[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 27 09:10:36 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8db503c7 by security tracker role at 2021-05-27T08:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-33588
+ RESERVED
+CVE-2021-33587
+ RESERVED
CVE-2021-33585
RESERVED
CVE-2021-33584
@@ -10,7 +14,7 @@ CVE-2021-33581
RESERVED
CVE-2021-33580
RESERVED
-CVE-2021-33586 [inspircd memory disclosure]
+CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to co ...)
- inspircd 3.8.1-2 (bug #989144)
[buster] - inspircd <not-affected> (Vulnerable code not present)
[stretch] - inspircd <not-affected> (Vulnerable code not present)
@@ -244,8 +248,7 @@ CVE-2021-33482
RESERVED
CVE-2021-33478
RESERVED
-CVE-2021-3561 [Global buffer overflow in fig2dev/read.c in function read_objects]
- RESERVED
+CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bound ...)
- fig2dev 1:3.2.8-3
[buster] - fig2dev <no-dsa> (Minor issue)
[stretch] - fig2dev <no-dsa> (Minor issue)
@@ -2092,16 +2095,14 @@ CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, wri
NOTE: https://github.com/Exiv2/exiv2/pull/1657
CVE-2021-32616
RESERVED
-CVE-2021-3549
- RESERVED
+CVE-2021-3549 (An out of bounds flaw was found in GNU binutils objdump utility versio ...)
- binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27294
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1cfcf3004e1830f8fe9112cfcd15285508d2c2b7
NOTE: binutils not covered by security support
CVE-2021-32615 (Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Inj ...)
- piwigo <removed>
-CVE-2021-32614 [read in memcpy() for up to 204 bytes in fill_mishblk()]
- RESERVED
+CVE-2021-32614 (A flaw was found in dmg2img through 20170502. fill_mishblk() does not ...)
- dmg2img <unfixed> (unimportant; bug #989008)
NOTE: https://github.com/Lekensteyn/dmg2img/issues/11
NOTE: Crash in CLI tool, no security impact
@@ -2209,8 +2210,7 @@ CVE-2021-3544 [vhost-user-gpu: multiple memory leaks]
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01152.html
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01156.html
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01158.html
-CVE-2021-3548 [OOB in dmg2img.c memcpy() causing undefined behavior]
- RESERVED
+CVE-2021-3548 (A flaw was found in dmg2img through 20170502. dmg2img did not validate ...)
- dmg2img <unfixed> (unimportant)
NOTE: https://github.com/Lekensteyn/dmg2img/issues/9
NOTE: Crash in CLI tool, no security impact
@@ -3751,8 +3751,7 @@ CVE-2021-31922 (An HTTP Request Smuggling vulnerability in Pulse Secure Virtual
NOT-FOR-US: Pulse Secure
CVE-2021-3528 (A flaw was found in noobaa-operator in versions before 5.7.0, where in ...)
NOT-FOR-US: noobaa
-CVE-2021-3527 [usb: unbounded stack allocation in usbredir]
- RESERVED
+CVE-2021-3527 (A flaw was found in the USB redirector device (usb-redir) of QEMU. Sma ...)
- qemu <unfixed> (bug #988157)
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
@@ -3774,8 +3773,7 @@ CVE-2021-3523
CVE-2021-31921
RESERVED
NOT-FOR-US: Istio
-CVE-2021-31920
- RESERVED
+CVE-2021-31920 (Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable v ...)
NOT-FOR-US: Istio
CVE-2021-31919 (An issue was discovered in the rkyv crate before 0.6.0 for Rust. When ...)
NOT-FOR-US: Rust crate rkyv
@@ -4803,8 +4801,7 @@ CVE-2021-31522
RESERVED
CVE-2021-3510
RESERVED
-CVE-2021-3509
- RESERVED
+CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ...)
- ceph <unfixed> (bug #988888)
[buster] - ceph <not-affected> (Vulnerable code introduced later)
[stretch] - ceph <not-affected> (Vulnerable code introduced later)
@@ -7158,22 +7155,19 @@ CVE-2021-3493 (The overlayfs implementation in the linux kernel did not properly
- linux 5.10.38-1
[stretch] - linux <not-affected> (Unprivileged users cannot mount overlayfs)
NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1
-CVE-2021-30501
- RESERVED
-CVE-2021-30500
- RESERVED
+CVE-2021-30501 (An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in ...)
+ TODO: check
+CVE-2021-30500 (Null pointer dereference was found in upx PackLinuxElf::canUnpack() in ...)
- upx-ucl <unfixed> (unimportant)
NOTE: https://github.com/upx/upx/issues/485
NOTE: https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc
-CVE-2021-30499
- RESERVED
+CVE-2021-30499 (A flaw was found in libcaca. A buffer overflow of export.c in function ...)
- libcaca <unfixed> (bug #987278)
[bullseye] - libcaca <no-dsa> (Minor issue)
[buster] - libcaca <no-dsa> (Minor issue)
[stretch] - libcaca <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/cacalabs/libcaca/issues/54
-CVE-2021-30498
- RESERVED
+CVE-2021-30498 (A flaw was found in libcaca. A heap buffer overflow in export.c in fun ...)
- libcaca <unfixed> (bug #987278)
[bullseye] - libcaca <no-dsa> (Minor issue)
[buster] - libcaca <no-dsa> (Minor issue)
@@ -7275,8 +7269,7 @@ CVE-2021-3487 (There's a flaw in the BFD library of binutils in versions before
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26946
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24
NOTE: binutils not covered by security support
-CVE-2021-3486
- RESERVED
+CVE-2021-3486 (GLPi 9.5.4 does not sanitize the metadata. This way its possible to in ...)
- glpi <removed>
NOTE: https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS
CVE-2021-30475
@@ -7287,29 +7280,25 @@ CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory
- aom <unfixed> (bug #988211)
NOTE: https://aomedia.googlesource.com/aom/+/4efe20e99dcd9b6f8eadc8de8acc825be7416578
NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2998
-CVE-2021-30472
- RESERVED
+CVE-2021-30472 (A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in Pdf ...)
- libpodofo <unfixed> (bug #986794)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
NOTE: https://sourceforge.net/p/podofo/tickets/132/
-CVE-2021-30471
- RESERVED
+CVE-2021-30471 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in Pd ...)
- libpodofo <unfixed> (bug #986793)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
NOTE: https://sourceforge.net/p/podofo/tickets/131/
-CVE-2021-30470
- RESERVED
+CVE-2021-30470 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among ...)
- libpodofo <unfixed> (bug #986792)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
NOTE: https://sourceforge.net/p/podofo/tickets/130/
-CVE-2021-30469
- RESERVED
+CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecO ...)
- libpodofo <unfixed> (bug #986791)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
@@ -12728,8 +12717,8 @@ CVE-2021-28172 (There is a Path Traversal vulnerability in the file download fun
NOT-FOR-US: Vangene deltaFlow E-platform
CVE-2021-28171 (The Vangene deltaFlow E-platform does not take properly protective mea ...)
NOT-FOR-US: Vangene deltaFlow E-platform
-CVE-2021-28170
- RESERVED
+CVE-2021-28170 (In the Jakarta Expression Language implementation 3.0.3 and earlier, a ...)
+ TODO: check
CVE-2021-28169
RESERVED
CVE-2021-28168 (Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains ...)
@@ -19049,8 +19038,8 @@ CVE-2021-25645 (An issue was discovered in Couchbase Server before 6.0.5, 6.1.x
NOT-FOR-US: Couchbase Server
CVE-2021-25644 (An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 ...)
NOT-FOR-US: Couchbase Server
-CVE-2021-25643
- RESERVED
+CVE-2021-25643 (An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 a ...)
+ TODO: check
CVE-2020-36200 (TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated ...)
NOT-FOR-US: TinyCheck
CVE-2020-36199 (TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command ...)
@@ -20068,8 +20057,7 @@ CVE-2021-25219
RESERVED
CVE-2021-25218
RESERVED
-CVE-2021-25217 [A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient]
- RESERVED
+CVE-2021-25217 (In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 ( ...)
- isc-dhcp <unfixed>
NOTE: https://kb.isc.org/docs/cve-2021-25217
NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/6
@@ -25467,40 +25455,40 @@ CVE-2021-22749
RESERVED
CVE-2021-22748
RESERVED
-CVE-2021-22747
- RESERVED
-CVE-2021-22746
- RESERVED
-CVE-2021-22745
- RESERVED
-CVE-2021-22744
- RESERVED
-CVE-2021-22743
- RESERVED
-CVE-2021-22742
- RESERVED
-CVE-2021-22741
- RESERVED
-CVE-2021-22740
- RESERVED
-CVE-2021-22739
- RESERVED
-CVE-2021-22738
- RESERVED
-CVE-2021-22737
- RESERVED
-CVE-2021-22736
- RESERVED
-CVE-2021-22735
- RESERVED
-CVE-2021-22734
- RESERVED
-CVE-2021-22733
- RESERVED
-CVE-2021-22732
- RESERVED
-CVE-2021-22731
- RESERVED
+CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ TODO: check
+CVE-2021-22746 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ TODO: check
+CVE-2021-22745 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ TODO: check
+CVE-2021-22744 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ TODO: check
+CVE-2021-22743 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ TODO: check
+CVE-2021-22742 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ TODO: check
+CVE-2021-22741 (Use of Password Hash with Insufficient Computational Effort vulnerabil ...)
+ TODO: check
+CVE-2021-22740 (Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) ...)
+ TODO: check
+CVE-2021-22739 (Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) ...)
+ TODO: check
+CVE-2021-22738 (Use of a Broken or Risky Cryptographic Algorithm vulnerability exists ...)
+ TODO: check
+CVE-2021-22737 (Insufficiently Protected Credentials vulnerability exists in homeLYnk ...)
+ TODO: check
+CVE-2021-22736 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2021-22735 (Improper Verification of Cryptographic Signature vulnerability exists ...)
+ TODO: check
+CVE-2021-22734 (Improper Verification of Cryptographic Signature vulnerability exists ...)
+ TODO: check
+CVE-2021-22733 (Improper Privilege Management vulnerability exists in homeLYnk (Wiser ...)
+ TODO: check
+CVE-2021-22732 (Improper Privilege Management vulnerability exists in homeLYnk (Wiser ...)
+ TODO: check
+CVE-2021-22731 (Weak Password Recovery Mechanism for Forgotten Password vulnerability ...)
+ TODO: check
CVE-2021-22730
RESERVED
CVE-2021-22729
@@ -25551,8 +25539,8 @@ CVE-2021-22707
RESERVED
CVE-2021-22706
RESERVED
-CVE-2021-22705
- RESERVED
+CVE-2021-22705 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+ TODO: check
CVE-2021-22704
RESERVED
CVE-2021-22703 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...)
@@ -25563,8 +25551,8 @@ CVE-2021-22701 (A CWE-352: Cross-Site Request Forgery vulnerability exists in Po
NOT-FOR-US: PowerLogic
CVE-2021-22700
RESERVED
-CVE-2021-22699
- RESERVED
+CVE-2021-22699 (Improper Input Validation vulnerability exists in Modicon M241/M251 lo ...)
+ TODO: check
CVE-2021-22698 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
NOT-FOR-US: EcoStruxure Power Build
CVE-2021-22697 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
@@ -30919,7 +30907,7 @@ CVE-2021-21044 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier)
NOT-FOR-US: Adobe
CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross ...)
NOT-FOR-US: Adobe
-CVE-2021-21042 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+CVE-2021-21042 (Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.3001 ...)
NOT-FOR-US: Adobe
CVE-2021-21041 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
NOT-FOR-US: Adobe
@@ -32506,8 +32494,7 @@ CVE-2021-20299
RESERVED
CVE-2021-20298
RESERVED
-CVE-2021-20297 [Setting match.path and activating a profiles crashes NetworkManager]
- RESERVED
+CVE-2021-20297 (A flaw was found in NetworkManager in versions before 1.30.0. Setting ...)
- network-manager 1.30.0-2 (bug #986809)
[buster] - network-manager <not-affected> (Vulnerable code introduced later)
[stretch] - network-manager <not-affected> (Vulnerable code introduced later)
@@ -33025,8 +33012,7 @@ CVE-2021-20197 (There is an open race window when writing output in the followin
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=365f5fb6d0f0da83817431a275e99e6f6babbe04
NOTE: binutils not covered by security support
-CVE-2021-20196 [block: fdc: null pointer dereference may lead to guest crash]
- RESERVED
+CVE-2021-20196 (A NULL pointer dereference flaw was found in the floppy disk emulator ...)
- qemu <unfixed> (bug #984453)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Fix along in future DSA)
@@ -33050,8 +33036,7 @@ CVE-2021-20193 (A flaw was found in the src/list.c of tar 1.33 and earlier. This
NOTE: Memory leak in CLI tool, no security impact
CVE-2021-20192
RESERVED
-CVE-2021-20191
- RESERVED
+CVE-2021-20191 (A flaw was found in ansible. Credentials, such as secrets, are being d ...)
- ansible <unfixed> (bug #985753)
[bullseye] - ansible <no-dsa> (Minor issue)
[buster] - ansible <no-dsa> (Minor issue)
@@ -33109,8 +33094,7 @@ CVE-2021-20178 (A flaw was found in ansible module where credentials are disclos
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1914774
NOTE: https://github.com/ansible-collections/community.general/pull/1621
NOTE: https://github.com/ansible-collections/community.general/commit/3560aeb12f7061bf21d63ca0e1e19feb99c57de3
-CVE-2021-20177
- RESERVED
+CVE-2021-20177 (A flaw was found in the Linux kernel's implementation of string matchi ...)
{DSA-4843-1 DLA-2557-1}
- linux 5.5.13-1
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -43625,8 +43609,7 @@ CVE-2020-27840 (A flaw was found in samba. Spaces used in a string around a doma
NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=dbb3e65f7e382adf5fa6a6afb3d8684aca3f201a
NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=9532c44baea130db74f866e1472cb871936cd3dd
NOTE: Samba uses the System ldb library
-CVE-2020-27839
- RESERVED
+CVE-2020-27839 (A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for ...)
- ceph 14.2.18-1 (bug #985670)
[buster] - ceph <no-dsa> (Minor issue)
[stretch] - ceph <not-affected> (dashboard introduced in 12.1.0)
@@ -43660,8 +43643,7 @@ CVE-2020-27833 (A Zip Slip vulnerability was found in the oc binary in openshift
CVE-2020-27832
RESERVED
NOT-FOR-US: Quay
-CVE-2020-27831
- RESERVED
+CVE-2020-27831 (A flaw was found in Red Hat Quay, where it does not properly protect t ...)
NOT-FOR-US: Quay
CVE-2020-27830 (A vulnerability was found in Linux Kernel where in the spk_ttyio_recei ...)
{DSA-4843-1 DLA-2557-1}
@@ -49166,8 +49148,7 @@ CVE-2020-25726
CVE-2020-25725 (In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOut ...)
- xpdf <not-affected> (Debian uses poppler, which is not affected)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41915
-CVE-2020-25724
- RESERVED
+CVE-2020-25724 (A flaw was found in RESTEasy, where an incorrect response to an HTTP r ...)
- resteasy <unfixed>
- resteasy3.0 <unfixed>
[bullseye] - resteasy3.0 <no-dsa> (Minor issue)
@@ -49576,8 +49557,7 @@ CVE-2020-25636 (A flaw was found in Ansible Base when using the aws_ssm connecti
CVE-2020-25635 (A flaw was found in Ansible Base when using the aws_ssm connection plu ...)
- ansible <not-affected> (Vulnerable connection/aws_ssm plugin not included)
NOTE: https://github.com/ansible-collections/community.aws/issues/222
-CVE-2020-25634
- RESERVED
+CVE-2020-25634 (A flaw was found in Red Hat 3scale’s API docs URL, where it is a ...)
NOT-FOR-US: 3scale
CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy up to ...)
- resteasy <unfixed> (bug #970585)
@@ -57249,28 +57229,28 @@ CVE-2020-22030
RESERVED
CVE-2020-22029
RESERVED
-CVE-2020-22028
- RESERVED
+CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_verticall ...)
+ TODO: check
CVE-2020-22027
RESERVED
-CVE-2020-22026
- RESERVED
+CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input ...)
+ TODO: check
CVE-2020-22025
RESERVED
-CVE-2020-22024
- RESERVED
+CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 func ...)
+ TODO: check
CVE-2020-22023
RESERVED
CVE-2020-22022
RESERVED
-CVE-2020-22021
- RESERVED
+CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function i ...)
+ TODO: check
CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map func ...)
- ffmpeg 7:4.3-2
NOTE: https://trac.ffmpeg.org/ticket/8239
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765
-CVE-2020-22019
- RESERVED
+CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in ...)
+ TODO: check
CVE-2020-22018
RESERVED
CVE-2020-22017
@@ -85743,8 +85723,7 @@ CVE-2020-10697
CVE-2020-10696 (A path traversal flaw was found in Buildah in versions before 1.14.5. ...)
- golang-github-containers-buildah 1.11.6-2
NOTE: https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed
-CVE-2020-10695
- RESERVED
+CVE-2020-10695 (An insecure modification flaw in the /etc/passwd file was found in the ...)
NOTE: Red Hat specific CVE assignment for openshift/redhat-sso-7 container
CVE-2020-10694
RESERVED
@@ -424176,8 +424155,7 @@ CVE-2009-3722 (The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem
- kvm 88+dfsg-2 (low; bug #557739)
NOTE: http://bugzilla.redhat.com/531660
NOTE: https://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2
-CVE-2009-3721 [ytnef buffer overflow]
- RESERVED
+CVE-2009-3721 (Multiple directory traversal and buffer overflow vulnerabilities were ...)
- ytnef <removed> (bug #567631)
[lenny] - ytnef <no-dsa> (Minor issue)
NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
@@ -438022,7 +438000,7 @@ CVE-2008-5510 (The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before
[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
NOTE: patch will be checked for icedove/iceape/xulrunner by Alexander for next round
CVE-2008-5509
- RESERVED
+ REJECTED
CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
- iceweasel 3.0.5-1
@@ -439191,9 +439169,9 @@ CVE-2008-5087 (SQL injection vulnerability in TYPO3 Another Backend Login (wrg_a
CVE-2008-5086 (Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a conn ...)
- libvirt 0.4.6-10
CVE-2008-5085
- RESERVED
+ REJECTED
CVE-2008-5084
- RESERVED
+ REJECTED
CVE-2008-5083 (In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security ...)
NOT-FOR-US: Red Hat JBoss Operations Network
CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS) componen ...)
@@ -443061,7 +443039,7 @@ CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subs
CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux ...)
NOT-FOR-US: rc.sysinit on Fedora
CVE-2008-3523
- RESERVED
+ REJECTED
CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in libjasper/base/ja ...)
{DSA-2080-1}
- jasper 1.900.1-5.1 (medium; bug #501021)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8db503c729991fe142388195a53f46e39a95d677
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8db503c729991fe142388195a53f46e39a95d677
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210527/0e41fe94/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list