[Git][security-tracker-team/security-tracker][master] various bugs filed
Moritz Muehlenhoff
jmm at debian.org
Fri May 7 20:40:42 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b5d97147 by Moritz Mühlenhoff at 2021-05-07T21:40:18+02:00
various bugs filed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -792,7 +792,7 @@ CVE-2021-32063
RESERVED
CVE-2021-32062 (MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x ...)
[experimental] - mapserver 7.6.3-1~exp1
- - mapserver <unfixed>
+ - mapserver <unfixed> (bug #988208)
NOTE: https://github.com/mapserver/mapserver/issues/6313
NOTE: https://github.com/MapServer/MapServer/pull/6314
NOTE: https://github.com/mapserver/mapserver/commit/927ac97cb9ece305306b5ab2b5600d3afe8c1732 (branch-7-6)
@@ -1284,7 +1284,7 @@ CVE-2021-31881
CVE-2021-31880
RESERVED
CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header upon a ...)
- - wget <unfixed>
+ - wget <unfixed> (bug #988209)
NOTE: https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
CVE-2021-31878
RESERVED
@@ -2476,7 +2476,7 @@ CVE-2021-3502 [reachable assertion in avahi_s_host_name_resolver_start when tryi
NOTE: Introduced by: https://github.com/lathiat/avahi/commit/80c98fa16782e921f5b5d5c880f1d80f5c43bd49 (v0.8)
CVE-2021-3500
RESERVED
- - djvulibre <unfixed>
+ - djvulibre <unfixed> (bug #988215)
[bullseye] - djvulibre <no-dsa> (Minor issue)
[buster] - djvulibre <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685
@@ -4522,7 +4522,7 @@ CVE-2021-30475
CVE-2021-30474
RESERVED
CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that i ...)
- - aom <unfixed>
+ - aom <unfixed> (bug #988211)
NOTE: https://aomedia.googlesource.com/aom/+/4efe20e99dcd9b6f8eadc8de8acc825be7416578
NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2998
CVE-2021-30472
@@ -22156,7 +22156,7 @@ CVE-2021-22905
RESERVED
CVE-2021-22904 [Possible DoS Vulnerability in Action Controller Token Authentication]
RESERVED
- - rails <unfixed>
+ - rails <unfixed> (bug #988214)
NOTE: https://github.com/rails/rails/commit/eab8c20f3ef6a022c4c11b439b1b22cef1768d5e (main)
NOTE: https://github.com/rails/rails/commit/d861fa8ade353390c4419b53a6c6b41f3005b1f2 (v6.0.3.7)
NOTE: https://github.com/rails/rails/commit/3d9e9fdf14e044b3ba66f909582c228a9d4ffb5c (v5.2.4.6)
@@ -22167,7 +22167,7 @@ CVE-2021-22903
NOTE: Fixed by: https://github.com/rails/rails/commit/55e0723846aa77ce6afcb677618578fb859b7fd7 (main)
CVE-2021-22902 [Possible Denial of Service vulnerability in Action Dispatch]
RESERVED
- - rails <unfixed>
+ - rails <unfixed> (bug #988214)
[buster] - rails <not-affected> (Vulnerable code introduced later)
[stretch] - rails <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://github.com/rails/rails/commit/b61b94181b2a0cecab49d90d8f259bc8e39b662a (main)
@@ -22210,7 +22210,7 @@ CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to p
NOT-FOR-US: Rocket.Chat
CVE-2021-22885 [Possible Information Disclosure / Unintended Method Execution in Action Pack]
RESERVED
- - rails <unfixed>
+ - rails <unfixed> (bug #988214)
NOTE: https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c (main)
NOTE: https://github.com/rails/rails/commit/f202249bdd701f908a57d733e633d366a982f8ce (v6.0.3.7)
NOTE: https://github.com/rails/rails/commit/3eb9e74c287750a9fe11f700fc96d3be1e83aa35 (v5.2.4.6)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5d97147dc238627ea97875f6165a0be077b5237
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5d97147dc238627ea97875f6165a0be077b5237
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210507/54df51f7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list