[Git][security-tracker-team/security-tracker][master] automatic update

Wed May 26 09:10:25 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
91709915 by security tracker role at 2021-05-26T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2021-3566
+	RESERVED
+CVE-2021-33579
+	RESERVED
+CVE-2021-33578
+	RESERVED
+CVE-2021-33577
+	RESERVED
+CVE-2021-33576
+	RESERVED
+CVE-2021-33575 (The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute ...)
+	TODO: check
+CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) through 2.33 h ...)
+	TODO: check
+CVE-2021-33573
+	RESERVED
+CVE-2021-33572
+	RESERVED
+CVE-2021-33571
+	RESERVED
+CVE-2021-33570 (Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG e ...)
+	TODO: check
+CVE-2021-33569
+	RESERVED
+CVE-2021-33568
+	RESERVED
+CVE-2021-33567
+	RESERVED
+CVE-2021-33566
+	RESERVED
+CVE-2021-33565
+	RESERVED
+CVE-2016-20011 (libgrss through 0.7.0 fails to perform TLS certificate verification wh ...)
+	TODO: check
 CVE-2021-3565 [during tpm2_import command invocation a fixed AES wrapping key is used]
 	RESERVED
 	- tpm2-tools <unfixed>
@@ -3660,8 +3694,8 @@ CVE-2021-31926 (AMP Application Deployment Service in CubeCoders AMP 2.1.x befor
 	NOT-FOR-US: CubeCoders AMP
 CVE-2021-31925
 	RESERVED
-CVE-2021-31924
-	RESERVED
+CVE-2021-31924 (Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the p ...)
+	TODO: check
 CVE-2021-31923
 	RESERVED
 CVE-2021-31922 (An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffi ...)
@@ -10138,10 +10172,10 @@ CVE-2021-29255 (MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin c
 	NOT-FOR-US: MicroSeven
 CVE-2021-29254
 	RESERVED
-CVE-2021-29253
-	RESERVED
-CVE-2021-29252
-	RESERVED
+CVE-2021-29253 (The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2  ...)
+	TODO: check
+CVE-2021-29252 (RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerabi ...)
+	TODO: check
 CVE-2021-29251 (BTCPay Server before 1.0.7.1 mishandles the policy setting in which us ...)
 	NOT-FOR-US: BTCPay Server
 CVE-2021-29250 (BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripti ...)
@@ -32805,8 +32839,7 @@ CVE-2021-20210 (A flaw was found in Privoxy in versions before 3.0.29. Memory le
 	[buster] - privoxy 3.0.28-2+deb10u1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
 	NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=1b1370f7a8a9cc5434d3e0e54dd620df1e70c873 (3.0.29)
-CVE-2021-20209
-	RESERVED
+CVE-2021-20209 (A memory leak vulnerability was found in Privoxy before 3.0.29 in the  ...)
 	{DLA-2548-1}
 	- privoxy 3.0.29-1
 	[buster] - privoxy 3.0.28-2+deb10u1
@@ -49212,8 +49245,7 @@ CVE-2020-25673
 	[bullseye] - linux <postponed> (Minor issue, revisit once fixed upstream)
 	[buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
-CVE-2020-25672
-	RESERVED
+CVE-2020-25672 (A memory leak vulnerability was found in Linux kernel in llcp_sock_con ...)
 	- linux 5.10.38-1
 	[bullseye] - linux <postponed> (Minor issue, revisit once fixed upstream)
 	[buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
@@ -60254,8 +60286,8 @@ CVE-2020-20455
 	RESERVED
 CVE-2020-20454
 	RESERVED
-CVE-2020-20453
-	RESERVED
+CVE-2020-20453 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccod ...)
+	TODO: check
 CVE-2020-20452
 	RESERVED
 CVE-2020-20451 (Denial of Service issue in FFmpeg 4.2 due to resource management error ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91709915c439e65cadaffec089b03428b34b7951

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91709915c439e65cadaffec089b03428b34b7951
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210526/01a0cf73/attachment.htm>
