[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sun Mar 21 08:10:34 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a7b70f66 by security tracker role at 2021-03-21T08:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2021-28962
+ RESERVED
+CVE-2021-28961 (applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDN ...)
+ TODO: check
+CVE-2021-28960
+ RESERVED
+CVE-2021-28959
+ RESERVED
+CVE-2021-28958
+ RESERVED
+CVE-2021-28956
+ RESERVED
+CVE-2021-28955
+ RESERVED
+CVE-2021-28954 (In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary ...)
+ TODO: check
+CVE-2021-28953 (The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual S ...)
+ TODO: check
CVE-2021-3455
RESERVED
CVE-2021-3454
@@ -10,19 +28,19 @@ CVE-2021-3451
RESERVED
CVE-2021-3450
RESERVED
-CVE-2021-28957 [Missing formaction attribute to defs.link_attrs for HTML5]
+CVE-2021-28957 (lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in h ...)
- lxml <unfixed>
NOTE: https://bugs.launchpad.net/lxml/+bug/1888153
NOTE: https://github.com/lxml/lxml/pull/316
-CVE-2021-28952 [ASoC: qcom: sdm845: Fix array out of bounds access]
+CVE-2021-28952 (An issue was discovered in the Linux kernel through 5.11.8. The sound/ ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/1c668e1c0a0f74472469cd514f40c9012b324c31
-CVE-2021-28951 [io_uring: ensure that SQPOLL thread is started for exit]
+CVE-2021-28951 (An issue was discovered in fs/io_uring.c in the Linux kernel through 5 ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/3ebba796fa251d042be42b929a2d916ee5c34a49
-CVE-2021-28950 [fuse: fix live lock in fuse_iget()]
+CVE-2021-28950 (An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before ...)
- linux 5.10.24-1
NOTE: https://git.kernel.org/linus/775c5033a0d164622d9d10dd0f0a5531639ed3ed
CVE-2021-28949
@@ -1839,8 +1857,7 @@ CVE-2021-28119 (Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote com
NOT-FOR-US: Twinkle Tray
CVE-2021-28118
RESERVED
-CVE-2021-28117
- RESERVED
+CVE-2021-28117 (libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before ...)
- plasma-discover 5.20.5-3
[buster] - plasma-discover <not-affected> (Vulnerable code introduced later)
[stretch] - plasma-discover <not-affected> (Vulnerable code introduced later)
@@ -4519,7 +4536,7 @@ CVE-2021-26939 (** DISPUTED ** An information disclosure issue exists in henriqu
NOT-FOR-US: henriquedornas
CVE-2021-26938 (** DISPUTED ** A stored XSS issue exists in henriquedornas 5.2.17 via ...)
NOT-FOR-US: henriquedornas
-CVE-2021-27135 (xterm through Patch #365 allows remote attackers to cause a denial of ...)
+CVE-2021-27135 (xterm before Patch #366 allows remote attackers to execute arbitrary c ...)
{DLA-2558-1}
- xterm 366-1 (bug #982439)
[buster] - xterm <no-dsa> (Minor issue; can be fixed via point release)
@@ -33840,12 +33857,10 @@ CVE-2020-27173 (In vm-superio before 0.1.1, the serial console FIFO can grow to
NOT-FOR-US: vm-superio
CVE-2020-27172 (An issue was discovered in G-Data before 25.5.9.25 using Symbolic link ...)
NOT-FOR-US: G-Data
-CVE-2020-27171
- RESERVED
+CVE-2020-27171 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...)
- linux 5.10.24-1
NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/3
-CVE-2020-27170
- RESERVED
+CVE-2020-27170 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...)
- linux 5.10.24-1
NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/2
CVE-2020-27169
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7b70f66d664956d7b888f11df99c531d906d104
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7b70f66d664956d7b888f11df99c531d906d104
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210321/009075cb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list