020-26138 (In SilverStripe through 4.6.0-rc1, a FormField with square brackets in ...)
 	NOT-FOR-US: SilverStripe
 CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...)
+	{DLA-2686-1}
 	- python-urllib3 1.25.9-1
 	[buster] - python-urllib3 <no-dsa> (Minor issue)
 	NOTE: https://bugs.python.org/issue39603
@@ -140870,6 +140874,7 @@ CVE-2019-11323 (HAProxy before 1.9.7 mishandles a reload with rotated keys, whic
 	NOTE: Introduced in: https://git.haproxy.org/?p=haproxy.git;a=commit;h=9e7547740cc2d0a6851de8ca9ac57488bdbb8bf2
 	NOTE: Fixed by: https://git.haproxy.org/?p=haproxy.git;a=commit;h=8ef706502aa2000531d36e4ac56dbdc7c30f718d
 CVE-2019-11324 (The urllib3 library before 1.24.2 for Python mishandles certain cases  ...)
+	{DLA-2686-1}
 	- python-urllib3 1.25.6-4 (bug #927412)
 	[buster] - python-urllib3 <no-dsa> (Minor issue)
 	[jessie] - python-urllib3 <not-affected> (Vulnerable code introduced later)
@@ -141096,7 +141101,7 @@ CVE-2019-11238
 CVE-2019-11237
 	RESERVED
 CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF injection is po ...)
-	{DLA-1828-1}
+	{DLA-2686-1 DLA-1828-1}
 	[experimental] - python-urllib3 1.25.6-1
 	- python-urllib3 1.25.6-4 (bug #927172)
 	[buster] - python-urllib3 <no-dsa> (Minor issue)
@@ -166650,6 +166655,7 @@ CVE-2018-20062 (An issue was discovered in NoneCms V1.3. thinkphp/library/think/
 CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x through  ...)
 	NOT-FOR-US: Frappe ERPNext
 CVE-2018-20060 (urllib3 before version 1.23 does not remove the Authorization HTTP hea ...)
+	{DLA-2686-1}
 	- python-urllib3 1.24-1
 	[jessie] - python-urllib3 <ignored> (Minor issue)
 	NOTE: https://github.com/urllib3/urllib3/issues/1316



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/854d9422e8b475425fd714144b4b524a6400ba5a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/854d9422e8b475425fd714144b4b524a6400ba5a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210615/5af388af/attachment.htm>
