[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 3 08:10:32 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
947f783d by security tracker role at 2021-11-03T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,86 @@
-CVE-2021-43267 [tipc: fix size validations for the MSG_CRYPTO type]
+CVE-2021-43296
+ RESERVED
+CVE-2021-43295
+ RESERVED
+CVE-2021-43294
+ RESERVED
+CVE-2021-43293
+ RESERVED
+CVE-2021-43292
+ RESERVED
+CVE-2021-43291
+ RESERVED
+CVE-2021-43290
+ RESERVED
+CVE-2021-43289
+ RESERVED
+CVE-2021-43288
+ RESERVED
+CVE-2021-43287
+ RESERVED
+CVE-2021-43286
+ RESERVED
+CVE-2021-43285
+ RESERVED
+CVE-2021-43284
+ RESERVED
+CVE-2021-43283
+ RESERVED
+CVE-2021-43282
+ RESERVED
+CVE-2021-43281
+ RESERVED
+CVE-2021-43280
+ RESERVED
+CVE-2021-43279
+ RESERVED
+CVE-2021-43278
+ RESERVED
+CVE-2021-43277
+ RESERVED
+CVE-2021-43276
+ RESERVED
+CVE-2021-43275
+ RESERVED
+CVE-2021-43274
+ RESERVED
+CVE-2021-43273
+ RESERVED
+CVE-2021-43272
+ RESERVED
+CVE-2021-43271
+ RESERVED
+CVE-2021-43270 (Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus) 3.1.0-dev-00148, 3. ...)
+ TODO: check
+CVE-2021-43269
+ RESERVED
+CVE-2021-43268
+ RESERVED
+CVE-2021-43266 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting col ...)
+ TODO: check
+CVE-2021-43265 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag s ...)
+ TODO: check
+CVE-2021-43264 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the ...)
+ TODO: check
+CVE-2021-43263
+ RESERVED
+CVE-2021-43262
+ RESERVED
+CVE-2021-43261
+ RESERVED
+CVE-2021-43260
+ RESERVED
+CVE-2021-43259
+ RESERVED
+CVE-2021-43258
+ RESERVED
+CVE-2021-43257
+ RESERVED
+CVE-2021-3923
+ RESERVED
+CVE-2021-3922
+ RESERVED
+CVE-2021-43267 (An issue was discovered in net/tipc/crypto.c in the Linux kernel befor ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -2277,8 +2359,8 @@ CVE-2021-42699
RESERVED
CVE-2021-42698
RESERVED
-CVE-2021-42697
- RESERVED
+CVE-2021-42697 (Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhausti ...)
+ TODO: check
CVE-2021-42696
RESERVED
CVE-2021-42695
@@ -6632,8 +6714,8 @@ CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in
NOT-FOR-US: NETGEAR
CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
NOT-FOR-US: Atlassian
-CVE-2021-41312
- RESERVED
+CVE-2021-41312 (Affected versions of Atlassian Jira Server and Data Center allow a rem ...)
+ TODO: check
CVE-2021-41311
RESERVED
CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
@@ -7292,8 +7374,8 @@ CVE-2021-41038
RESERVED
CVE-2021-41037
RESERVED
-CVE-2021-41036
- RESERVED
+CVE-2021-41036 (In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client ...)
+ TODO: check
CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not throw Illega ...)
NOT-FOR-US: Eclipse OpenJ9
CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...)
@@ -11575,10 +11657,10 @@ CVE-2021-39240 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before
NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=a495e0d94876c9d39763db319f609351907a31e8
CVE-2021-39239 (A vulnerability in XML processing in Apache Jena, in versions up to 4. ...)
NOT-FOR-US: Apache Jena
-CVE-2021-39238
- RESERVED
-CVE-2021-39237
- RESERVED
+CVE-2021-39238 (Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise Pag ...)
+ TODO: check
+CVE-2021-39237 (Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide ...)
+ TODO: check
CVE-2021-39236
RESERVED
CVE-2021-39235
@@ -13285,22 +13367,19 @@ CVE-2021-38503
- firefox-esr 91.3.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38503
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38503
-CVE-2021-38502
- RESERVED
+CVE-2021-38502 (Thunderbird ignored the configuration to require STARTTLS security for ...)
[experimental] - thunderbird 1:91.2.0-1
- thunderbird <undetermined>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502
TODO: double check, it was only referenced in mfsa2021-47 but not mfsa2021-46, but issue is about attack on SMTP STARTTLS connections
-CVE-2021-38501
- RESERVED
+CVE-2021-38501 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...)
- firefox 93.0-1
- firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version)
- thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38501
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501
-CVE-2021-38500
- RESERVED
+CVE-2021-38500 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...)
{DSA-4981-1 DLA-2782-1}
- firefox 93.0-1
- firefox-esr 91.2.0esr-1
@@ -13311,28 +13390,24 @@ CVE-2021-38500
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38500
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38500
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38500
-CVE-2021-38499
- RESERVED
+CVE-2021-38499 (Mozilla developers reported memory safety bugs present in Firefox 92. ...)
- firefox 93.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38499
-CVE-2021-38498
- RESERVED
+CVE-2021-38498 (During process shutdown, a document could have caused a use-after-free ...)
- firefox 93.0-1
- firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version)
- thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38498
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38498
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38498
-CVE-2021-38497
- RESERVED
+CVE-2021-38497 (Through use of reportValidity() and window.open(), a plain-text valida ...)
- firefox 93.0-1
- firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version)
- thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38497
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497
-CVE-2021-38496
- RESERVED
+CVE-2021-38496 (During operations on MessageTasks, a task may have been removed while ...)
{DSA-4981-1 DLA-2782-1}
- firefox 93.0-1
- firefox-esr 91.2.0esr-1
@@ -13343,16 +13418,13 @@ CVE-2021-38496
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38496
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38496
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38496
-CVE-2021-38495
- RESERVED
+CVE-2021-38495 (Mozilla developers reported memory safety bugs present in Thunderbird ...)
- thunderbird <not-affected> (Vulnerable code introduced later)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-41/#CVE-2021-38495
-CVE-2021-38494
- RESERVED
+CVE-2021-38494 (Mozilla developers reported memory safety bugs present in Firefox 91. ...)
- firefox 92.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38494
-CVE-2021-38493
- RESERVED
+CVE-2021-38493 (Mozilla developers reported memory safety bugs present in Firefox 91 a ...)
{DSA-4973-1 DSA-4969-1 DLA-2757-1 DLA-2756-1}
- firefox 92.0-1
- firefox-esr 78.14.0esr-1
@@ -13360,16 +13432,14 @@ CVE-2021-38493
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38493
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38493
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38493
-CVE-2021-38492
- RESERVED
+CVE-2021-38492 (When delegating navigations to the operating system, Firefox would acc ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
- thunderbird <not-affected> (Only affects Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38492
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38492
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38492
-CVE-2021-38491
- RESERVED
+CVE-2021-38491 (Mixed-content checks were unable to analyze opaque origins which led t ...)
- firefox 92.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38491
CVE-2021-38490 (Altova MobileTogether Server before 7.3 SP1 allows XML exponential ent ...)
@@ -14648,84 +14718,64 @@ CVE-2021-37997
RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37996
- RESERVED
+CVE-2021-37996 (Insufficient validation of untrusted input Downloads in Google Chrome ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37995
- RESERVED
+CVE-2021-37995 (Inappropriate implementation in WebApp Installer in Google Chrome prio ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37994
- RESERVED
+CVE-2021-37994 (Inappropriate implementation in iFrame Sandbox in Google Chrome prior ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37993
- RESERVED
+CVE-2021-37993 (Use after free in PDF Accessibility in Google Chrome prior to 95.0.463 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37992
- RESERVED
+CVE-2021-37992 (Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37991
- RESERVED
+CVE-2021-37991 (Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote att ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37990
- RESERVED
+CVE-2021-37990 (Inappropriate implementation in WebView in Google Chrome on Android pr ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37989
- RESERVED
+CVE-2021-37989 (Inappropriate implementation in Blink in Google Chrome prior to 95.0.4 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37988
- RESERVED
+CVE-2021-37988 (Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allo ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37987
- RESERVED
+CVE-2021-37987 (Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37986
- RESERVED
+CVE-2021-37986 (Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.5 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37985
- RESERVED
+CVE-2021-37985 (Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37984
- RESERVED
+CVE-2021-37984 (Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37983
- RESERVED
+CVE-2021-37983 (Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 all ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37982
- RESERVED
+CVE-2021-37982 (Use after free in Incognito in Google Chrome prior to 95.0.4638.54 all ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37981
- RESERVED
+CVE-2021-37981 (Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 al ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37980
- RESERVED
+CVE-2021-37980 (Inappropriate implementation in Sandbox in Google Chrome prior to 94.0 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37979
- RESERVED
+CVE-2021-37979 (heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37978
- RESERVED
+CVE-2021-37978 (Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37977
- RESERVED
+CVE-2021-37977 (Use after free in Garbage Collection in Google Chrome prior to 94.0.46 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37976 (Inappropriate implementation in Memory in Google Chrome prior to 94.0. ...)
@@ -14777,7 +14827,7 @@ CVE-2021-37961 (Use after free in Tab Strip in Google Chrome prior to 94.0.4606.
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37960
- RESERVED
+ REJECTED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37959 (Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 ...)
@@ -32620,7 +32670,7 @@ CVE-2021-30632 (Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82
- chromium 93.0.4577.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30631
- RESERVED
+ REJECTED
- chromium 93.0.4577.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30630 (Inappropriate implementation in Blink in Google Chrome prior to 93.0.4 ...)
@@ -34367,14 +34417,12 @@ CVE-2021-29995 (A Cross Site Request Forgery (CSRF) issue in Server Console in C
NOT-FOR-US: CloverDX
CVE-2021-29994
RESERVED
-CVE-2021-29993
- RESERVED
+CVE-2021-29993 (Firefox for Android allowed navigations through the `intent://` protoc ...)
- firefox <not-affected> (Specific to Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-29993
CVE-2021-29992
RESERVED
-CVE-2021-29991
- RESERVED
+CVE-2021-29991 (Firefox incorrectly accepted a newline in a HTTP/3 header, interpretti ...)
- firefox 91.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-37/#CVE-2021-29991
CVE-2021-29990 (Mozilla developers and community members reported memory safety bugs p ...)
@@ -58384,22 +58432,22 @@ CVE-2021-20709 (Improper validation of integrity check value vulnerability in NE
NOT-FOR-US: Aterm firmware
CVE-2021-20708 (NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm ...)
NOT-FOR-US: Aterm firmware
-CVE-2021-20707
- RESERVED
-CVE-2021-20706
- RESERVED
-CVE-2021-20705
- RESERVED
-CVE-2021-20704
- RESERVED
-CVE-2021-20703
- RESERVED
-CVE-2021-20702
- RESERVED
-CVE-2021-20701
- RESERVED
-CVE-2021-20700
- RESERVED
+CVE-2021-20707 (Improper input validation vulnerability in the Transaction Server CLUS ...)
+ TODO: check
+CVE-2021-20706 (Improper input validation vulnerability in the WebManager CLUSTERPRO X ...)
+ TODO: check
+CVE-2021-20705 (Improper input validation vulnerability in the WebManager CLUSTERPRO X ...)
+ TODO: check
+CVE-2021-20704 (Buffer overflow vulnerability in the compatible API with previous vers ...)
+ TODO: check
+CVE-2021-20703 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1 ...)
+ TODO: check
+CVE-2021-20702 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1 ...)
+ TODO: check
+CVE-2021-20701 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for W ...)
+ TODO: check
+CVE-2021-20700 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for W ...)
+ TODO: check
CVE-2021-20699 (Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and ...)
NOT-FOR-US: SHARP
CVE-2021-20698 (Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and ...)
@@ -59992,8 +60040,8 @@ CVE-2021-20137
RESERVED
CVE-2021-20136 (ManageEngine Log360 Builds < 5235 are affected by an improper acces ...)
NOT-FOR-US: ManageEngine
-CVE-2021-20135
- RESERVED
+CVE-2021-20135 (Nessus versions 8.15.2 and earlier were found to contain a local privi ...)
+ TODO: check
CVE-2021-20134
RESERVED
CVE-2021-20133
@@ -70610,8 +70658,7 @@ CVE-2020-27821 (A flaw was found in the memory management API of QEMU during the
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902651
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442
NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=48564041a73adbbff52834f9edbe3806fceefab7 (v3.0)
-CVE-2020-27820 [use-after-free in nouveau kernel module]
- RESERVED
+CVE-2020-27820 (A vulnerability was found in Linux kernel, where a use-after-frees in ...)
- linux <unfixed> (unimportant)
NOTE: No security impact, requires physical access to the computer
CVE-2020-27819 (An issue was discovered in libxls before and including 1.6.1 when read ...)
@@ -97165,8 +97212,7 @@ CVE-2020-16050
RESERVED
CVE-2020-16049
RESERVED
-CVE-2020-16048
- RESERVED
+CVE-2020-16048 (Out of bounds read in ANGLE allowed a remote attacker to obtain sensit ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1926979
@@ -123994,8 +124040,8 @@ CVE-2020-6493 (Use after free in WebAuthentication in Google Chrome prior to 83.
{DSA-4714-1}
- chromium 83.0.4103.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6492
- RESERVED
+CVE-2020-6492 (Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed ...)
+ TODO: check
CVE-2020-6491 (Insufficient data validation in site information in Google Chrome prio ...)
{DSA-4714-1}
- chromium 83.0.4103.83-1
@@ -125436,8 +125482,8 @@ CVE-2019-20357 (A Persistent Arbitrary Code Execution vulnerability exists in th
NOT-FOR-US: Trend Micro
CVE-2020-5956
RESERVED
-CVE-2020-5955
- RESERVED
+CVE-2020-5955 (An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O befor ...)
+ TODO: check
CVE-2020-5954
RESERVED
CVE-2020-5953
@@ -157592,7 +157638,7 @@ CVE-2019-13778
CVE-2019-13777
RESERVED
CVE-2019-13776
- RESERVED
+ REJECTED
CVE-2019-13775
RESERVED
CVE-2019-13774
@@ -181349,7 +181395,7 @@ CVE-2019-5864 (Insufficient data validation in CORS in Google Chrome prior to 76
- chromium 76.0.3809.87-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5863
- RESERVED
+ REJECTED
- chromium <not-affected> (Windows-specific)
CVE-2019-5862 (Insufficient data validation in AppCache in Google Chrome prior to 76. ...)
{DSA-4500-1}
@@ -234649,8 +234695,7 @@ CVE-2018-6126 (A precision error in Skia in Google Chrome prior to 67.0.3396.62
- firefox-esr 52.8.1esr-1
- skia <itp> (bug #818180)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/
-CVE-2018-6125
- RESERVED
+CVE-2018-6125 (Insufficient policy enforcement in USB in Google Chrome on Windows pri ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -234665,8 +234710,7 @@ CVE-2018-6123 (A use after free in Blink in Google Chrome prior to 67.0.3396.62
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6122
- RESERVED
+CVE-2018-6122 (Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 ...)
{DSA-4237-1}
- chromium-browser 66.0.3359.181-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -234981,10 +235025,10 @@ CVE-2018-6060 (Use after free in WebAudio in Google Chrome prior to 65.0.3325.14
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6059
- RESERVED
+ REJECTED
- chromium-browser <not-affected> (Chromium doesn't bundle Flash)
CVE-2018-6058
- RESERVED
+ REJECTED
- chromium-browser <not-affected> (Chromium doesn't bundle Flash)
CVE-2018-6057 (Lack of special casing of Android ashmem in Google Chrome prior to 65. ...)
{DSA-4182-1}
@@ -235054,7 +235098,7 @@ CVE-2018-6045 (Insufficient policy enforcement in DevTools in Google Chrome prio
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6044
- RESERVED
+ REJECTED
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -290171,8 +290215,7 @@ CVE-2017-5124 (Incorrect application of sandboxing in Blink in Google Chrome pri
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5123 [waitid() not calling access_ok()]
- RESERVED
+CVE-2017-5123 (Insufficient data validation in waitid allowed an user to escape sandb ...)
- linux 4.13.4-2
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/947f783d945bc6254fe6ff73cd36a1e3724e9bd7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/947f783d945bc6254fe6ff73cd36a1e3724e9bd7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211103/8ac726a3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list