[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Mar 13 20:10:37 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2a7b9502 by security tracker role at 2021-03-13T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-28361 (An issue was discovered in Storage Performance Development Kit (SPDK)  ...)
+	TODO: check
+CVE-2021-28360
+	RESERVED
+CVE-2021-28359
+	RESERVED
 CVE-2021-28358
 	RESERVED
 CVE-2021-28357
@@ -10538,7 +10544,7 @@ CVE-2021-3115 (Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerab
 	NOTE: explicitly in PATH and running 'go get' outside of a module or with module
 	NOTE: mode disabled.
 CVE-2021-3114 (In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go ...)
-	{DSA-4848-1}
+	{DSA-4848-1 DLA-2592-1 DLA-2591-1}
 	- golang-1.15 1.15.7-1
 	- golang-1.11 <removed>
 	- golang-1.8 <removed>
@@ -16687,8 +16693,8 @@ CVE-2020-35684
 	RESERVED
 CVE-2020-35683
 	RESERVED
-CVE-2020-35682
-	RESERVED
+CVE-2020-35682 (Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authenticati ...)
+	TODO: check
 CVE-2020-35681 (Django Channels 3.x before 3.0.3 allows remote attackers to obtain sen ...)
 	- python-django-channels 3.0.3-1 (bug #979376)
 	[buster] - python-django-channels <no-dsa> (Minor issue)
@@ -104240,7 +104246,7 @@ CVE-2017-1002201 (In haml versions prior to version 5.0.0.beta.2, when using use
 	NOTE: https://snyk.io/vuln/SNYK-RUBY-HAML-20362
 	NOTE: https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2
 CVE-2019-17596 (Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to ...)
-	{DSA-4551-1}
+	{DSA-4551-1 DLA-2592-1 DLA-2591-1}
 	- golang-1.13 1.13.3-1 (bug #942628)
 	- golang-1.12 1.12.12-1 (bug #942629)
 	- golang-1.11 <removed>
@@ -108006,7 +108012,7 @@ CVE-2019-16319 (In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dis
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16020
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=02ddd49885c6a09e936a76aceb726ed06539704a
 CVE-2019-16276 (Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smugglin ...)
-	{DSA-4534-1}
+	{DSA-4534-1 DLA-2592-1 DLA-2591-1}
 	- golang-1.13 1.13.1-1
 	- golang-1.12 1.12.10-1 (bug #941173)
 	- golang-1.11 <removed>
@@ -129746,7 +129752,7 @@ CVE-2019-9743 (An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-8
 CVE-2019-9742 (gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attac ...)
 	NOT-FOR-US: G Data Total Security
 CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF injection is po ...)
-	{DLA-1749-1}
+	{DLA-2592-1 DLA-2591-1 DLA-1749-1}
 	- golang-1.12 1.12-1
 	- golang-1.11 1.11.6-1 (bug #924630)
 	- golang-1.8 <removed>
@@ -163552,6 +163558,7 @@ CVE-2018-16875 (The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.
 	NOTE: https://github.com/golang/go/commit/df523969435b8945d939c7e2a849b50910ef4c25 (1.11.3)
 	NOTE: https://github.com/golang/go/commit/0a4a37f1f0a36e55d8ae5c34210a79499f9f2a9d (1.10.6)
 CVE-2018-16874 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is  ...)
+	{DLA-2592-1 DLA-2591-1}
 	- golang-1.11 1.11.3-1
 	- golang-1.10 1.10.6-1
 	- golang-1.8 <removed>
@@ -163559,6 +163566,7 @@ CVE-2018-16874 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" comma
 	NOTE: https://github.com/golang/go/issues/29231
 	NOTE: See CVE-2018-16873 for patches and regression fix
 CVE-2018-16873 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is  ...)
+	{DLA-2592-1 DLA-2591-1}
 	- golang-1.11 1.11.3-1
 	- golang-1.10 1.10.6-1
 	- golang-1.8 <removed>
@@ -217601,7 +217609,7 @@ CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and 1.9.
 	NOTE: https://golang.org/cl/68210
 	NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
 CVE-2017-15041 (Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command  ...)
-	{DLA-1148-1}
+	{DLA-2592-1 DLA-2591-1 DLA-1148-1}
 	- golang-1.9 1.9.1-1
 	- golang-1.8 1.8.4-1
 	- golang-1.7 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a7b9502eb7bc07f29dec21abd912fda5b01ffc2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a7b9502eb7bc07f29dec21abd912fda5b01ffc2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210313/4fc9fd3d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list