[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 22 08:10:28 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fae8ec95 by security tracker role at 2021-03-22T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8,10 +8,10 @@ CVE-2021-28959
RESERVED
CVE-2021-28958
RESERVED
-CVE-2021-28956
- RESERVED
-CVE-2021-28955
- RESERVED
+CVE-2021-28956 (** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka S ...)
+ TODO: check
+CVE-2021-28955 (git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will ...)
+ TODO: check
CVE-2021-28954 (In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary ...)
NOT-FOR-US: Chris Walz bit
CVE-2021-28953 (The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual S ...)
@@ -28,7 +28,7 @@ CVE-2021-3451
RESERVED
CVE-2021-3450
RESERVED
-CVE-2021-28957 (lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in h ...)
+CVE-2021-28957 (lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.l ...)
- lxml <unfixed> (bug #985643)
NOTE: https://bugs.launchpad.net/lxml/+bug/1888153
NOTE: https://github.com/lxml/lxml/pull/316
@@ -661,7 +661,8 @@ CVE-2021-28652
RESERVED
CVE-2021-28651
RESERVED
-CVE-2021-28963 [shib service provide phishing]
+CVE-2021-28963 (Shibboleth Service Provider before 3.2.1 allows content injection beca ...)
+ {DSA-4872-1 DLA-2599-1}
- shibboleth-sp 3.2.1+dfsg1-1 (bug #985405)
- shibboleth-sp2 <removed>
NOTE: https://shibboleth.net/community/advisories/secadv_20210317.txt
@@ -6732,10 +6733,10 @@ CVE-2021-26072
RESERVED
CVE-2021-26071
RESERVED
-CVE-2021-26070
- RESERVED
-CVE-2021-26069
- RESERVED
+CVE-2021-26070 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ TODO: check
+CVE-2021-26069 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+ TODO: check
CVE-2021-26068 (An endpoint in Atlassian Jira Server for Slack plugin from version 0.0 ...)
NOT-FOR-US: Atlassian
CVE-2021-26067 (Affected versions of Atlassian Bamboo allow an unauthenticated remote ...)
@@ -21091,6 +21092,7 @@ CVE-2021-20247 (A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations
[stretch] - isync <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/22/1
CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An attacker ...)
+ {DLA-2602-1}
- imagemagick <unfixed>
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3195
@@ -21104,6 +21106,7 @@ CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker wh
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/ffb683e62ddedc6436a1b88388eb690d7ca57bf2
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a78d92dc0f468e79c3d761aae9707042952cdaca
CVE-2021-20244 (A flaw was found in ImageMagick in MagickCore/visual-effects.c. An att ...)
+ {DLA-2602-1}
- imagemagick <unfixed>
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/3194
@@ -21118,6 +21121,7 @@ CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An attac
CVE-2021-20242
REJECTED
CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker who submi ...)
+ {DLA-2602-1}
- imagemagick <unfixed>
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/3177
@@ -21458,6 +21462,7 @@ CVE-2021-20177
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=209823
NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/1
CVE-2021-20176 (A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.57+dfsg-1
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3077
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774
@@ -31983,12 +31988,14 @@ CVE-2020-27776 (A flaw was found in ImageMagick in MagickCore/statistic.c. An at
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/0c92913ec5705300943703f1795f34c0cc25164e
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3e21bc8a58b4ae38d24c7e283837cc279f35b6a5
CVE-2020-27775 (A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker w ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1737
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a2166bfb1049bac4c0f7b8b5d3ef86a1f48470b2
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/78d9987ae80a95865c9f139afde0dcf3fd832ddc
CVE-2020-27774 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1743
@@ -32002,12 +32009,14 @@ CVE-2020-27773 (A flaw was found in ImageMagick in MagickCore/gem-private.h. An
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/3d71aa8265ffaaf686021a6fbd54c037f71ee3a2
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/be6ffd9f283c2681d74469db8b000701665cf034
CVE-2020-27772 (A flaw was found in ImageMagick in coders/bmp.c. An attacker who submi ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1749
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a1142af44f61c038ad3eccc099c5b9548b507846
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7f819ef8855608d9cb1ded5e4f30cdfff1da7c11
CVE-2020-27771 (In RestoreMSCWarning() of /coders/pdf.c there are several areas where ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1753
@@ -32015,6 +32024,7 @@ CVE-2020-27771 (In RestoreMSCWarning() of /coders/pdf.c there are several areas
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/9dd1c7e1f8f6c137bfd3293be2554f59456c7b62
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a07ecde4c1c3a3efaa628434adc903295f6bb2b3
CVE-2020-27770 (Due to a missing check for 0 value of `replace_extent`, it is possible ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1721
@@ -32022,24 +32032,28 @@ CVE-2020-27770 (Due to a missing check for 0 value of `replace_extent`, it is po
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c01495f91ac71c5205f52713430b68e80d851149
CVE-2020-27769
RESERVED
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1740
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/7b058696133c6d36e0b48a454e357482db71982e
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7661113a654c9c822c23a8fb8aa1b021fc7fbe9d
CVE-2020-27768 (In ImageMagick, there is an outside the range of representable values ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1751
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/95d4e94e0353e503b71a53f5e6fad173c7c70c90
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/8c6e86f81968fab1710317d87b00c608108e6a2a
CVE-2020-27767 (A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker w ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1741
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/564f2a35e523e2b6cce9485018157f03ec05a947
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c2f66e7fc9189a652f77a021bd047c4146d634d1
CVE-2020-27766 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1734
@@ -32054,6 +32068,7 @@ CVE-2020-27765 (A flaw was found in ImageMagick in MagickCore/segment.c. An atta
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a4c89f2a61069ad7637bc7749cc1a839de442526
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4321934be544bc2888c6799fd6b50d8188a3d832
CVE-2020-27764 (In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOp ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1735
@@ -32066,12 +32081,14 @@ CVE-2020-27763 (A flaw was found in ImageMagick in MagickCore/resize.c. An attac
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/43539e67a47d2f8de832d33a5b26dc2a7a12294f
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/cc0944d57f846c839905d573503ab055b34090e4
CVE-2020-27762 (A flaw was found in ImageMagick in coders/hdr.c. An attacker who submi ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1713
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/7db3fa20893d557259da6e99e111954de83d2495
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3e10f7c3c9f0394dfd6ebd372bc34a172dabc8ff
CVE-2020-27761 (WritePALMImage() in /coders/palm.c used size_t casts in several areas ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1726
@@ -32085,18 +32102,21 @@ CVE-2020-27760 (In `GammaImage()` of /MagickCore/enhance.c, depending on the `ga
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/c5fcdea6a6ae27cf3db20c28b176e87b1a584e06
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/83cd04f580ccf4cc194813777c1fcfba78e602aa
CVE-2020-27759 (In IntensityCompare() of /MagickCore/quantize.c, a double value was be ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1720
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/d44f8a35558951a21367d306a42e5a097f3a43fe
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/460dea07066e2001bc4671fcd8d53233f0fc29b3
CVE-2020-27758 (A flaw was found in ImageMagick in coders/txt.c. An attacker who submi ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1719
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f0a8d407b2801174fd8923941a9e7822f7f9a506
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/e5e15b4456c825f78554e2ef1cc6344fa1218448
CVE-2020-27757 (A floating point math calculation in ScaleAnyToQuantum() of /MagickCor ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1712
@@ -32116,6 +32136,7 @@ CVE-2020-27755 (in SetImageExtent() of /MagickCore/image.c, an incorrect image d
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f28e9e56e1b56d4e1f09d2a56d70892ae295d6a4
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f9191f9e388330c8e22661b42092cc78a29a5d6f
CVE-2020-27754 (In IntensityCompare() of /magick/quantize.c, there are calls to PixelP ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1754
@@ -37385,11 +37406,13 @@ CVE-2020-25678 (A flaw was found in ceph in versions prior to 16.y.z where ceph
CVE-2020-25677 (A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph ...)
NOT-FOR-US: ceph Ansible module
CVE-2020-25676 (In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), Inte ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1732
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/406da3af9e09649cda152663c179902edf5ab3ac
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/94aeb3c40d25aee1051ba8eb3a31601558ef2506
CVE-2020-25675 (In the CropImage() and CropImageToTiles() routines of MagickCore/trans ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1731
@@ -37444,6 +37467,7 @@ CVE-2020-25667 (TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/986b5dff173413fa712db27eb677cdef15f0bab6
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/14ba3e46a66c4799d643c7b959792e185c6599c7
CVE-2020-25666 (There are 4 places in HistogramCompare() in MagickCore/histogram.c whe ...)
+ {DLA-2602-1}
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1750
@@ -63401,8 +63425,8 @@ CVE-2020-13967
RESERVED
CVE-2020-13966
RESERVED
-CVE-2020-13963
- RESERVED
+CVE-2020-13963 (SOPlanning before 1.47 has Incorrect Access Control because certain se ...)
+ TODO: check
CVE-2020-13962 (Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 ...)
- qtbase-opensource-src 5.14.2+dfsg-6
[buster] - qtbase-opensource-src <not-affected> (Only affects 5.12.2 and later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fae8ec95d616d33e253811bbc6c15567317c08c1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fae8ec95d616d33e253811bbc6c15567317c08c1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210322/9e817a97/attachment.htm>
More information about the debian-security-tracker-commits
mailing list