[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Mar 24 08:10:26 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
57c512b8 by security tracker role at 2021-03-24T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2021-3464
+	RESERVED
+CVE-2021-3463
+	RESERVED
+CVE-2021-3462
+	RESERVED
+CVE-2021-29134
+	RESERVED
+CVE-2021-29133 (Lack of verification in haserl, a component of Alpine Linux Configurat ...)
+	TODO: check
+CVE-2021-29132
+	RESERVED
+CVE-2021-29131
+	RESERVED
+CVE-2021-29130
+	RESERVED
+CVE-2021-29129
+	RESERVED
+CVE-2021-29128
+	RESERVED
+CVE-2021-29127
+	RESERVED
+CVE-2021-29126
+	RESERVED
+CVE-2021-29125
+	RESERVED
+CVE-2021-29124
+	RESERVED
+CVE-2021-29123
+	RESERVED
+CVE-2021-29122
+	RESERVED
+CVE-2021-29121
+	RESERVED
+CVE-2021-29120
+	RESERVED
+CVE-2021-29119
+	RESERVED
+CVE-2021-29118
+	RESERVED
+CVE-2021-29117
+	RESERVED
+CVE-2021-29116
+	RESERVED
+CVE-2021-29115
+	RESERVED
+CVE-2021-29114
+	RESERVED
+CVE-2021-29113
+	RESERVED
+CVE-2021-29112
+	RESERVED
+CVE-2021-29111
+	RESERVED
+CVE-2021-29110
+	RESERVED
+CVE-2021-29109
+	RESERVED
+CVE-2021-29108
+	RESERVED
+CVE-2021-29107
+	RESERVED
+CVE-2021-29106
+	RESERVED
+CVE-2021-29105
+	RESERVED
+CVE-2021-29104
+	RESERVED
+CVE-2021-29103
+	RESERVED
+CVE-2021-29102
+	RESERVED
+CVE-2021-29101
+	RESERVED
+CVE-2021-29100
+	RESERVED
+CVE-2021-29099
+	RESERVED
+CVE-2021-29098
+	RESERVED
+CVE-2021-29097
+	RESERVED
+CVE-2021-29096
+	RESERVED
+CVE-2021-29095
+	RESERVED
+CVE-2021-29094
+	RESERVED
+CVE-2021-29093
+	RESERVED
 CVE-2021-3461
 	RESERVED
 	NOT-FOR-US: Keycloak
@@ -257,8 +347,8 @@ CVE-2021-28969
 	RESERVED
 CVE-2021-28968 (An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in ...)
 	NOT-FOR-US: PunBB
-CVE-2021-28967
-	RESERVED
+CVE-2021-28967 (The unofficial MATLAB extension before 2.0.1 for Visual Studio Code al ...)
+	TODO: check
 CVE-2021-28966
 	RESERVED
 CVE-2021-28965
@@ -580,22 +670,22 @@ CVE-2021-28826
 	RESERVED
 CVE-2021-28825
 	RESERVED
-CVE-2021-28824
-	RESERVED
-CVE-2021-28823
-	RESERVED
-CVE-2021-28822
-	RESERVED
-CVE-2021-28821
-	RESERVED
-CVE-2021-28820
-	RESERVED
-CVE-2021-28819
-	RESERVED
-CVE-2021-28818
-	RESERVED
-CVE-2021-28817
-	RESERVED
+CVE-2021-28824 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Acti ...)
+	TODO: check
+CVE-2021-28823 (The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL ...)
+	TODO: check
+CVE-2021-28822 (The Enterprise Message Service Server (tibemsd), Enterprise Message Se ...)
+	TODO: check
+CVE-2021-28821 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Ente ...)
+	TODO: check
+CVE-2021-28820 (The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API ...)
+	TODO: check
+CVE-2021-28819 (The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL  ...)
+	TODO: check
+CVE-2021-28818 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon ...)
+	TODO: check
+CVE-2021-28817 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Rend ...)
+	TODO: check
 CVE-2021-28816
 	RESERVED
 CVE-2021-28815
@@ -2197,10 +2287,10 @@ CVE-2021-28102
 	RESERVED
 CVE-2021-28101
 	RESERVED
-CVE-2021-28100
-	RESERVED
-CVE-2021-28099
-	RESERVED
+CVE-2021-28100 (Priam uses File.createTempFile, which gives the permissions on that fi ...)
+	TODO: check
+CVE-2021-28099 (In Netflix OSS Hollow, since the Files.exists(parent) is run before cr ...)
+	TODO: check
 CVE-2020-36276
 	RESERVED
 CVE-2020-36275
@@ -2710,8 +2800,8 @@ CVE-2021-27910
 	RESERVED
 CVE-2021-27909
 	RESERVED
-CVE-2021-27908
-	RESERVED
+CVE-2021-27908 (In all versions prior to Mautic 3.3.2, secret parameters such as datab ...)
+	TODO: check
 CVE-2021-27907 (Apache Superset up to and including 0.38.0 allowed the creation of a M ...)
 	NOT-FOR-US: Apache Superset
 CVE-2021-27906 (A carefully crafted PDF file can trigger an OutOfMemory-Exception whil ...)
@@ -14200,8 +14290,8 @@ CVE-2021-22866
 	RESERVED
 CVE-2021-22865
 	RESERVED
-CVE-2021-22864
-	RESERVED
+CVE-2021-22864 (A remote code execution vulnerability was identified in GitHub Enterpr ...)
+	TODO: check
 CVE-2021-22863 (An improper access control vulnerability was identified in the GitHub  ...)
 	NOT-FOR-US: GitHub Enterprise
 CVE-2021-22862 (An improper access control vulnerability was identified in GitHub Ente ...)
@@ -18599,8 +18689,8 @@ CVE-2021-21404
 	RESERVED
 CVE-2021-21403
 	RESERVED
-CVE-2021-21402
-	RESERVED
+CVE-2021-21402 (Jellyfin is a Free Software Media System. In Jellyfin before version 1 ...)
+	TODO: check
 CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in ansi C. ...)
 	TODO: check
 CVE-2021-21400
@@ -18641,8 +18731,8 @@ CVE-2021-21383 (Wiki.js an open-source wiki app built on Node.js. Wiki.js before
 	NOT-FOR-US: Wiki.js
 CVE-2021-21382
 	RESERVED
-CVE-2021-21380
-	RESERVED
+CVE-2021-21380 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
 CVE-2021-21379 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2021-21378 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...)
@@ -39253,8 +39343,7 @@ CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in
 	NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
 	NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
-CVE-2021-3409 [sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085]
-	RESERVED
+CVE-2021-3409 (The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffectiv ...)
 	- qemu <unfixed>
 	[buster] - qemu <not-affected> (CVE-2020-17380/CVE-2020-25085 weren't backported to Buster)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
@@ -39478,8 +39567,8 @@ CVE-2020-24996 (There is an invalid memory access in the function TextString::~T
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028
 CVE-2020-24995
 	RESERVED
-CVE-2020-24994
-	RESERVED
+CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c in liba ...)
+	TODO: check
 CVE-2020-24993
 	RESERVED
 CVE-2020-24992
@@ -64835,23 +64924,23 @@ CVE-2020-13614 (An issue was discovered in ssl.c in Axel before 2.17.8. The TLS
 CVE-2020-13613
 	RESERVED
 CVE-2020-13612
-	RESERVED
+	REJECTED
 CVE-2020-13611
-	RESERVED
+	REJECTED
 CVE-2020-13610
-	RESERVED
+	REJECTED
 CVE-2020-13609
-	RESERVED
+	REJECTED
 CVE-2020-13608
-	RESERVED
+	REJECTED
 CVE-2020-13607
-	RESERVED
+	REJECTED
 CVE-2020-13606
-	RESERVED
+	REJECTED
 CVE-2020-13605
-	RESERVED
+	REJECTED
 CVE-2020-13604
-	RESERVED
+	REJECTED
 CVE-2020-13603
 	RESERVED
 CVE-2020-13602
@@ -98204,8 +98293,7 @@ CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions befo
 	[stretch] - samba <not-affected> (Only affects Samba 4.9 onwards)
 	[jessie] - samba <not-affected> (Only affects Samba 4.9 onwards)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-19344.html
-CVE-2019-19343
-	RESERVED
+CVE-2019-19343 (A flaw was found in Undertow when using Remoting as shipped in Red Hat ...)
 	- undertow <unfixed> (bug #948024; unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780445
 	NOTE: Issue affects both Undertow and rmeoting, but for adressing the immediate



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57c512b8466ec73773481ce3b4c7cb706dabe2bc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57c512b8466ec73773481ce3b4c7cb706dabe2bc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210324/a123d8c9/attachment.htm>


More information about the debian-security-tracker-commits mailing list