[Git][security-tracker-team/security-tracker][master] new rlottie issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d993f7b4 by Moritz Muehlenhoff at 2021-05-20T10:46:51+02:00
new rlottie issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4914,23 +4914,31 @@ CVE-2021-31325
 CVE-2021-31324 (The unprivileged user portal part of CentOS Web Panel is affected by a ...)
 	NOT-FOR-US: CentOS Web Panel
 CVE-2021-31323 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram  ...)
-	TODO: check
+	- rlottie <unfixed>
+	NOTE: https://www.shielder.it/advisories/telegram-rlottie-lottieparserimpl-parsedashproperty-heap-buffer-overflow/
 CVE-2021-31322 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram  ...)
-	TODO: check
+	- rlottie <unfixed>
+	NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-heap-buffer-overflow/
 CVE-2021-31321 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram  ...)
-	TODO: check
+	- rlottie <unfixed>
+	NOTE: https://www.shielder.it/advisories/telegram-rlottie-gray_split_cubic-stack-buffer-overflow/
 CVE-2021-31320 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram  ...)
-	TODO: check
+	- rlottie <unfixed>
+	NOTE: https://www.shielder.it/advisories/telegram-rlottie-vgradientcache-generategradientcolortable-heap-buffer-overflow/
 CVE-2021-31319 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram  ...)
-	TODO: check
+	- rlottie <unfixed>
+	NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-integer-overflow/
 CVE-2021-31318 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram  ...)
-	TODO: check
+	- rlottie <unfixed>
+	NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotcomplayeritem-lotcomplayeritem-type-confusion/
 CVE-2021-31317 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram  ...)
-	TODO: check
+	- rlottie <unfixed>
+	NOTE: https://www.shielder.it/advisories/telegram-rlottie-vdasher-vdasher-type-confusion/
 CVE-2021-31316 (The unprivileged user portal part of CentOS Web Panel is affected by a ...)
 	NOT-FOR-US: CentOS Web Panel
 CVE-2021-31315 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram  ...)
-	TODO: check
+	- rlottie <unfixed>
+	NOTE: https://www.shielder.it/advisories/telegram-rlottie-blit-stack-buffer-overflow/
 CVE-2021-31314
 	RESERVED
 CVE-2021-31313
@@ -7657,6 +7665,7 @@ CVE-2021-30152 (An issue was discovered in MediaWiki before 1.31.13 and 1.32.x t
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
 CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...)
 	- ruby-sidekiq <unfixed> (bug #987354)
+	[bullseye] - ruby-sidekiq <no-dsa> (Minor issue)
 	[buster] - ruby-sidekiq <no-dsa> (Minor issue)
 	[stretch] - ruby-sidekiq <no-dsa> (Minor issue)
 	NOTE: https://github.com/mperham/sidekiq/issues/4852



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d993f7b411cccf770de166197318b00644385b2a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d993f7b411cccf770de166197318b00644385b2a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210520/045a66fc/attachment-0001.htm>