[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Mar 23 20:10:40 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
22b90e9a by security tracker role at 2021-03-23T20:10:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-3461
+	RESERVED
+CVE-2021-29092
+	RESERVED
+CVE-2021-29091
+	RESERVED
+CVE-2021-29090
+	RESERVED
+CVE-2021-29089
+	RESERVED
+CVE-2021-29088
+	RESERVED
+CVE-2021-29087
+	RESERVED
+CVE-2021-29086
+	RESERVED
+CVE-2021-29085
+	RESERVED
+CVE-2021-29084
+	RESERVED
+CVE-2021-29083
+	RESERVED
 CVE-2021-3460
 	RESERVED
 CVE-2021-3459
@@ -1268,8 +1290,7 @@ CVE-2021-28494
 	RESERVED
 CVE-2021-28493
 	RESERVED
-CVE-2021-3444 [bpf: Fix truncation handling for mod32 dst reg wrt zero]
-	RESERVED
+CVE-2021-3444 (The bpf verifier in the Linux kernel did not properly handle mod32 des ...)
 	- linux 5.10.19-1
 	NOTE: https://git.kernel.org/linus/9b00f1b78809309163dda2d044d9e94a3c0248a3
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/23/2
@@ -2500,8 +2521,8 @@ CVE-2021-27971
 	RESERVED
 CVE-2021-27970
 	RESERVED
-CVE-2021-27969
-	RESERVED
+CVE-2021-27969 (Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "wi ...)
+	TODO: check
 CVE-2021-27968
 	RESERVED
 CVE-2021-27967
@@ -3491,18 +3512,18 @@ CVE-2021-27533
 	RESERVED
 CVE-2021-27532
 	RESERVED
-CVE-2021-27531
-	RESERVED
-CVE-2021-27530
-	RESERVED
-CVE-2021-27529
-	RESERVED
-CVE-2021-27528
-	RESERVED
-CVE-2021-27527
-	RESERVED
-CVE-2021-27526
-	RESERVED
+CVE-2021-27531 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+	TODO: check
+CVE-2021-27530 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+	TODO: check
+CVE-2021-27529 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+	TODO: check
+CVE-2021-27528 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+	TODO: check
+CVE-2021-27527 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+	TODO: check
+CVE-2021-27526 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+	TODO: check
 CVE-2021-27525
 	RESERVED
 CVE-2021-27524
@@ -3993,10 +4014,10 @@ CVE-2021-27312
 	RESERVED
 CVE-2021-27311
 	RESERVED
-CVE-2021-27310
-	RESERVED
-CVE-2021-27309
-	RESERVED
+CVE-2021-27310 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "langua ...)
+	TODO: check
+CVE-2021-27309 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module ...)
+	TODO: check
 CVE-2021-27308 (A cross-site scripting (XSS) vulnerability in the admin login panel in ...)
 	NOT-FOR-US: 4images
 CVE-2021-27307
@@ -5650,8 +5671,7 @@ CVE-2021-3393 [postgres: information leak in error message]
 	- postgresql-11 <removed>
 	[buster] - postgresql-11 <no-dsa> (Minor issue)
 	NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
-CVE-2021-3392 [scsi: mptsas: use-after-free while processing io requests]
-	RESERVED
+CVE-2021-3392 (A use-after-free flaw was found in the MegaRAID emulator of QEMU. This ...)
 	- qemu <unfixed> (bug #984449)
 	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
@@ -13163,10 +13183,10 @@ CVE-2021-23364
 	RESERVED
 CVE-2021-23363
 	RESERVED
-CVE-2021-23362
-	RESERVED
+CVE-2021-23362 (The package hosted-git-info before 3.0.8 are vulnerable to Regular Exp ...)
+	TODO: check
 CVE-2021-23361
-	RESERVED
+	REJECTED
 CVE-2021-23360 (This affects the package killport before 1.0.2. If (attacker-controlle ...)
 	NOT-FOR-US: Node killport
 CVE-2021-23359 (This affects all versions of package port-killer. If (attacker-control ...)
@@ -13365,8 +13385,8 @@ CVE-2021-23276
 	RESERVED
 CVE-2021-23275
 	RESERVED
-CVE-2021-23274
-	RESERVED
+CVE-2021-23274 (The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Ga ...)
+	TODO: check
 CVE-2021-23273 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire  ...)
 	NOT-FOR-US: TIBCO
 CVE-2021-23272 (The Application Development Clients component of TIBCO Software Inc.'s ...)
@@ -18578,8 +18598,8 @@ CVE-2021-21403
 	RESERVED
 CVE-2021-21402
 	RESERVED
-CVE-2021-21401
-	RESERVED
+CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in ansi C. ...)
+	TODO: check
 CVE-2021-21400
 	RESERVED
 CVE-2021-21399
@@ -18624,10 +18644,10 @@ CVE-2021-21379 (XWiki Platform is a generic wiki platform offering runtime servi
 	NOT-FOR-US: XWiki
 CVE-2021-21378 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...)
 	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2021-21377
-	RESERVED
-CVE-2021-21376
-	RESERVED
+CVE-2021-21377 (OMERO.web is open source Django-based software for managing microscopy ...)
+	TODO: check
+CVE-2021-21376 (OMERO.web is open source Django-based software for managing microscopy ...)
+	TODO: check
 CVE-2021-21375 (PJSIP is a free and open source multimedia communication library writt ...)
 	- pjproject <removed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
@@ -21281,8 +21301,7 @@ CVE-2021-20271
 	[buster] - rpm <no-dsa> (Minor issue)
 	[stretch] - rpm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1934125
-CVE-2021-20270
-	RESERVED
+CVE-2021-20270 (An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lea ...)
 	{DSA-4870-1 DLA-2590-1}
 	- pygments 2.7.1+dfsg-2 (bug #984664)
 	NOTE: https://github.com/pygments/pygments/issues/1625
@@ -21507,8 +21526,7 @@ CVE-2021-20228 [basic.py no_log with fallback option]
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925002
 	NOTE: https://github.com/ansible/ansible/pull/73487
 	NOTE: Mark ansible/2.10.7-1 fixing which is moving the code to ansible-base
-CVE-2021-20227
-	RESERVED
+CVE-2021-20227 (A flaw was found in SQLite's SELECT query functionality (src/select.c) ...)
 	- sqlite3 3.34.1-1
 	[buster] - sqlite3 <not-affected> (Introduced in 3.33)
 	[stretch] - sqlite3 <not-affected> (Introduced in 3.33)
@@ -21529,8 +21547,7 @@ CVE-2021-20224
 	RESERVED
 CVE-2021-20223
 	RESERVED
-CVE-2021-20222
-	RESERVED
+CVE-2021-20222 (A flaw was found in keycloak. The new account console in keycloak can  ...)
 	NOT-FOR-US: Keycloak
 CVE-2021-20221 [GIC: out-of-bound heap buffer access via an interrupt ID field]
 	RESERVED
@@ -21543,8 +21560,7 @@ CVE-2021-20220 (A flaw was found in Undertow. A regression in the fix for CVE-20
 	- undertow <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1923133
 	TODO: CVE for incomplete fix for CVE-2020-10687 but not clear if affected any Debian released version
-CVE-2021-20219 [improper synchronization in flush_to_ldisc() can lead to DoS]
-	RESERVED
+CVE-2021-20219 (A denial of service vulnerability was found in n_tty_receive_char_spec ...)
 	- linux <not-affected> (Red Hat specific issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/10
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/16
@@ -28849,8 +28865,8 @@ CVE-2020-28505
 	RESERVED
 CVE-2020-28504
 	RESERVED
-CVE-2020-28503
-	RESERVED
+CVE-2020-28503 (The package copy-props before 2.0.5 are vulnerable to Prototype Pollut ...)
+	TODO: check
 CVE-2020-28502 (This affects the package xmlhttprequest before 1.7.0; all versions of  ...)
 	- node-xmlhttprequest 1.8.0-1
 	[stretch] - node-xmlhttprequest <end-of-life> (Nodejs in stretch not covered by security support)
@@ -39195,7 +39211,7 @@ CVE-2020-25099
 CVE-2020-25098
 	RESERVED
 CVE-2020-25097 (An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. D ...)
-	{DLA-2598-1}
+	{DSA-4873-1 DLA-2598-1}
 	- squid 4.13-8 (bug #985068)
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6
@@ -67589,8 +67605,8 @@ CVE-2020-12485 (The frame touch module does not make validity judgments on param
 	NOT-FOR-US: Vivo
 CVE-2020-12484
 	RESERVED
-CVE-2020-12483
-	RESERVED
+CVE-2020-12483 (The appstore before 8.12.0.0 exposes some of its components, and the a ...)
+	TODO: check
 CVE-2020-12482
 	RESERVED
 CVE-2020-12481
@@ -82233,8 +82249,8 @@ CVE-2020-7348
 	RESERVED
 CVE-2020-7347
 	RESERVED
-CVE-2020-7346
-	RESERVED
+CVE-2020-7346 (Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP ...)
+	TODO: check
 CVE-2020-7345
 	RESERVED
 CVE-2020-7344



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22b90e9abe32a5b6877879b76c379fc8b4b4b702

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22b90e9abe32a5b6877879b76c379fc8b4b4b702
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210323/836ddb81/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list