[Git][security-tracker-team/security-tracker][master] Merge accepted updates for 10.9
Salvatore Bonaccorso
carnil at debian.org
Sat Mar 27 09:13:23 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
452e06c1 by Salvatore Bonaccorso at 2021-03-27T10:12:32+01:00
Merge accepted updates for 10.9
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1324,6 +1324,7 @@ CVE-2021-28687 [HVM soft-reset crashes toolstack]
NOTE: https://xenbits.xen.org/xsa/advisory-368.html
CVE-2021-28660 (rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in t ...)
- linux 5.10.24-1
+ [buster] - linux 4.19.181-1
NOTE: https://git.kernel.org/linus/74b6b20df8cfe90ada777d621b54c32e69e27cd7
CVE-2021-28659
RESERVED
@@ -2478,11 +2479,12 @@ CVE-2021-3429
RESERVED
{DLA-2601-1}
- cloud-init 20.4.1-2 (bug #985540)
- [buster] - cloud-init <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - cloud-init 20.2-2~deb10u2
NOTE: https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668
CVE-2021-3428 [integer overflow in ext4_es_cache_extent]
RESERVED
- linux 5.8.7-1
+ [buster] - linux 4.19.181-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1936786
NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/1
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1173485
@@ -2997,6 +2999,7 @@ CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through 5.11.3
CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as used wi ...)
{DLA-2586-1}
- linux 5.10.24-1
+ [buster] - linux 4.19.181-1
NOTE: https://xenbits.xen.org/xsa/advisory-367.html
CVE-2021-3422
RESERVED
@@ -4311,15 +4314,18 @@ CVE-2021-27366
CVE-2021-27365 (An issue was discovered in the Linux kernel through 5.11.3. Certain iS ...)
{DLA-2586-1}
- linux 5.10.24-1
+ [buster] - linux 4.19.181-1
NOTE: https://git.kernel.org/linus/ec98ea7070e94cc25a422ec97d1421e28d97b7ee
NOTE: https://git.kernel.org/linus/f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
CVE-2021-27364 (An issue was discovered in the Linux kernel through 5.11.3. drivers/sc ...)
{DLA-2586-1}
- linux 5.10.24-1
+ [buster] - linux 4.19.181-1
NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa
CVE-2021-27363 (An issue was discovered in the Linux kernel through 5.11.3. A kernel p ...)
{DLA-2586-1}
- linux 5.10.24-1
+ [buster] - linux 4.19.181-1
NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa
CVE-2020-36245 (GramAddict through 1.2.3 allows remote attackers to execute arbitrary ...)
NOT-FOR-US: GramAddict
@@ -5236,7 +5242,7 @@ CVE-2021-26938 (** DISPUTED ** A stored XSS issue exists in henriquedornas 5.2.1
CVE-2021-27135 (xterm before Patch #366 allows remote attackers to execute arbitrary c ...)
{DLA-2558-1}
- xterm 366-1 (bug #982439)
- [buster] - xterm <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - xterm 344-1+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/7
NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_366
NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c
@@ -5290,14 +5296,17 @@ CVE-2021-26933 (An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a gue
CVE-2021-26932 (An issue was discovered in the Linux kernel 3.2 through 5.10.16, as us ...)
{DLA-2586-1}
- linux 5.10.19-1
+ [buster] - linux 4.19.177-1
NOTE: https://xenbits.xen.org/xsa/advisory-361.html
CVE-2021-26931 (An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as ...)
{DLA-2586-1}
- linux 5.10.19-1
+ [buster] - linux 4.19.177-1
NOTE: https://xenbits.xen.org/xsa/advisory-362.html
CVE-2021-26930 (An issue was discovered in the Linux kernel 3.11 through 5.10.16, as u ...)
{DLA-2586-1}
- linux 5.10.19-1
+ [buster] - linux 4.19.177-1
NOTE: https://xenbits.xen.org/xsa/advisory-365.html
CVE-2021-26929 (An XSS issue was discovered in Horde Groupware Webmail Edition through ...)
{DLA-2564-1}
@@ -5789,7 +5798,7 @@ CVE-2021-26721
RESERVED
CVE-2021-26720 (avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is ...)
- avahi 0.8-4
- [buster] - avahi <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - avahi 0.7-4+deb10u1
[stretch] - avahi <postponed> (fix in next DLA - removal of .sh script)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/15/2
NOTE: Fixed by removing the avahi-daemon-check-dns.sh script.
@@ -6796,6 +6805,7 @@ CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version
NOTE: Fixed by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08
CVE-2021-3348 (nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10 ...)
- linux 5.10.13-1
+ [buster] - linux 4.19.177-1
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b98e762e3d71e893b221f871825dc64694cfb258 (5.11-rc6)
CVE-2021-3347 (An issue was discovered in the Linux kernel through 5.10.11. PI futexe ...)
@@ -9332,7 +9342,7 @@ CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in
- python3.9 3.9.1-3
- python3.8 <removed>
- python3.7 <removed>
- [buster] - python3.7 <no-dsa> (Minor issue)
+ [buster] - python3.7 3.7.3-2+deb10u3
[stretch] - python3.7 <no-dsa> (Minor issue)
- python3.5 <removed>
[stretch] - python3.5 <postponed> (Minor issue, can be fixed in next DLA)
@@ -19248,7 +19258,7 @@ CVE-2021-21310 (NextAuth.js (next-auth) is am open source authentication solutio
CVE-2021-21309 (Redis is an open-source, in-memory database that persists on disk. In ...)
{DLA-2576-1}
- redis 5:6.0.11-1 (bug #983446)
- [buster] - redis <no-dsa> (Minor issue)
+ [buster] - redis 5:5.0.3-4+deb10u3
NOTE: https://github.com/redis/redis/pull/8522
CVE-2021-21308 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...)
NOT-FOR-US: PrestaShop
@@ -19302,6 +19312,7 @@ CVE-2021-21290 (Netty is an open-source, asynchronous event-driven network appli
CVE-2021-21289 (Mechanize is an open-source ruby library that makes automated web inte ...)
{DLA-2561-1}
- ruby-mechanize 2.7.7-1
+ [buster] - ruby-mechanize 2.7.6-1+deb10u1
NOTE: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g
NOTE: https://github.com/sparklemotion/mechanize/commit/aae0b13514a1a0caf93b1cf233733c50e679069a (v2.7.7)
NOTE: https://github.com/sparklemotion/mechanize/commit/2ac906b26f4a565a0af92df5fb9c8a36c2b75375 (v2.7.7)
@@ -21716,13 +21727,13 @@ CVE-2021-20277 [Out of bounds read in AD DC LDAP server]
CVE-2021-20276 (A flaw was found in privoxy before 3.0.32. Invalid memory access with ...)
{DLA-2587-1}
- privoxy 3.0.32-1
- [buster] - privoxy <no-dsa> (Minor issue)
+ [buster] - privoxy 3.0.28-2+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=28512e5b62457f0ff6f2d72e3e5c9226b9e0203d
CVE-2021-20275 (A flaw was found in privoxy before 3.0.32. A invalid read of size two ...)
{DLA-2587-1}
- privoxy 3.0.32-1
- [buster] - privoxy <no-dsa> (Minor issue)
+ [buster] - privoxy 3.0.28-2+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=a912ba7bc9ce5855a810d09332e9d94566ce1521
CVE-2021-20274 (A flaw was found in privoxy before 3.0.32. A crash may occur due a NUL ...)
@@ -21734,13 +21745,13 @@ CVE-2021-20274 (A flaw was found in privoxy before 3.0.32. A crash may occur due
CVE-2021-20273 (A flaw was found in privoxy before 3.0.32. A crash can occur via a cra ...)
{DLA-2587-1}
- privoxy 3.0.32-1
- [buster] - privoxy <no-dsa> (Minor issue)
+ [buster] - privoxy 3.0.28-2+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=e711c505c4830ab271938d61af90a2075523f058
CVE-2021-20272 (A flaw was found in privoxy before 3.0.32. An assertion failure could ...)
{DLA-2587-1}
- privoxy 3.0.32-1
- [buster] - privoxy <no-dsa> (Minor issue)
+ [buster] - privoxy 3.0.28-2+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=2256d7b4d67dd9c364386877d5af59943433458b
CVE-2021-20271 (A flaw was found in RPM's signature check functionality when reading a ...)
@@ -22019,57 +22030,57 @@ CVE-2021-20218 (A flaw was found in the fabric8 kubernetes-client in version 4.2
CVE-2021-20217 (A flaw was found in Privoxy in versions before 3.0.31. An assertion fa ...)
{DLA-2548-1}
- privoxy 3.0.31-1
- [buster] - privoxy <no-dsa> (Minor issue)
+ [buster] - privoxy 3.0.28-2+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5bba5b89193fa2eeea51aa39fb6525c47b59a82a (3.0.31)
CVE-2021-20216 (A flaw was found in Privoxy in versions before 3.0.31. A memory leak t ...)
{DLA-2548-1}
- privoxy 3.0.31-1
- [buster] - privoxy <no-dsa> (Minor issue)
+ [buster] - privoxy 3.0.28-2+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=f431d61740cc03c1c5f6b7f9c7a4a8d0bedd70dd (3.0.31)
CVE-2021-20215 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in ...)
{DLA-2548-1}
- privoxy 3.0.29-1
- [buster] - privoxy <no-dsa> (Minor issue)
+ [buster] - privoxy 3.0.28-2+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=064eac5fd0f693e94ec8b3a64d1d91e8fb7e8e66 (3.0.29)
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=fdee85c0bf3e2dbd7722ddc45e9ed912f02a2136 (3.0.29)
CVE-2021-20214 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in ...)
- privoxy 3.0.29-1
- [buster] - privoxy <no-dsa> (Minor issue)
+ [buster] - privoxy 3.0.28-2+deb10u1
[stretch] - privoxy <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=cf5640eb2a57197717758e225ad6e11cbaab1d6c (3.0.29)
CVE-2021-20213 (A flaw was found in Privoxy in versions before 3.0.29. Dereference of ...)
{DLA-2548-1}
- privoxy 3.0.29-1
- [buster] - privoxy <no-dsa> (Minor issue)
+ [buster] - privoxy 3.0.28-2+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=75301323495579ff27bdaaea67e31e2df83475fc (3.0.29)
CVE-2021-20212 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak if ...)
{DLA-2548-1}
- privoxy 3.0.29-1
- [buster] - privoxy <no-dsa> (Minor issue)
+ [buster] - privoxy 3.0.28-2+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5cfb7bc8feecc82eb161450faa572abf9be19cbb (3.0.29)
CVE-2021-20211 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak whe ...)
{DLA-2548-1}
- privoxy 3.0.29-1
- [buster] - privoxy <no-dsa> (Minor issue)
+ [buster] - privoxy 3.0.28-2+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=245e1cf325bc957df6226c745b7ac3f67a97ea07 (3.0.29)
CVE-2021-20210 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak in ...)
{DLA-2548-1}
- privoxy 3.0.29-1
- [buster] - privoxy <no-dsa> (Minor issue)
+ [buster] - privoxy 3.0.28-2+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=1b1370f7a8a9cc5434d3e0e54dd620df1e70c873 (3.0.29)
CVE-2021-20209
RESERVED
{DLA-2548-1}
- privoxy 3.0.29-1
- [buster] - privoxy <no-dsa> (Minor issue)
+ [buster] - privoxy 3.0.28-2+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c62254a686dcd40e3b6e5753d0c7c0308209a7b6 (3.0.29)
CVE-2021-20208
@@ -22617,7 +22628,7 @@ CVE-2020-35503 [QEMU: NULL pointer dereference issue in megasas-gen2 host bus ad
CVE-2020-35502 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks wh ...)
{DLA-2548-1}
- privoxy 3.0.29-1
- [buster] - privoxy <no-dsa> (Minor issue)
+ [buster] - privoxy 3.0.28-2+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=bbd53f1010b3d6a7b55d0094b2370c3a49322ddb (3.0.29)
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=4490d451f9b61baada414233897a83ec8d9908aa (3.0.29)
@@ -34662,9 +34673,11 @@ CVE-2020-27172 (An issue was discovered in G-Data before 25.5.9.25 using Symboli
NOT-FOR-US: G-Data
CVE-2020-27171 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...)
- linux 5.10.24-1
+ [buster] - linux 4.19.181-1
NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/3
CVE-2020-27170 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...)
- linux 5.10.24-1
+ [buster] - linux 4.19.181-1
NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/2
CVE-2020-27169
RESERVED
@@ -37139,7 +37152,7 @@ CVE-2020-26116 (http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.
- python3.9 3.9.0~b5-1
- python3.8 3.8.5-1
- python3.7 <removed>
- [buster] - python3.7 <no-dsa> (Minor issue)
+ [buster] - python3.7 3.7.3-2+deb10u3
- python3.5 <removed>
NOTE: https://bugs.python.org/issue39603
NOTE: https://python-security.readthedocs.io/vuln/http-header-injection-method.html
@@ -73181,7 +73194,7 @@ CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulne
CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...)
{DSA-4693-1 DLA-2608-1}
- jquery <removed>
- [buster] - jquery <no-dsa> (Minor issue)
+ [buster] - jquery 3.3.1~dfsg-3+deb10u1
[jessie] - jquery <not-affected> (Vulnerable code not present)
- drupal7 <removed>
[jessie] - drupal7 <not-affected> (Vulnerable code not embedded)
@@ -73196,7 +73209,7 @@ CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5
CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...)
{DSA-4693-1 DLA-2608-1}
- jquery <removed>
- [buster] - jquery <no-dsa> (Minor issue)
+ [buster] - jquery 3.3.1~dfsg-3+deb10u1
[jessie] - jquery <not-affected> (Vulnerable code not present)
- node-jquery 3.5.0+dfsg-2
[buster] - node-jquery <no-dsa> (Minor issue)
@@ -85924,7 +85937,7 @@ CVE-2020-6177 (SAP Mobile Platform, version 3.0, does not sufficiently validate
CVE-2019-20367 (nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ...)
{DLA-2566-1}
- libbsd 0.10.0-1
- [buster] - libbsd <no-dsa> (Minor issue)
+ [buster] - libbsd 0.9.1-2+deb10u1
[jessie] - libbsd <no-dsa> (Minor issue)
NOTE: https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html
NOTE: https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b (0.10.0)
@@ -118158,6 +118171,7 @@ CVE-2019-13953 (An exploitable authentication bypass vulnerability exists in the
NOT-FOR-US: YI M1 Mirrorless Camera
CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and ...)
- gdnsd 3.5.0-1 (unimportant; bug #932407)
+ [buster] - gdnsd 2.4.3-1
NOTE: https://github.com/gdnsd/gdnsd/issues/185
NOTE: No security impact, data is under administrative control
NOTE: Patches: https://github.com/gdnsd/gdnsd/issues/185#issuecomment-513288786
@@ -144300,13 +144314,13 @@ CVE-2019-5088 (An exploitable memory corruption vulnerability exists in Investin
CVE-2019-5087 (An exploitable integer overflow vulnerability exists in the flattenInc ...)
{DLA-2553-1}
- xcftools 1.0.7-6.1 (bug #945317)
- [buster] - xcftools <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - xcftools 1.0.7-6+deb10u1
NOTE: https://github.com/j-jorge/xcftools/issues/13
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0879
CVE-2019-5086 (An exploitable integer overflow vulnerability exists in the flattenInc ...)
{DLA-2553-1}
- xcftools 1.0.7-6.1 (bug #945317)
- [buster] - xcftools <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - xcftools 1.0.7-6+deb10u1
NOTE: https://github.com/j-jorge/xcftools/issues/12
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878
CVE-2019-5085 (An exploitable code execution vulnerability exists in the DICOM packet ...)
=====================================
data/next-point-update.txt
=====================================
@@ -1,81 +1,3 @@
-CVE-2021-20217
- [buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20216
- [buster] - privoxy 3.0.28-2+deb10u1
-CVE-2020-35502
- [buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20209
- [buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20210
- [buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20211
- [buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20212
- [buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20213
- [buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20214
- [buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20215
- [buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20272
- [buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20273
- [buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20275
- [buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20276
- [buster] - privoxy 3.0.28-2+deb10u1
-CVE-2019-13952
- [buster] - gdnsd 2.4.3-1
-CVE-2021-26720
- [buster] - avahi 0.7-4+deb10u1
-CVE-2021-27135
- [buster] - xterm 344-1+deb10u1
-CVE-2021-21289
- [buster] - ruby-mechanize 2.7.6-1+deb10u1
-CVE-2020-26116
- [buster] - python3.7 3.7.3-2+deb10u3
-CVE-2021-3177
- [buster] - python3.7 3.7.3-2+deb10u3
-CVE-2021-21309
- [buster] - redis 5:5.0.3-4+deb10u3
-CVE-2019-20367
- [buster] - libbsd 0.9.1-2+deb10u1
-CVE-2021-26930
- [buster] - linux 4.19.177-1
-CVE-2021-26931
- [buster] - linux 4.19.177-1
-CVE-2021-26932
- [buster] - linux 4.19.177-1
-CVE-2021-3348
- [buster] - linux 4.19.177-1
-CVE-2020-27170
- [buster] - linux 4.19.181-1
-CVE-2020-27171
- [buster] - linux 4.19.181-1
-CVE-2021-27363
- [buster] - linux 4.19.181-1
-CVE-2021-27364
- [buster] - linux 4.19.181-1
-CVE-2021-27365
- [buster] - linux 4.19.181-1
-CVE-2021-28038
- [buster] - linux 4.19.181-1
-CVE-2021-28660
- [buster] - linux 4.19.181-1
-CVE-2021-3428
- [buster] - linux 4.19.181-1
-CVE-2019-5087
- [buster] - xcftools 1.0.7-6+deb10u1
-CVE-2019-5086
- [buster] - xcftools 1.0.7-6+deb10u1
-CVE-2020-11022
- [buster] - jquery 3.3.1~dfsg-3+deb10u1
-CVE-2020-11023
- [buster] - jquery 3.3.1~dfsg-3+deb10u1
-CVE-2021-3429
- [buster] - cloud-init 20.2-2~deb10u2
CVE-2019-20446
[buster] - librsvg 2.44.10-2.1+deb10u1
CVE-2019-14267
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/452e06c171f4b956c522dc73c808ff5ee3cb3d71
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/452e06c171f4b956c522dc73c808ff5ee3cb3d71
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210327/2bde74f3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list