[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Mar 21 08:10:34 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a7b70f66 by security tracker role at 2021-03-21T08:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2021-28962
+	RESERVED
+CVE-2021-28961 (applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDN ...)
+	TODO: check
+CVE-2021-28960
+	RESERVED
+CVE-2021-28959
+	RESERVED
+CVE-2021-28958
+	RESERVED
+CVE-2021-28956
+	RESERVED
+CVE-2021-28955
+	RESERVED
+CVE-2021-28954 (In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary ...)
+	TODO: check
+CVE-2021-28953 (The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual S ...)
+	TODO: check
 CVE-2021-3455
 	RESERVED
 CVE-2021-3454
@@ -10,19 +28,19 @@ CVE-2021-3451
 	RESERVED
 CVE-2021-3450
 	RESERVED
-CVE-2021-28957 [Missing formaction attribute to defs.link_attrs for HTML5]
+CVE-2021-28957 (lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in h ...)
 	- lxml <unfixed>
 	NOTE: https://bugs.launchpad.net/lxml/+bug/1888153
 	NOTE: https://github.com/lxml/lxml/pull/316
-CVE-2021-28952 [ASoC: qcom: sdm845: Fix array out of bounds access]
+CVE-2021-28952 (An issue was discovered in the Linux kernel through 5.11.8. The sound/ ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/1c668e1c0a0f74472469cd514f40c9012b324c31
-CVE-2021-28951 [io_uring: ensure that SQPOLL thread is started for exit]
+CVE-2021-28951 (An issue was discovered in fs/io_uring.c in the Linux kernel through 5 ...)
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/3ebba796fa251d042be42b929a2d916ee5c34a49
-CVE-2021-28950 [fuse: fix live lock in fuse_iget()]
+CVE-2021-28950 (An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before ...)
 	- linux 5.10.24-1
 	NOTE: https://git.kernel.org/linus/775c5033a0d164622d9d10dd0f0a5531639ed3ed
 CVE-2021-28949
@@ -1839,8 +1857,7 @@ CVE-2021-28119 (Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote com
 	NOT-FOR-US: Twinkle Tray
 CVE-2021-28118
 	RESERVED
-CVE-2021-28117
-	RESERVED
+CVE-2021-28117 (libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before ...)
 	- plasma-discover 5.20.5-3
 	[buster] - plasma-discover <not-affected> (Vulnerable code introduced later)
 	[stretch] - plasma-discover <not-affected> (Vulnerable code introduced later)
@@ -4519,7 +4536,7 @@ CVE-2021-26939 (** DISPUTED ** An information disclosure issue exists in henriqu
 	NOT-FOR-US: henriquedornas
 CVE-2021-26938 (** DISPUTED ** A stored XSS issue exists in henriquedornas 5.2.17 via  ...)
 	NOT-FOR-US: henriquedornas
-CVE-2021-27135 (xterm through Patch #365 allows remote attackers to cause a denial of  ...)
+CVE-2021-27135 (xterm before Patch #366 allows remote attackers to execute arbitrary c ...)
 	{DLA-2558-1}
 	- xterm 366-1 (bug #982439)
 	[buster] - xterm <no-dsa> (Minor issue; can be fixed via point release)
@@ -33840,12 +33857,10 @@ CVE-2020-27173 (In vm-superio before 0.1.1, the serial console FIFO can grow to
 	NOT-FOR-US: vm-superio
 CVE-2020-27172 (An issue was discovered in G-Data before 25.5.9.25 using Symbolic link ...)
 	NOT-FOR-US: G-Data
-CVE-2020-27171
-	RESERVED
+CVE-2020-27171 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...)
 	- linux 5.10.24-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/3
-CVE-2020-27170
-	RESERVED
+CVE-2020-27170 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...)
 	- linux 5.10.24-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/2
 CVE-2020-27169



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7b70f66d664956d7b888f11df99c531d906d104

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7b70f66d664956d7b888f11df99c531d906d104
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210321/009075cb/attachment.htm>


More information about the debian-security-tracker-commits mailing list