[Git][security-tracker-team/security-tracker][master] Merge accepted updates for 10.9

Salvatore Bonaccorso carnil at debian.org
Sat Mar 27 09:13:23 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
452e06c1 by Salvatore Bonaccorso at 2021-03-27T10:12:32+01:00
Merge accepted updates for 10.9

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1324,6 +1324,7 @@ CVE-2021-28687 [HVM soft-reset crashes toolstack]
 	NOTE: https://xenbits.xen.org/xsa/advisory-368.html
 CVE-2021-28660 (rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in t ...)
 	- linux 5.10.24-1
+	[buster] - linux 4.19.181-1
 	NOTE: https://git.kernel.org/linus/74b6b20df8cfe90ada777d621b54c32e69e27cd7
 CVE-2021-28659
 	RESERVED
@@ -2478,11 +2479,12 @@ CVE-2021-3429
 	RESERVED
 	{DLA-2601-1}
 	- cloud-init 20.4.1-2 (bug #985540)
-	[buster] - cloud-init <no-dsa> (Minor issue; can be fixed via point release)
+	[buster] - cloud-init 20.2-2~deb10u2
 	NOTE: https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668
 CVE-2021-3428 [integer overflow in ext4_es_cache_extent]
 	RESERVED
 	- linux 5.8.7-1
+	[buster] - linux 4.19.181-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1936786
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/1
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1173485
@@ -2997,6 +2999,7 @@ CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through 5.11.3
 CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as used wi ...)
 	{DLA-2586-1}
 	- linux 5.10.24-1
+	[buster] - linux 4.19.181-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-367.html
 CVE-2021-3422
 	RESERVED
@@ -4311,15 +4314,18 @@ CVE-2021-27366
 CVE-2021-27365 (An issue was discovered in the Linux kernel through 5.11.3. Certain iS ...)
 	{DLA-2586-1}
 	- linux 5.10.24-1
+	[buster] - linux 4.19.181-1
 	NOTE: https://git.kernel.org/linus/ec98ea7070e94cc25a422ec97d1421e28d97b7ee
 	NOTE: https://git.kernel.org/linus/f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
 CVE-2021-27364 (An issue was discovered in the Linux kernel through 5.11.3. drivers/sc ...)
 	{DLA-2586-1}
 	- linux 5.10.24-1
+	[buster] - linux 4.19.181-1
 	NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa
 CVE-2021-27363 (An issue was discovered in the Linux kernel through 5.11.3. A kernel p ...)
 	{DLA-2586-1}
 	- linux 5.10.24-1
+	[buster] - linux 4.19.181-1
 	NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa
 CVE-2020-36245 (GramAddict through 1.2.3 allows remote attackers to execute arbitrary  ...)
 	NOT-FOR-US: GramAddict
@@ -5236,7 +5242,7 @@ CVE-2021-26938 (** DISPUTED ** A stored XSS issue exists in henriquedornas 5.2.1
 CVE-2021-27135 (xterm before Patch #366 allows remote attackers to execute arbitrary c ...)
 	{DLA-2558-1}
 	- xterm 366-1 (bug #982439)
-	[buster] - xterm <no-dsa> (Minor issue; can be fixed via point release)
+	[buster] - xterm 344-1+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/7
 	NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_366
 	NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c
@@ -5290,14 +5296,17 @@ CVE-2021-26933 (An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a gue
 CVE-2021-26932 (An issue was discovered in the Linux kernel 3.2 through 5.10.16, as us ...)
 	{DLA-2586-1}
 	- linux 5.10.19-1
+	[buster] - linux 4.19.177-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-361.html
 CVE-2021-26931 (An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as ...)
 	{DLA-2586-1}
 	- linux 5.10.19-1
+	[buster] - linux 4.19.177-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-362.html
 CVE-2021-26930 (An issue was discovered in the Linux kernel 3.11 through 5.10.16, as u ...)
 	{DLA-2586-1}
 	- linux 5.10.19-1
+	[buster] - linux 4.19.177-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-365.html
 CVE-2021-26929 (An XSS issue was discovered in Horde Groupware Webmail Edition through ...)
 	{DLA-2564-1}
@@ -5789,7 +5798,7 @@ CVE-2021-26721
 	RESERVED
 CVE-2021-26720 (avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is ...)
 	- avahi 0.8-4
-	[buster] - avahi <no-dsa> (Minor issue; will be fixed via point release)
+	[buster] - avahi 0.7-4+deb10u1
 	[stretch] - avahi <postponed> (fix in next DLA - removal of .sh script)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/15/2
 	NOTE: Fixed by removing the avahi-daemon-check-dns.sh script.
@@ -6796,6 +6805,7 @@ CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version
 	NOTE: Fixed by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08
 CVE-2021-3348 (nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10 ...)
 	- linux 5.10.13-1
+	[buster] - linux 4.19.177-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/b98e762e3d71e893b221f871825dc64694cfb258 (5.11-rc6)
 CVE-2021-3347 (An issue was discovered in the Linux kernel through 5.10.11. PI futexe ...)
@@ -9332,7 +9342,7 @@ CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in
 	- python3.9 3.9.1-3
 	- python3.8 <removed>
 	- python3.7 <removed>
-	[buster] - python3.7 <no-dsa> (Minor issue)
+	[buster] - python3.7 3.7.3-2+deb10u3
 	[stretch] - python3.7 <no-dsa> (Minor issue)
 	- python3.5 <removed>
 	[stretch] - python3.5 <postponed> (Minor issue, can be fixed in next DLA)
@@ -19248,7 +19258,7 @@ CVE-2021-21310 (NextAuth.js (next-auth) is am open source authentication solutio
 CVE-2021-21309 (Redis is an open-source, in-memory database that persists on disk. In  ...)
 	{DLA-2576-1}
 	- redis 5:6.0.11-1 (bug #983446)
-	[buster] - redis <no-dsa> (Minor issue)
+	[buster] - redis 5:5.0.3-4+deb10u3
 	NOTE: https://github.com/redis/redis/pull/8522
 CVE-2021-21308 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...)
 	NOT-FOR-US: PrestaShop
@@ -19302,6 +19312,7 @@ CVE-2021-21290 (Netty is an open-source, asynchronous event-driven network appli
 CVE-2021-21289 (Mechanize is an open-source ruby library that makes automated web inte ...)
 	{DLA-2561-1}
 	- ruby-mechanize 2.7.7-1
+	[buster] - ruby-mechanize 2.7.6-1+deb10u1
 	NOTE: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g
 	NOTE: https://github.com/sparklemotion/mechanize/commit/aae0b13514a1a0caf93b1cf233733c50e679069a (v2.7.7)
 	NOTE: https://github.com/sparklemotion/mechanize/commit/2ac906b26f4a565a0af92df5fb9c8a36c2b75375 (v2.7.7)
@@ -21716,13 +21727,13 @@ CVE-2021-20277 [Out of bounds read in AD DC LDAP server]
 CVE-2021-20276 (A flaw was found in privoxy before 3.0.32. Invalid memory access with  ...)
 	{DLA-2587-1}
 	- privoxy 3.0.32-1
-	[buster] - privoxy <no-dsa> (Minor issue)
+	[buster] - privoxy 3.0.28-2+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=28512e5b62457f0ff6f2d72e3e5c9226b9e0203d
 CVE-2021-20275 (A flaw was found in privoxy before 3.0.32. A invalid read of size two  ...)
 	{DLA-2587-1}
 	- privoxy 3.0.32-1
-	[buster] - privoxy <no-dsa> (Minor issue)
+	[buster] - privoxy 3.0.28-2+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=a912ba7bc9ce5855a810d09332e9d94566ce1521
 CVE-2021-20274 (A flaw was found in privoxy before 3.0.32. A crash may occur due a NUL ...)
@@ -21734,13 +21745,13 @@ CVE-2021-20274 (A flaw was found in privoxy before 3.0.32. A crash may occur due
 CVE-2021-20273 (A flaw was found in privoxy before 3.0.32. A crash can occur via a cra ...)
 	{DLA-2587-1}
 	- privoxy 3.0.32-1
-	[buster] - privoxy <no-dsa> (Minor issue)
+	[buster] - privoxy 3.0.28-2+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=e711c505c4830ab271938d61af90a2075523f058
 CVE-2021-20272 (A flaw was found in privoxy before 3.0.32. An assertion failure could  ...)
 	{DLA-2587-1}
 	- privoxy 3.0.32-1
-	[buster] - privoxy <no-dsa> (Minor issue)
+	[buster] - privoxy 3.0.28-2+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=2256d7b4d67dd9c364386877d5af59943433458b
 CVE-2021-20271 (A flaw was found in RPM's signature check functionality when reading a ...)
@@ -22019,57 +22030,57 @@ CVE-2021-20218 (A flaw was found in the fabric8 kubernetes-client in version 4.2
 CVE-2021-20217 (A flaw was found in Privoxy in versions before 3.0.31. An assertion fa ...)
 	{DLA-2548-1}
 	- privoxy 3.0.31-1
-	[buster] - privoxy <no-dsa> (Minor issue)
+	[buster] - privoxy 3.0.28-2+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5bba5b89193fa2eeea51aa39fb6525c47b59a82a (3.0.31)
 CVE-2021-20216 (A flaw was found in Privoxy in versions before 3.0.31. A memory leak t ...)
 	{DLA-2548-1}
 	- privoxy 3.0.31-1
-	[buster] - privoxy <no-dsa> (Minor issue)
+	[buster] - privoxy 3.0.28-2+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=f431d61740cc03c1c5f6b7f9c7a4a8d0bedd70dd (3.0.31)
 CVE-2021-20215 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in ...)
 	{DLA-2548-1}
 	- privoxy 3.0.29-1
-	[buster] - privoxy <no-dsa> (Minor issue)
+	[buster] - privoxy 3.0.28-2+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=064eac5fd0f693e94ec8b3a64d1d91e8fb7e8e66 (3.0.29)
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=fdee85c0bf3e2dbd7722ddc45e9ed912f02a2136 (3.0.29)
 CVE-2021-20214 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in ...)
 	- privoxy 3.0.29-1
-	[buster] - privoxy <no-dsa> (Minor issue)
+	[buster] - privoxy 3.0.28-2+deb10u1
 	[stretch] - privoxy <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=cf5640eb2a57197717758e225ad6e11cbaab1d6c (3.0.29)
 CVE-2021-20213 (A flaw was found in Privoxy in versions before 3.0.29. Dereference of  ...)
 	{DLA-2548-1}
 	- privoxy 3.0.29-1
-	[buster] - privoxy <no-dsa> (Minor issue)
+	[buster] - privoxy 3.0.28-2+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=75301323495579ff27bdaaea67e31e2df83475fc (3.0.29)
 CVE-2021-20212 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak if  ...)
 	{DLA-2548-1}
 	- privoxy 3.0.29-1
-	[buster] - privoxy <no-dsa> (Minor issue)
+	[buster] - privoxy 3.0.28-2+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5cfb7bc8feecc82eb161450faa572abf9be19cbb (3.0.29)
 CVE-2021-20211 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak whe ...)
 	{DLA-2548-1}
 	- privoxy 3.0.29-1
-	[buster] - privoxy <no-dsa> (Minor issue)
+	[buster] - privoxy 3.0.28-2+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=245e1cf325bc957df6226c745b7ac3f67a97ea07 (3.0.29)
 CVE-2021-20210 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak in  ...)
 	{DLA-2548-1}
 	- privoxy 3.0.29-1
-	[buster] - privoxy <no-dsa> (Minor issue)
+	[buster] - privoxy 3.0.28-2+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=1b1370f7a8a9cc5434d3e0e54dd620df1e70c873 (3.0.29)
 CVE-2021-20209
 	RESERVED
 	{DLA-2548-1}
 	- privoxy 3.0.29-1
-	[buster] - privoxy <no-dsa> (Minor issue)
+	[buster] - privoxy 3.0.28-2+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c62254a686dcd40e3b6e5753d0c7c0308209a7b6 (3.0.29)
 CVE-2021-20208
@@ -22617,7 +22628,7 @@ CVE-2020-35503 [QEMU: NULL pointer dereference issue in megasas-gen2 host bus ad
 CVE-2020-35502 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks wh ...)
 	{DLA-2548-1}
 	- privoxy 3.0.29-1
-	[buster] - privoxy <no-dsa> (Minor issue)
+	[buster] - privoxy 3.0.28-2+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=bbd53f1010b3d6a7b55d0094b2370c3a49322ddb (3.0.29)
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=4490d451f9b61baada414233897a83ec8d9908aa (3.0.29)
@@ -34662,9 +34673,11 @@ CVE-2020-27172 (An issue was discovered in G-Data before 25.5.9.25 using Symboli
 	NOT-FOR-US: G-Data
 CVE-2020-27171 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...)
 	- linux 5.10.24-1
+	[buster] - linux 4.19.181-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/3
 CVE-2020-27170 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...)
 	- linux 5.10.24-1
+	[buster] - linux 4.19.181-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/2
 CVE-2020-27169
 	RESERVED
@@ -37139,7 +37152,7 @@ CVE-2020-26116 (http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.
 	- python3.9 3.9.0~b5-1
 	- python3.8 3.8.5-1
 	- python3.7 <removed>
-	[buster] - python3.7 <no-dsa> (Minor issue)
+	[buster] - python3.7 3.7.3-2+deb10u3
 	- python3.5 <removed>
 	NOTE: https://bugs.python.org/issue39603
 	NOTE: https://python-security.readthedocs.io/vuln/http-header-injection-method.html
@@ -73181,7 +73194,7 @@ CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulne
 CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...)
 	{DSA-4693-1 DLA-2608-1}
 	- jquery <removed>
-	[buster] - jquery <no-dsa> (Minor issue)
+	[buster] - jquery 3.3.1~dfsg-3+deb10u1
 	[jessie] - jquery <not-affected> (Vulnerable code not present)
 	- drupal7 <removed>
 	[jessie] - drupal7 <not-affected> (Vulnerable code not embedded)
@@ -73196,7 +73209,7 @@ CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5
 CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...)
 	{DSA-4693-1 DLA-2608-1}
 	- jquery <removed>
-	[buster] - jquery <no-dsa> (Minor issue)
+	[buster] - jquery 3.3.1~dfsg-3+deb10u1
 	[jessie] - jquery <not-affected> (Vulnerable code not present)
 	- node-jquery 3.5.0+dfsg-2
 	[buster] - node-jquery <no-dsa> (Minor issue)
@@ -85924,7 +85937,7 @@ CVE-2020-6177 (SAP Mobile Platform, version 3.0, does not sufficiently validate
 CVE-2019-20367 (nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ...)
 	{DLA-2566-1}
 	- libbsd 0.10.0-1
-	[buster] - libbsd <no-dsa> (Minor issue)
+	[buster] - libbsd 0.9.1-2+deb10u1
 	[jessie] - libbsd <no-dsa> (Minor issue)
 	NOTE: https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html
 	NOTE: https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b (0.10.0)
@@ -118158,6 +118171,7 @@ CVE-2019-13953 (An exploitable authentication bypass vulnerability exists in the
 	NOT-FOR-US: YI M1 Mirrorless Camera
 CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and  ...)
 	- gdnsd 3.5.0-1 (unimportant; bug #932407)
+	[buster] - gdnsd 2.4.3-1
 	NOTE: https://github.com/gdnsd/gdnsd/issues/185
 	NOTE: No security impact, data is under administrative control
 	NOTE: Patches: https://github.com/gdnsd/gdnsd/issues/185#issuecomment-513288786
@@ -144300,13 +144314,13 @@ CVE-2019-5088 (An exploitable memory corruption vulnerability exists in Investin
 CVE-2019-5087 (An exploitable integer overflow vulnerability exists in the flattenInc ...)
 	{DLA-2553-1}
 	- xcftools 1.0.7-6.1 (bug #945317)
-	[buster] - xcftools <no-dsa> (Minor issue; can be fixed via point release)
+	[buster] - xcftools 1.0.7-6+deb10u1
 	NOTE: https://github.com/j-jorge/xcftools/issues/13
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0879
 CVE-2019-5086 (An exploitable integer overflow vulnerability exists in the flattenInc ...)
 	{DLA-2553-1}
 	- xcftools 1.0.7-6.1 (bug #945317)
-	[buster] - xcftools <no-dsa> (Minor issue; can be fixed via point release)
+	[buster] - xcftools 1.0.7-6+deb10u1
 	NOTE: https://github.com/j-jorge/xcftools/issues/12
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878
 CVE-2019-5085 (An exploitable code execution vulnerability exists in the DICOM packet ...)


=====================================
data/next-point-update.txt
=====================================
@@ -1,81 +1,3 @@
-CVE-2021-20217
-	[buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20216
-	[buster] - privoxy 3.0.28-2+deb10u1
-CVE-2020-35502
-	[buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20209
-	[buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20210
-	[buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20211
-	[buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20212
-	[buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20213
-	[buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20214
-	[buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20215
-	[buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20272
-	[buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20273
-	[buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20275
-	[buster] - privoxy 3.0.28-2+deb10u1
-CVE-2021-20276
-	[buster] - privoxy 3.0.28-2+deb10u1
-CVE-2019-13952
-	[buster] - gdnsd 2.4.3-1
-CVE-2021-26720
-	[buster] - avahi 0.7-4+deb10u1
-CVE-2021-27135
-	[buster] - xterm 344-1+deb10u1
-CVE-2021-21289
-	[buster] - ruby-mechanize 2.7.6-1+deb10u1
-CVE-2020-26116
-	[buster] - python3.7 3.7.3-2+deb10u3
-CVE-2021-3177
-	[buster] - python3.7 3.7.3-2+deb10u3
-CVE-2021-21309
-	[buster] - redis 5:5.0.3-4+deb10u3
-CVE-2019-20367
-	[buster] - libbsd 0.9.1-2+deb10u1
-CVE-2021-26930
-	[buster] - linux 4.19.177-1
-CVE-2021-26931
-	[buster] - linux 4.19.177-1
-CVE-2021-26932
-	[buster] - linux 4.19.177-1
-CVE-2021-3348
-	[buster] - linux 4.19.177-1
-CVE-2020-27170
-	[buster] - linux 4.19.181-1
-CVE-2020-27171
-	[buster] - linux 4.19.181-1
-CVE-2021-27363
-	[buster] - linux 4.19.181-1
-CVE-2021-27364
-	[buster] - linux 4.19.181-1
-CVE-2021-27365
-	[buster] - linux 4.19.181-1
-CVE-2021-28038
-	[buster] - linux 4.19.181-1
-CVE-2021-28660
-	[buster] - linux 4.19.181-1
-CVE-2021-3428
-	[buster] - linux 4.19.181-1
-CVE-2019-5087
-	[buster] - xcftools 1.0.7-6+deb10u1
-CVE-2019-5086
-	[buster] - xcftools 1.0.7-6+deb10u1
-CVE-2020-11022
-	[buster] - jquery 3.3.1~dfsg-3+deb10u1
-CVE-2020-11023
-	[buster] - jquery 3.3.1~dfsg-3+deb10u1
-CVE-2021-3429
-	[buster] - cloud-init 20.2-2~deb10u2
 CVE-2019-20446
 	[buster] - librsvg 2.44.10-2.1+deb10u1
 CVE-2019-14267



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/452e06c171f4b956c522dc73c808ff5ee3cb3d71

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/452e06c171f4b956c522dc73c808ff5ee3cb3d71
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210327/2bde74f3/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list