[Git][security-tracker-team/security-tracker][master] automatic update

Wed Mar 31 09:10:37 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e809321 by security tracker role at 2021-03-31T08:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2021-29653
+	RESERVED
+CVE-2021-29652
+	RESERVED
+CVE-2021-29651
+	RESERVED
+CVE-2021-29650 (An issue was discovered in the Linux kernel before 5.11.11. The netfil ...)
+	TODO: check
+CVE-2021-29649 (An issue was discovered in the Linux kernel before 5.11.11. The user m ...)
+	TODO: check
+CVE-2021-29648 (An issue was discovered in the Linux kernel before 5.11.11. The BPF su ...)
+	TODO: check
+CVE-2021-29647 (An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvm ...)
+	TODO: check
+CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_re ...)
+	TODO: check
+CVE-2020-36285
+	RESERVED
+CVE-2020-36284
+	RESERVED
 CVE-2021-3480
 	RESERVED
 CVE-2021-3479 [Out-of-memory caused by allocation of a very large buffer]
@@ -19829,8 +19849,8 @@ CVE-2021-21415
 	RESERVED
 CVE-2021-21414
 	RESERVED
-CVE-2021-21413
-	RESERVED
+CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to v8's Iso ...)
+	TODO: check
 CVE-2021-21412 (Potential for arbitrary code execution in npm package @thi.ng/egf `#gp ...)
 	TODO: check
 CVE-2021-21411 (OAuth2-Proxy is an open source reverse proxy that provides authenticat ...)
@@ -40775,8 +40795,8 @@ CVE-2020-24997
 CVE-2020-24996 (There is an invalid memory access in the function TextString::~TextStr ...)
 	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028
-CVE-2020-24995
-	RESERVED
+CVE-2020-24995 (Buffer overflow vulnerability in sniff_channel_order function in aacde ...)
+	TODO: check
 CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c in liba ...)
 	- libass 1:0.15.0-1
 	[buster] - libass <no-dsa> (Minor issue)
@@ -42109,8 +42129,8 @@ CVE-2020-24392 (In voloko twitter-stream 0.1.10, missing TLS hostname validation
 	[buster] - ruby-twitter-stream <no-dsa> (Minor issue)
 	[stretch] - ruby-twitter-stream <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream
-CVE-2020-24391
-	RESERVED
+CVE-2020-24391 (mongo-express before 1.0.0 offers support for certain advanced syntax  ...)
+	TODO: check
 CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape the user ...)
 	NOT-FOR-US: EyesOfNetwork (EON)
 CVE-2020-24389



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e809321207b9eb83545759afae904fc246e4d1c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e809321207b9eb83545759afae904fc246e4d1c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210331/ee3a69ae/attachment.htm>
