[Git][security-tracker-team/security-tracker][master] various bugs filed

Moritz Muehlenhoff jmm at debian.org
Fri May 7 20:40:42 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b5d97147 by Moritz Mühlenhoff at 2021-05-07T21:40:18+02:00
various bugs filed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -792,7 +792,7 @@ CVE-2021-32063
 	RESERVED
 CVE-2021-32062 (MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x  ...)
 	[experimental] - mapserver 7.6.3-1~exp1
-	- mapserver <unfixed>
+	- mapserver <unfixed> (bug #988208)
 	NOTE: https://github.com/mapserver/mapserver/issues/6313
 	NOTE: https://github.com/MapServer/MapServer/pull/6314
 	NOTE: https://github.com/mapserver/mapserver/commit/927ac97cb9ece305306b5ab2b5600d3afe8c1732 (branch-7-6)
@@ -1284,7 +1284,7 @@ CVE-2021-31881
 CVE-2021-31880
 	RESERVED
 CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header upon a  ...)
-	- wget <unfixed>
+	- wget <unfixed> (bug #988209)
 	NOTE: https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
 CVE-2021-31878
 	RESERVED
@@ -2476,7 +2476,7 @@ CVE-2021-3502 [reachable assertion in avahi_s_host_name_resolver_start when tryi
 	NOTE: Introduced by: https://github.com/lathiat/avahi/commit/80c98fa16782e921f5b5d5c880f1d80f5c43bd49 (v0.8)
 CVE-2021-3500
 	RESERVED
-	- djvulibre <unfixed>
+	- djvulibre <unfixed> (bug #988215)
 	[bullseye] - djvulibre <no-dsa> (Minor issue)
 	[buster] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685
@@ -4522,7 +4522,7 @@ CVE-2021-30475
 CVE-2021-30474
 	RESERVED
 CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that i ...)
-	- aom <unfixed>
+	- aom <unfixed> (bug #988211)
 	NOTE: https://aomedia.googlesource.com/aom/+/4efe20e99dcd9b6f8eadc8de8acc825be7416578
 	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2998
 CVE-2021-30472
@@ -22156,7 +22156,7 @@ CVE-2021-22905
 	RESERVED
 CVE-2021-22904 [Possible DoS Vulnerability in Action Controller Token Authentication]
 	RESERVED
-	- rails <unfixed>
+	- rails <unfixed> (bug #988214)
 	NOTE: https://github.com/rails/rails/commit/eab8c20f3ef6a022c4c11b439b1b22cef1768d5e (main)
 	NOTE: https://github.com/rails/rails/commit/d861fa8ade353390c4419b53a6c6b41f3005b1f2 (v6.0.3.7)
 	NOTE: https://github.com/rails/rails/commit/3d9e9fdf14e044b3ba66f909582c228a9d4ffb5c (v5.2.4.6)
@@ -22167,7 +22167,7 @@ CVE-2021-22903
 	NOTE: Fixed by: https://github.com/rails/rails/commit/55e0723846aa77ce6afcb677618578fb859b7fd7 (main)
 CVE-2021-22902 [Possible Denial of Service vulnerability in Action Dispatch]
 	RESERVED
-	- rails <unfixed>
+	- rails <unfixed> (bug #988214)
 	[buster] - rails <not-affected> (Vulnerable code introduced later)
 	[stretch] - rails <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://github.com/rails/rails/commit/b61b94181b2a0cecab49d90d8f259bc8e39b662a (main)
@@ -22210,7 +22210,7 @@ CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to p
 	NOT-FOR-US: Rocket.Chat
 CVE-2021-22885 [Possible Information Disclosure / Unintended Method Execution in Action Pack]
 	RESERVED
-	- rails <unfixed>
+	- rails <unfixed> (bug #988214)
 	NOTE: https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c (main)
 	NOTE: https://github.com/rails/rails/commit/f202249bdd701f908a57d733e633d366a982f8ce (v6.0.3.7)
 	NOTE: https://github.com/rails/rails/commit/3eb9e74c287750a9fe11f700fc96d3be1e83aa35 (v5.2.4.6)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5d97147dc238627ea97875f6165a0be077b5237

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5d97147dc238627ea97875f6165a0be077b5237
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210507/54df51f7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list