[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 21 21:10:27 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca50966d by security tracker role at 2021-05-21T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2021-3563
+	RESERVED
+CVE-2021-33497
+	RESERVED
+CVE-2021-33496
+	RESERVED
+CVE-2021-33495
+	RESERVED
+CVE-2021-33494
+	RESERVED
+CVE-2021-33493
+	RESERVED
+CVE-2021-33492
+	RESERVED
+CVE-2021-33491
+	RESERVED
+CVE-2021-33490
+	RESERVED
+CVE-2021-33489
+	RESERVED
+CVE-2021-33488
+	RESERVED
+CVE-2021-33487
+	RESERVED
+CVE-2021-33486
+	RESERVED
+CVE-2021-33485
+	RESERVED
 CVE-2021-3562
 	RESERVED
 CVE-2021-33484
@@ -1800,10 +1828,10 @@ CVE-2021-32636
 	RESERVED
 CVE-2021-32635
 	RESERVED
-CVE-2021-32634
-	RESERVED
-CVE-2021-32633
-	RESERVED
+CVE-2021-32634 (Emissary is a distributed, peer-to-peer, data-driven workflow framewor ...)
+	TODO: check
+CVE-2021-32633 (Zope is an open-source web application server. In Zope versions prior  ...)
+	TODO: check
 CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnera ...)
 	TODO: check
 CVE-2021-32631
@@ -3216,8 +3244,7 @@ CVE-2021-32027
 	- postgresql-9.6 <removed>
 	NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
 	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=467395bfdf33f1ccf67ca388ffdcc927271544cb (REL_13_3)
-CVE-2018-25014 [heap-based buffer overflow in ReadSymbol()]
-	RESERVED
+CVE-2018-25014 (A flaw was found in libwebp in versions before 1.0.1. An unitialized v ...)
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496
 CVE-2021-3534
@@ -3609,28 +3636,23 @@ CVE-2021-31870 (An issue was discovered in klibc before 2.0.9. Multiplication in
 	[stretch] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data)
 	NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
-CVE-2020-36332 [extreme memory allocation when reading a file]
-	RESERVED
+CVE-2020-36332 (A flaw was found in libwebp in versions before 1.0.1. When reading a f ...)
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=391
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/39cb9aad85ca7bb1d193013460db1f8cc6bff109
-CVE-2020-36331 [heap-based buffer overflow in ChunkAssignData() in mux/muxinternal.c]
-	RESERVED
+CVE-2020-36331 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=388
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/be738c6d396fa5a272c1b209be4379a7532debfe
-CVE-2020-36330 [heap-based buffer overflow in ChunkVerifyAndAssign() in mux/muxread.c]
-	RESERVED
+CVE-2020-36330 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=386
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01
-CVE-2020-36329 [use-after-free in EmitFancyRGB() in dec/io_dec.c]
-	RESERVED
+CVE-2020-36329 (A flaw was found in libwebp in versions before 1.0.1. A use-after-free ...)
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=385
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/569001f19fc81fcb5ab358f587a54c62e7c4665c
-CVE-2020-36328 [heap-based buffer overflow in WebPDecode*Into functions]
-	RESERVED
+CVE-2020-36328 (A flaw was found in libwebp in versions before 1.0.1. A heap-based buf ...)
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=383
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/71ed73cf86132394ea25ae9c7ed431e0d71043f5
@@ -3642,7 +3664,7 @@ CVE-2021-3521
 	RESERVED
 CVE-2021-3520 [memory corruption due to an integer overflow bug caused by memmove argument]
 	RESERVED
-	{DLA-2657-1}
+	{DSA-4919-1 DLA-2657-1}
 	- lz4 1.9.3-2 (bug #987856)
 	NOTE: https://github.com/lz4/lz4/pull/972
 	NOTE: Fixed by: https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7
@@ -4651,12 +4673,12 @@ CVE-2021-31477
 	RESERVED
 CVE-2021-31476
 	RESERVED
-CVE-2021-31475
-	RESERVED
-CVE-2021-31474
-	RESERVED
-CVE-2021-31473
-	RESERVED
+CVE-2021-31475 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-31474 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-31473 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2021-31472 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2021-31471 (This vulnerability allows remote attackers to disclose sensitive infor ...)
@@ -4721,10 +4743,10 @@ CVE-2021-31442 (This vulnerability allows remote attackers to execute arbitrary
 	NOT-FOR-US: Foxit Reader
 CVE-2021-31441 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit Reader
-CVE-2021-31440
-	RESERVED
-CVE-2021-31439
-	RESERVED
+CVE-2021-31440 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2021-31439 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
 CVE-2021-31438 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit
 CVE-2021-31437 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -6391,27 +6413,22 @@ CVE-2020-36323 (In the standard library in Rust before 1.52.0, there is an optim
 CVE-2020-36322 (An issue was discovered in the FUSE filesystem implementation in the L ...)
 	- linux 5.10.9-1
 	NOTE: https://git.kernel.org/linus/5d069dbe8aaf2a197142558b6fb2978189ba3454
-CVE-2018-25013 [heap-based buffer overflow in ShiftBytes()]
-	RESERVED
+CVE-2018-25013 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6
-CVE-2018-25012 [heap-based buffer overflow in GetLE24()]
-	RESERVED
+CVE-2018-25012 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/
-CVE-2018-25011 [heap-based buffer overflow in PutLE16()]
-	RESERVED
+CVE-2018-25011 (A flaw was found in libwebp in versions before 1.0.1. A heap-based buf ...)
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119
-CVE-2018-25010 [heap-based buffer overflow in ApplyFilter()]
-	RESERVED
+CVE-2018-25010 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63%5E%21/#F0
-CVE-2018-25009 [heap-based buffer overflow in GetLE16()]
-	RESERVED
+CVE-2018-25009 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
 	- libwebp <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/
@@ -8775,8 +8792,8 @@ CVE-2021-29683 (IBM Security Identity Manager 7.0.2 stores user credentials in p
 	NOT-FOR-US: IBM
 CVE-2021-29682 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...)
 	NOT-FOR-US: IBM
-CVE-2021-29681
-	RESERVED
+CVE-2021-29681 (IBM InfoSphere Information Server 11.7 could allow an attacker to obta ...)
+	TODO: check
 CVE-2021-29680
 	RESERVED
 CVE-2021-29679
@@ -9553,10 +9570,10 @@ CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitr
 	NOT-FOR-US: gitjacker
 CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...)
 	NOT-FOR-US: Burp Suite (different from src:burp)
-CVE-2021-29415
-	RESERVED
-CVE-2021-29414
-	RESERVED
+CVE-2021-29415 (The elliptic curve cryptography (ECC) hardware accelerator, part of th ...)
+	TODO: check
+CVE-2021-29414 (STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect p ...)
+	TODO: check
 CVE-2021-29413
 	RESERVED
 CVE-2021-29412
@@ -13350,8 +13367,8 @@ CVE-2021-27813
 	RESERVED
 CVE-2021-27812
 	RESERVED
-CVE-2021-27811
-	RESERVED
+CVE-2021-27811 (A code injection vulnerability has been discovered in the Upgrade func ...)
+	TODO: check
 CVE-2021-27810
 	RESERVED
 CVE-2021-27809
@@ -45248,16 +45265,16 @@ CVE-2020-27214
 	RESERVED
 CVE-2020-27213
 	RESERVED
-CVE-2020-27212
-	RESERVED
-CVE-2020-27211
-	RESERVED
+CVE-2020-27212 (STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect a ...)
+	TODO: check
+CVE-2020-27211 (Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper ...)
+	TODO: check
 CVE-2020-27210
 	RESERVED
 CVE-2020-27209 (The ECDSA operation of the micro-ecc library 1.0 is vulnerable to simp ...)
 	TODO: check
-CVE-2020-27208
-	RESERVED
+CVE-2020-27208 (The flash read-out protection (RDP) level is not enforced during the d ...)
+	TODO: check
 CVE-2020-27207 (Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sq ...)
 	NOT-FOR-US: Zetetic SQLCipher
 CVE-2020-27206
@@ -53344,14 +53361,14 @@ CVE-2020-23770
 	RESERVED
 CVE-2020-23769
 	RESERVED
-CVE-2020-23768
-	RESERVED
+CVE-2020-23768 (An information disclosure vulnerability was discovered in alipay_funct ...)
+	TODO: check
 CVE-2020-23767
 	RESERVED
-CVE-2020-23766
-	RESERVED
-CVE-2020-23765
-	RESERVED
+CVE-2020-23766 (An arbitrary file deletion vulnerability was discovered on htmly v2.7. ...)
+	TODO: check
+CVE-2020-23765 (A file upload vulnerability was discovered in the file path /bl-plugin ...)
+	TODO: check
 CVE-2020-23764
 	RESERVED
 CVE-2020-23763 (SQL injection in admin.php in Online Book Store 1.0 allows remote atta ...)
@@ -80109,8 +80126,8 @@ CVE-2020-12062 (** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends d
 	NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/1
 	NOTE: Negligible security impact, a malicious peer can achieve no more than already
 	NOTE: able o achieve within the scp protocol.
-CVE-2020-12061
-	RESERVED
+CVE-2020-12061 (An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Com ...)
+	TODO: check
 CVE-2020-12060
 	RESERVED
 CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request with an ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca50966d676a961e34aeb97926185e56767bfeb8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca50966d676a961e34aeb97926185e56767bfeb8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210521/ff90d36b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list