[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 8 08:10:25 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a77ca751 by security tracker role at 2021-03-08T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2021-28088
+ RESERVED
+CVE-2021-28087
+ RESERVED
+CVE-2021-28086
+ RESERVED
+CVE-2021-28085
+ RESERVED
+CVE-2021-28084
+ RESERVED
+CVE-2021-28083
+ RESERVED
+CVE-2021-28082
+ RESERVED
+CVE-2021-28081
+ RESERVED
+CVE-2021-28080
+ RESERVED
+CVE-2021-28079
+ RESERVED
+CVE-2021-28078
+ RESERVED
+CVE-2021-28077
+ RESERVED
+CVE-2021-28076
+ RESERVED
+CVE-2021-28075
+ RESERVED
+CVE-2021-28074
+ RESERVED
+CVE-2021-28073
+ RESERVED
+CVE-2021-28072
+ RESERVED
+CVE-2021-28071
+ RESERVED
+CVE-2021-28070
+ RESERVED
+CVE-2021-28069
+ RESERVED
+CVE-2021-28068
+ RESERVED
+CVE-2021-28067
+ RESERVED
+CVE-2021-28066
+ RESERVED
+CVE-2021-28065
+ RESERVED
+CVE-2021-28064
+ RESERVED
+CVE-2021-28063
+ RESERVED
+CVE-2021-28062
+ RESERVED
+CVE-2021-28061
+ RESERVED
+CVE-2021-28060
+ RESERVED
+CVE-2021-28059
+ RESERVED
+CVE-2021-28058
+ RESERVED
+CVE-2021-28057
+ RESERVED
+CVE-2021-28056
+ RESERVED
+CVE-2021-28055
+ RESERVED
+CVE-2021-28054
+ RESERVED
+CVE-2021-28053
+ RESERVED
+CVE-2021-28052
+ RESERVED
+CVE-2021-28051
+ RESERVED
+CVE-2021-28050
+ RESERVED
CVE-2009-20001 (An issue was discovered in MantisBT before 2.24.5. It associates a uni ...)
- mantis <removed>
CVE-2021-28049
@@ -224,6 +302,7 @@ CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through 5.11.3
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-369.html
CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as used wi ...)
+ {DLA-2586-1}
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-367.html
CVE-2021-3422
@@ -1483,13 +1562,16 @@ CVE-2021-27367 (Controller/Backend/FileEditController.php and Controller/Backend
CVE-2021-27366
RESERVED
CVE-2021-27365 (An issue was discovered in the Linux kernel through 5.11.3. Certain iS ...)
+ {DLA-2586-1}
- linux <unfixed>
NOTE: https://git.kernel.org/linus/ec98ea7070e94cc25a422ec97d1421e28d97b7ee
NOTE: https://git.kernel.org/linus/f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
CVE-2021-27364 (An issue was discovered in the Linux kernel through 5.11.3. drivers/sc ...)
+ {DLA-2586-1}
- linux <unfixed>
NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa
CVE-2021-27363 (An issue was discovered in the Linux kernel through 5.11.3. A kernel p ...)
+ {DLA-2586-1}
- linux <unfixed>
NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa
CVE-2020-36245 (GramAddict through 1.2.3 allows remote attackers to execute arbitrary ...)
@@ -2442,12 +2524,15 @@ CVE-2021-26933 (An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a gue
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-364.html
CVE-2021-26932 (An issue was discovered in the Linux kernel 3.2 through 5.10.16, as us ...)
+ {DLA-2586-1}
- linux 5.10.19-1
NOTE: https://xenbits.xen.org/xsa/advisory-361.html
CVE-2021-26931 (An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as ...)
+ {DLA-2586-1}
- linux 5.10.19-1
NOTE: https://xenbits.xen.org/xsa/advisory-362.html
CVE-2021-26930 (An issue was discovered in the Linux kernel 3.11 through 5.10.16, as u ...)
+ {DLA-2586-1}
- linux 5.10.19-1
NOTE: https://xenbits.xen.org/xsa/advisory-365.html
CVE-2021-26929 (An XSS issue was discovered in Horde Groupware Webmail Edition through ...)
@@ -3937,7 +4022,7 @@ CVE-2021-3348 (nbd_add_socket in drivers/block/nbd.c in the Linux kernel through
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b98e762e3d71e893b221f871825dc64694cfb258 (5.11-rc6)
CVE-2021-3347 (An issue was discovered in the Linux kernel through 5.10.11. PI futexe ...)
- {DSA-4843-1 DLA-2557-1}
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
- linux 5.10.12-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/1
CVE-2021-3343
@@ -6458,6 +6543,7 @@ CVE-2021-25313 (A Improper Neutralization of Input During Web Page Generation ('
CVE-2021-3179
RESERVED
CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, w ...)
+ {DLA-2586-1}
- linux 5.10.12-1 (unimportant)
[buster] - linux 4.19.171-1
NOTE: https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/
@@ -10711,8 +10797,8 @@ CVE-2021-23353
RESERVED
CVE-2021-23352
RESERVED
-CVE-2021-23351
- RESERVED
+CVE-2021-23351 (The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable ...)
+ TODO: check
CVE-2021-23350
RESERVED
CVE-2021-23349
@@ -14651,7 +14737,7 @@ CVE-2021-21497
CVE-2021-21496
RESERVED
CVE-2020-36158 (mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifie ...)
- {DSA-4843-1 DLA-2557-1}
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
- linux 5.10.5-1
NOTE: https://git.kernel.org/linus/5c455c5ab332773464d02ba17015acdca198f03d (5.11-rc1)
CVE-2020-36157 (An issue was discovered in the Ultimate Member plugin before 2.1.12 fo ...)
@@ -15342,7 +15428,8 @@ CVE-2019-25010 (An issue was discovered in the failure crate through 2019-11-13
CVE-2019-25009 (An issue was discovered in the http crate before 0.1.20 for Rust. The ...)
- rust-http <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0034.html
-CVE-2019-25008 (An issue was discovered in the http crate before 0.1.20 for Rust. Head ...)
+CVE-2019-25008
+ REJECTED
- rust-http 0.1.19-2 (bug #969896)
[buster] - rust-http <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0033.html
@@ -21716,12 +21803,12 @@ CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where r
CVE-2020-29662 (In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s ...)
NOT-FOR-US: Harbor
CVE-2020-29661 (A locking issue was discovered in the tty subsystem of the Linux kerne ...)
- {DSA-4843-1 DLA-2557-1}
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
- linux 5.9.15-1
NOTE: https://git.kernel.org/linus/54ffccbf053b5b6ca4f6e45094b942fab92a25fc
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2125
CVE-2020-29660 (A locking inconsistency issue was discovered in the tty subsystem of t ...)
- {DSA-4843-1 DLA-2557-1}
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
- linux 5.9.15-1
NOTE: https://git.kernel.org/linus/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2125
@@ -22473,11 +22560,11 @@ CVE-2020-29570 (An issue was discovered in Xen through 4.14.x. Recording of the
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-358.html
CVE-2020-29569 (An issue was discovered in the Linux kernel through 5.10.1, as used wi ...)
- {DSA-4843-1 DLA-2557-1}
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
- linux 5.9.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-350.html
CVE-2020-29568 (An issue was discovered in Xen through 4.14.x. Some OSes (such as Linu ...)
- {DSA-4843-1 DLA-2557-1}
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
- linux 5.9.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-349.html
CVE-2020-29567 (An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs t ...)
@@ -26579,7 +26666,7 @@ CVE-2020-28376
CVE-2020-28375
RESERVED
CVE-2020-28374 (In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10. ...)
- {DSA-4843-1 DLA-2557-1}
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
- linux 5.10.9-1
NOTE: https://git.kernel.org/linus/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/12
@@ -29574,7 +29661,7 @@ CVE-2020-27826
RESERVED
NOT-FOR-US: Keycloak
CVE-2020-27825 (A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux ...)
- {DSA-4843-1 DLA-2557-1}
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
- linux 5.9.6-1
NOTE: https://git.kernel.org/linus/bbeb97464eefc65f506084fd9f18f21653e01137
CVE-2020-27824 [global-buffer-overflow read in lib-openjp2]
@@ -29616,7 +29703,7 @@ CVE-2020-27816 (The elasticsearch-operator does not validate the namespace where
NOT-FOR-US: OpenShift Elasticsearch operator
CVE-2020-27815
RESERVED
- {DSA-4843-1 DLA-2557-1}
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
- linux 5.10.4-1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/30/5
CVE-2020-27814 (A heap-buffer overflow was found in the way openjpeg2 handled certain ...)
@@ -61440,7 +61527,7 @@ CVE-2020-13850 (Artica Pandora FMS 7.44 has inadequate access controls on a web
CVE-2020-13849 (The MQTT protocol 3.1.1 requires a server to set a timeout value of 1. ...)
NOT-FOR-US: MQTT protocol flaw
CVE-2020-13848 (Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attac ...)
- {DLA-2238-1}
+ {DLA-2585-1 DLA-2238-1}
- pupnp-1.8 <unfixed> (bug #962282)
[buster] - pupnp-1.8 <no-dsa> (Minor issue)
- libupnp <removed>
@@ -89832,7 +89919,7 @@ CVE-2019-19818 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.
CVE-2019-19817 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.11 ...)
NOT-FOR-US: JBIG2Globals library in npdf.dll in Nitro Free PDF Reader
CVE-2019-19816 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image ...)
- {DLA-2483-1 DLA-2385-1}
+ {DLA-2586-1 DLA-2483-1 DLA-2385-1}
- linux 5.2.6-1
[buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/6bf9e4bd6a277840d3fe8c5d5d530a1fbd3db592
@@ -89843,7 +89930,7 @@ CVE-2019-19815 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem i
CVE-2019-19814 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...)
- linux <unfixed>
CVE-2019-19813 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...)
- {DLA-2385-1}
+ {DLA-2586-1 DLA-2385-1}
- linux 5.2.6-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/6bf9e4bd6a277840d3fe8c5d5d530a1fbd3db592
@@ -95590,6 +95677,7 @@ CVE-2019-19319 (In the Linux kernel before 5.2, a setxattr operation, after a mo
- linux 5.2.6-1
[buster] - linux 4.19.87-1
CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can c ...)
+ {DLA-2586-1}
- linux 5.4.6-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/9f7fec0ba89108b9385f1b9fb167861224912a4a
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a77ca75159e0f5857907e4b7ed050eae4b1264bd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a77ca75159e0f5857907e4b7ed050eae4b1264bd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210308/78eb99ae/attachment.htm>
More information about the debian-security-tracker-commits
mailing list