[Git][security-tracker-team/security-tracker][master] cimg no-dsa, various bugs filed

Sun Mar 21 19:12:24 GMT 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
413e425a by Moritz Mühlenhoff at 2021-03-21T20:11:51+01:00
cimg no-dsa, various bugs filed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18205,7 +18205,7 @@ CVE-2020-35638
 CVE-2020-35637
 	RESERVED
 CVE-2020-35636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
-	- cgal <unfixed>
+	- cgal <unfixed> (bug #985671)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
 CVE-2020-35635
 	RESERVED
@@ -18222,7 +18222,7 @@ CVE-2020-35630
 CVE-2020-35629
 	RESERVED
 CVE-2020-35628 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
-	- cgal <unfixed>
+	- cgal <unfixed> (bug #985671)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
 CVE-2021-21433
 	RESERVED
@@ -28075,7 +28075,7 @@ CVE-2020-28638 (ask_password in Tomb 2.0 through 2.7 returns a warning when pine
 CVE-2020-28637
 	RESERVED
 CVE-2020-28636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
-	- cgal <unfixed>
+	- cgal <unfixed> (bug #985671)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
 CVE-2020-28635
 	RESERVED
@@ -28146,7 +28146,7 @@ CVE-2020-28603
 CVE-2020-28602
 	RESERVED
 CVE-2020-28601 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
-	- cgal <unfixed>
+	- cgal <unfixed> (bug #985671)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
 CVE-2020-28600
 	RESERVED
@@ -31755,7 +31755,7 @@ CVE-2020-27840
 	RESERVED
 CVE-2020-27839
 	RESERVED
-	- ceph <unfixed>
+	- ceph <unfixed> (bug #985670)
 	[buster] - ceph <no-dsa> (Minor issue)
 	NOTE: https://tracker.ceph.com/issues/44591
 	NOTE: https://github.com/ceph/ceph/pull/38259
@@ -31951,7 +31951,7 @@ CVE-2020-27782 (A flaw was found in the Undertow AJP connector. Malicious reques
 	NOTE: https://issues.redhat.com/browse/UNDERTOW-1824
 	NOTE: https://github.com/undertow-io/undertow/commit/fdac349cbcd1da41fe8b9d4e7ebbab6879990c2a (2.2.4.Final)
 CVE-2020-27781 (User credentials can be manipulated and stolen by Native CephFS consum ...)
-	- ceph <unfixed>
+	- ceph <unfixed> (bug #985670)
 	NOTE: https://bugs.launchpad.net/manila/+bug/1904015
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1900109
 	NOTE: https://github.com/ceph/ceph/commit/1b8a634fdcd94dfb3ba650793fb1b6d09af65e05 (octopus)
@@ -59384,7 +59384,7 @@ CVE-2020-15402
 CVE-2020-15401 (IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privile ...)
 	NOT-FOR-US: IOBit Malware Fighter Pro
 CVE-2020-15400 (CakePHP before 4.0.6 mishandles CSRF token generation. This might be r ...)
-	- cakephp <unfixed>
+	- cakephp <unfixed> (bug #985673)
 	[buster] - cakephp <ignored> (Minor issue)
 	[stretch] - cakephp <no-dsa> (Minor issue)
 CVE-2020-15399
@@ -189861,6 +189861,7 @@ CVE-2018-7588 (An issue was discovered in CImg v.220. A heap-based buffer over-r
 	NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4
 CVE-2018-7587 (An issue was discovered in CImg v.220. DoS occurs when loading a craft ...)
 	- cimg <unfixed> (low; bug #892780; bug #940951)
+	[bullseye] - cimg <no-dsa> (Minor issue)
 	[buster] - cimg <no-dsa> (Minor issue)
 	[stretch] - cimg <no-dsa> (Minor issue)
 	[jessie] - cimg <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/413e425aaa27f24d2604ecf79d441b13800f09c1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/413e425aaa27f24d2604ecf79d441b13800f09c1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210321/bd4d66c2/attachment.htm>
