[Git][security-tracker-team/security-tracker][master] various bug refs
Moritz Muehlenhoff
jmm at debian.org
Fri Mar 12 19:11:42 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8c220248 by Moritz Mühlenhoff at 2021-03-12T20:11:11+01:00
various bug refs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -153,23 +153,23 @@ CVE-2021-28146
CVE-2020-36282 (JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vuln ...)
NOT-FOR-US: JMS Client for RabbitMQ
CVE-2020-36281 (Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFew ...)
- - leptonlib <unfixed>
+ - leptonlib <unfixed> (bug #985089)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140
NOTE: https://github.com/DanBloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5
CVE-2020-36280 (Leptonica before 1.80.0 allows a heap-based buffer over-read in pixRea ...)
- - leptonlib <unfixed>
+ - leptonlib <unfixed> (bug #985089)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23654
NOTE: https://github.com/DanBloomberg/leptonica/commit/5ba34b1fe741d69d43a6c8cf767756997eadd87c
CVE-2020-36279 (Leptonica before 1.80.0 allows a heap-based buffer over-read in raster ...)
- - leptonlib <unfixed>
+ - leptonlib <unfixed> (bug #985089)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512
NOTE: https://github.com/DanBloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4
CVE-2020-36278 (Leptonica before 1.80.0 allows a heap-based buffer over-read in findNe ...)
- - leptonlib <unfixed>
+ - leptonlib <unfixed> (bug #985089)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433
NOTE: https://github.com/DanBloomberg/leptonica/commit/8d6e1755518cfb98536d6c3daf0601f226d16842
CVE-2020-36277 (Leptonica before 1.80.0 allows a denial of service (application crash) ...)
- - leptonlib <unfixed>
+ - leptonlib <unfixed> (bug #985089)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21997
NOTE: https://github.com/DanBloomberg/leptonica/pull/499
CVE-2016-20009 (** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based buffer overfl ...)
@@ -1942,7 +1942,7 @@ CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86 Inte
NOTE: the issue more precisely only affects Xen versions up to 4.11 with version
NOTE: containing broken backport for XSA-321 / CVE-2020-15565
CVE-2021-27378 (An issue was discovered in the rand_core crate before 0.6.2 for Rust. ...)
- - rust-rand-core <unfixed>
+ - rust-rand-core <unfixed> (bug #985087)
[buster] - rust-rand-core <ignored> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0023.html
CVE-2021-27377 (An issue was discovered in the yottadb crate before 1.2.0 for Rust. Fo ...)
@@ -6950,7 +6950,7 @@ CVE-2021-25317
CVE-2021-25316
RESERVED
CVE-2021-25315 (A Incorrect Implementation of Authentication Algorithm vulnerability i ...)
- - salt <unfixed>
+ - salt <unfixed> (bug #985085)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1182382
CVE-2021-25314
RESERVED
@@ -11255,7 +11255,7 @@ CVE-2021-23339 (This affects all versions before 10.1.14 and from 10.2.0 to 10.2
CVE-2021-23338 (This affects all versions of package qlib. The workflow function in cl ...)
NOT-FOR-US: qlib
CVE-2021-23337 (All versions of package lodash; all versions of package org.fujion.web ...)
- - node-lodash <unfixed>
+ - node-lodash <unfixed> (bug #985086)
[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1040724
CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ...)
@@ -16328,7 +16328,7 @@ CVE-2020-35710 (Parallels Remote Application Server (RAS) 18 allows remote attac
CVE-2020-35709 (bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with ...)
NOT-FOR-US: bloofoxCMS
CVE-2020-35711 (An issue has been discovered in the arc-swap crate before 0.4.8 (and 1 ...)
- - rust-arc-swap <unfixed>
+ - rust-arc-swap <unfixed> (bug #985090)
[buster] - rust-arc-swap <no-dsa> (Minor issue)
NOTE: https://github.com/vorner/arc-swap/issues/45
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0091.html
@@ -26814,7 +26814,7 @@ CVE-2020-28502 (This affects the package xmlhttprequest before 1.7.0; all versio
CVE-2020-28501
RESERVED
CVE-2020-28500 (All versions of package lodash; all versions of package org.fujion.web ...)
- - node-lodash <unfixed>
+ - node-lodash <unfixed> (bug #985086)
[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1018905
CVE-2020-28499 (All versions of package merge are vulnerable to Prototype Pollution vi ...)
@@ -83559,7 +83559,7 @@ CVE-2020-6100 (An exploitable memory corruption vulnerability exists in AMD atid
CVE-2020-6099
RESERVED
CVE-2020-6098 (An exploitable denial of service vulnerability exists in the freeDiame ...)
- - freediameter <unfixed>
+ - freediameter <unfixed> (bug #985088)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030
NOTE: Possible fix: http://www.freediameter.net/trac/changeset/19ab8ac08a361642e7f9ec9f2657202c6f8ef9ee/freeDiameter?old=edfb2b662b91af94b2fccc48b11eec904ccab370
CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atftpd da ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c2202486917d79351691c4d33fdfaf0c0d92763
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c2202486917d79351691c4d33fdfaf0c0d92763
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210312/bb283d77/attachment.htm>
More information about the debian-security-tracker-commits
mailing list