[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Mar 27 08:10:21 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b640d99d by security tracker role at 2021-03-27T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2021-29270
+	RESERVED
+CVE-2021-29269
+	RESERVED
+CVE-2021-29268
+	RESERVED
+CVE-2021-29267
+	RESERVED
+CVE-2021-29266 (An issue was discovered in the Linux kernel before 5.11.9. drivers/vho ...)
+	TODO: check
+CVE-2021-29265 (An issue was discovered in the Linux kernel before 5.11.7. usbip_sockf ...)
+	TODO: check
+CVE-2021-29264 (An issue was discovered in the Linux kernel through 5.11.10. drivers/n ...)
+	TODO: check
+CVE-2021-29263
+	RESERVED
 CVE-2021-3471
 	RESERVED
 CVE-2021-3470
@@ -32,8 +48,8 @@ CVE-2021-29251
 	RESERVED
 CVE-2021-29250
 	RESERVED
-CVE-2021-29249
-	RESERVED
+CVE-2021-29249 (BTCPay Server before 1.0.6.0, when the payment button is used, has a p ...)
+	TODO: check
 CVE-2021-29248
 	RESERVED
 CVE-2021-29247
@@ -16099,8 +16115,8 @@ CVE-2021-22196
 	RESERVED
 CVE-2021-22195
 	RESERVED
-CVE-2021-22194
-	RESERVED
+CVE-2021-22194 (In all versions of GitLab starting from 13.7, marshalled session keys  ...)
+	TODO: check
 CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -16128,8 +16144,8 @@ CVE-2021-22186 (An authorization issue in GitLab CE/EE version 9.4 and up allowe
 CVE-2021-22185 (Insufficient input sanitization in wikis in GitLab version 13.8 and up ...)
 	- gitlab <not-affected> (Only affects 13.8)
 	NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
-CVE-2021-22184
-	RESERVED
+CVE-2021-22184 (An information disclosure issue in GitLab starting from version 12.8 a ...)
+	TODO: check
 CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions starting ...)
 	[experimental] - gitlab 13.6.6-1
 	- gitlab <unfixed>
@@ -16138,8 +16154,8 @@ CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions st
 	- gitlab <not-affected> (Affected version never uploaded to unstable)
 CVE-2021-22181
 	RESERVED
-CVE-2021-22180
-	RESERVED
+CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
 CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. GitLab  ...)
 	- gitlab <unfixed>
 CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -18983,8 +18999,8 @@ CVE-2021-21413
 	RESERVED
 CVE-2021-21412
 	RESERVED
-CVE-2021-21411
-	RESERVED
+CVE-2021-21411 (OAuth2-Proxy is an open source reverse proxy that provides authenticat ...)
+	TODO: check
 CVE-2021-21410
 	RESERVED
 CVE-2021-21409
@@ -19015,8 +19031,8 @@ CVE-2021-21398
 	RESERVED
 CVE-2021-21397
 	RESERVED
-CVE-2021-21396
-	RESERVED
+CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure collaboratio ...)
+	TODO: check
 CVE-2021-21395
 	RESERVED
 CVE-2021-21394
@@ -19029,8 +19045,8 @@ CVE-2021-21391
 	RESERVED
 CVE-2021-21390 (MinIO is an open-source high performance object storage service and it ...)
 	NOT-FOR-US: MinIO
-CVE-2021-21389
-	RESERVED
+CVE-2021-21389 (BuddyPress is an open source WordPress plugin to build a community sit ...)
+	TODO: check
 CVE-2021-21388
 	RESERVED
 CVE-2021-21387 (Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS an ...)
@@ -19060,12 +19076,12 @@ CVE-2021-21375 (PJSIP is a free and open source multimedia communication library
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
 	NOTE: https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365
 	TODO: check, might affect sc:ring
-CVE-2021-21374
-	RESERVED
-CVE-2021-21373
-	RESERVED
-CVE-2021-21372
-	RESERVED
+CVE-2021-21374 (Nimble is a package manager for the Nim programming language. In Nim r ...)
+	TODO: check
+CVE-2021-21373 (Nimble is a package manager for the Nim programming language. In Nim r ...)
+	TODO: check
+CVE-2021-21372 (Nimble is a package manager for the Nim programming language. In Nim r ...)
+	TODO: check
 CVE-2021-21371 (Tenable for Jira Cloud is an open source project designed to pull Tena ...)
 	NOT-FOR-US: Tenable for Jira Cloud
 CVE-2021-21370 (TYPO3 is an open source PHP based web content management system. In TY ...)
@@ -19156,10 +19172,10 @@ CVE-2021-21335 (In the SPNEGO HTTP Authentication Module for nginx (spnego-http-
 CVE-2021-21334 (In containerd (an industry-standard container runtime) before versions ...)
 	- containerd 1.4.4~ds1-1
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
-CVE-2021-21333
-	RESERVED
-CVE-2021-21332
-	RESERVED
+CVE-2021-21333 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+	TODO: check
+CVE-2021-21332 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+	TODO: check
 CVE-2021-21331 (The Java client for the Datadog API before version 1.0.0-beta.9 has a  ...)
 	NOT-FOR-US: Java client for Datadog API
 CVE-2021-21330 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
@@ -22052,8 +22068,7 @@ CVE-2021-20208
 	RESERVED
 CVE-2021-20207
 	REJECTED
-CVE-2021-20206
-	RESERVED
+CVE-2021-20206 (An improper limitation of path name flaw was found in containernetwork ...)
 	- golang-github-appc-cni 0.8.1-1 (bug #983659)
 	[buster] - golang-github-appc-cni <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://github.com/containernetworking/cni/pull/808
@@ -38581,16 +38596,16 @@ CVE-2020-25584
 	RESERVED
 CVE-2020-25583
 	RESERVED
-CVE-2020-25582
-	RESERVED
-CVE-2020-25581
-	RESERVED
-CVE-2020-25580
-	RESERVED
-CVE-2020-25579
-	RESERVED
-CVE-2020-25578
-	RESERVED
+CVE-2020-25582 (In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12. ...)
+	TODO: check
+CVE-2020-25581 (In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12. ...)
+	TODO: check
+CVE-2020-25580 (In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12. ...)
+	TODO: check
+CVE-2020-25579 (In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12. ...)
+	TODO: check
+CVE-2020-25578 (In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12. ...)
+	TODO: check
 CVE-2020-25577
 	RESERVED
 CVE-2020-25572
@@ -82439,22 +82454,22 @@ CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via
 	NOT-FOR-US: Sonoff TH 10 and 16 devices
 CVE-2020-7469
 	RESERVED
-CVE-2020-7468
-	RESERVED
-CVE-2020-7467
-	RESERVED
+CVE-2020-7468 (In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12. ...)
+	TODO: check
+CVE-2020-7467 (In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12. ...)
+	TODO: check
 CVE-2020-7466 (The PPP implementation of MPD before 5.9 allows a remote attacker who  ...)
 	NOT-FOR-US: MPD (FreeBSD PPP daemon)
 CVE-2020-7465 (The L2TP implementation of MPD before 5.9 allows a remote attacker who ...)
 	NOT-FOR-US: MPD (FreeBSD PPP daemon)
-CVE-2020-7464
-	RESERVED
-CVE-2020-7463
-	RESERVED
-CVE-2020-7462
-	RESERVED
-CVE-2020-7461
-	RESERVED
+CVE-2020-7464 (In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12. ...)
+	TODO: check
+CVE-2020-7463 (In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12. ...)
+	TODO: check
+CVE-2020-7462 (In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, imprope ...)
+	TODO: check
+CVE-2020-7461 (In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12. ...)
+	TODO: check
 CVE-2020-7460 (In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-ST ...)
 	NOT-FOR-US: FreeBSD
 CVE-2020-7459 (In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-ST ...)
@@ -115013,7 +115028,7 @@ CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.
 	[stretch] - samba <no-dsa> (Minor issue)
 	[jessie] - samba <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-14847.html
-CVE-2019-14846 (Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to  ...)
+CVE-2019-14846 (In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, an ...)
 	{DLA-2535-1 DLA-2202-1}
 	- ansible 2.8.6+dfsg-1 (low; bug #942188)
 	[buster] - ansible <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b640d99d4302aee08a1a77f128c1ddb03a3bc809

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b640d99d4302aee08a1a77f128c1ddb03a3bc809
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210327/318b7be8/attachment.htm>

More information about the debian-security-tracker-commits mailing list