[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 31 09:10:37 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4e809321 by security tracker role at 2021-03-31T08:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2021-29653
+ RESERVED
+CVE-2021-29652
+ RESERVED
+CVE-2021-29651
+ RESERVED
+CVE-2021-29650 (An issue was discovered in the Linux kernel before 5.11.11. The netfil ...)
+ TODO: check
+CVE-2021-29649 (An issue was discovered in the Linux kernel before 5.11.11. The user m ...)
+ TODO: check
+CVE-2021-29648 (An issue was discovered in the Linux kernel before 5.11.11. The BPF su ...)
+ TODO: check
+CVE-2021-29647 (An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvm ...)
+ TODO: check
+CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_re ...)
+ TODO: check
+CVE-2020-36285
+ RESERVED
+CVE-2020-36284
+ RESERVED
CVE-2021-3480
RESERVED
CVE-2021-3479 [Out-of-memory caused by allocation of a very large buffer]
@@ -19829,8 +19849,8 @@ CVE-2021-21415
RESERVED
CVE-2021-21414
RESERVED
-CVE-2021-21413
- RESERVED
+CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to v8's Iso ...)
+ TODO: check
CVE-2021-21412 (Potential for arbitrary code execution in npm package @thi.ng/egf `#gp ...)
TODO: check
CVE-2021-21411 (OAuth2-Proxy is an open source reverse proxy that provides authenticat ...)
@@ -40775,8 +40795,8 @@ CVE-2020-24997
CVE-2020-24996 (There is an invalid memory access in the function TextString::~TextStr ...)
- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028
-CVE-2020-24995
- RESERVED
+CVE-2020-24995 (Buffer overflow vulnerability in sniff_channel_order function in aacde ...)
+ TODO: check
CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c in liba ...)
- libass 1:0.15.0-1
[buster] - libass <no-dsa> (Minor issue)
@@ -42109,8 +42129,8 @@ CVE-2020-24392 (In voloko twitter-stream 0.1.10, missing TLS hostname validation
[buster] - ruby-twitter-stream <no-dsa> (Minor issue)
[stretch] - ruby-twitter-stream <no-dsa> (Minor issue)
NOTE: https://securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream
-CVE-2020-24391
- RESERVED
+CVE-2020-24391 (mongo-express before 1.0.0 offers support for certain advanced syntax ...)
+ TODO: check
CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape the user ...)
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2020-24389
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e809321207b9eb83545759afae904fc246e4d1c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e809321207b9eb83545759afae904fc246e4d1c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210331/ee3a69ae/attachment.htm>
More information about the debian-security-tracker-commits
mailing list