[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 12 20:10:26 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42f5886f by security tracker role at 2021-11-12T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-43582
+	RESERVED
+CVE-2021-43581
+	RESERVED
+CVE-2021-43580
+	RESERVED
+CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC before 1. ...)
+	TODO: check
+CVE-2021-3950
+	RESERVED
 CVE-2022-21220
 	RESERVED
 CVE-2022-21207
@@ -18,14 +28,11 @@ CVE-2022-21125
 	RESERVED
 CVE-2022-21123
 	RESERVED
-CVE-2021-43578
-	RESERVED
+CVE-2021-43578 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2021-43577
-	RESERVED
+CVE-2021-43577 (Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not confi ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2021-43576
-	RESERVED
+CVE-2021-43576 (Jenkins pom2config Plugin 1.2 and earlier does not configure its XML p ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2021-42744
 	RESERVED
@@ -189,8 +196,8 @@ CVE-2021-3936
 	RESERVED
 CVE-2021-3935
 	RESERVED
-CVE-2021-3934
-	RESERVED
+CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Elements u ...)
+	TODO: check
 CVE-2021-3933
 	RESERVED
 	- openexr <unfixed>
@@ -254,16 +261,16 @@ CVE-2021-43498
 	RESERVED
 CVE-2021-43497
 	RESERVED
-CVE-2021-43496
-	RESERVED
+CVE-2021-43496 (Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd7 ...)
+	TODO: check
 CVE-2021-43495
 	RESERVED
-CVE-2021-43494
-	RESERVED
-CVE-2021-43493
-	RESERVED
-CVE-2021-43492
-	RESERVED
+CVE-2021-43494 (OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc68 ...)
+	TODO: check
+CVE-2021-43493 (ServerManagement master branch as of commit 49491cc6f94980e6be7791d17b ...)
+	TODO: check
+CVE-2021-43492 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...)
+	TODO: check
 CVE-2021-43491
 	RESERVED
 CVE-2021-43490
@@ -688,7 +695,7 @@ CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a Rest
 	NOT-FOR-US: Grav CMS
 CVE-2021-23222
 	RESERVED
-	{DSA-5007-1 DSA-5006-1}
+	{DSA-5007-1 DSA-5006-1 DLA-2817-1}
 	- postgresql-14 14.1-1
 	- postgresql-13 <unfixed>
 	- postgresql-11 <removed>
@@ -696,7 +703,7 @@ CVE-2021-23222
 	NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
 CVE-2021-23214
 	RESERVED
-	{DSA-5007-1 DSA-5006-1}
+	{DSA-5007-1 DSA-5006-1 DLA-2817-1}
 	- postgresql-14 14.1-1
 	- postgresql-13 <unfixed>
 	- postgresql-11 <removed>
@@ -4915,6 +4922,7 @@ CVE-2021-3886
 CVE-2021-3885
 	RESERVED
 CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...)
+	{DSA-5009-1}
 	- tomcat9 9.0.54-1
 	[buster] - tomcat9 <not-affected> (Vulnerable code introduced later)
 	- tomcat8 <removed>
@@ -6018,8 +6026,8 @@ CVE-2021-3857
 	RESERVED
 CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...)
 	NOT-FOR-US: Apache MINA
-CVE-2021-41972
-	RESERVED
+CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...)
+	TODO: check
 CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...)
 	NOT-FOR-US: Apache Superset
 CVE-2021-3856
@@ -7659,8 +7667,8 @@ CVE-2021-41266
 	RESERVED
 CVE-2021-41265
 	RESERVED
-CVE-2021-41264
-	RESERVED
+CVE-2021-41264 (OpenZeppelin Contracts is a library for smart contract development. In ...)
+	TODO: check
 CVE-2021-41263
 	RESERVED
 CVE-2021-41262
@@ -7669,8 +7677,8 @@ CVE-2021-41261
 	RESERVED
 CVE-2021-41260
 	RESERVED
-CVE-2021-41259
-	RESERVED
+CVE-2021-41259 (Nim is a systems programming language with a focus on efficiency, expr ...)
+	TODO: check
 CVE-2021-41258
 	RESERVED
 CVE-2021-41257
@@ -7679,8 +7687,8 @@ CVE-2021-41256
 	RESERVED
 CVE-2021-41255
 	RESERVED
-CVE-2021-41254
-	RESERVED
+CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in running  ...)
+	TODO: check
 CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v ...)
 	- zydis <unfixed> (bug #999431)
 	NOTE: https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g
@@ -13108,8 +13116,8 @@ CVE-2021-38987
 	RESERVED
 CVE-2021-38986
 	RESERVED
-CVE-2021-38985
-	RESERVED
+CVE-2021-38985 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
+	TODO: check
 CVE-2021-38984
 	RESERVED
 CVE-2021-38983
@@ -13132,10 +13140,10 @@ CVE-2021-38975
 	RESERVED
 CVE-2021-38974
 	RESERVED
-CVE-2021-38973
-	RESERVED
-CVE-2021-38972
-	RESERVED
+CVE-2021-38973 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
+	TODO: check
+CVE-2021-38972 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
+	TODO: check
 CVE-2021-38971
 	RESERVED
 CVE-2021-38970
@@ -55479,14 +55487,11 @@ CVE-2021-21702 (In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x
 	- php7.0 <removed>
 	NOTE: Fixed in PHP 8.0.2, 7.4.15, 7.3.27
 	NOTE: PHP Bug: https://bugs.php.net/80672
-CVE-2021-21701
-	RESERVED
+CVE-2021-21701 (Jenkins Performance Plugin 3.20 and earlier does not configure its XML ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2021-21700
-	RESERVED
+CVE-2021-21700 (Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of s ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2021-21699
-	RESERVED
+CVE-2021-21699 (Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the pa ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2021-21698 (Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the nam ...)
 	NOT-FOR-US: Jenkins plugin
@@ -130973,8 +130978,8 @@ CVE-2020-4148
 	RESERVED
 CVE-2020-4147
 	RESERVED
-CVE-2020-4146
-	RESERVED
+CVE-2020-4146 (IBM Security SiteProtector System 3.1.1 could allow a remote attacker  ...)
+	TODO: check
 CVE-2020-4145
 	RESERVED
 CVE-2020-4144
@@ -130985,8 +130990,8 @@ CVE-2020-4142
 	RESERVED
 CVE-2020-4141
 	RESERVED
-CVE-2020-4140
-	RESERVED
+CVE-2020-4140 (IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site sc ...)
+	TODO: check
 CVE-2020-4139
 	RESERVED
 CVE-2020-4138



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42f5886f6ec71dd9e568391cfcfcc2a8d0ea679f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42f5886f6ec71dd9e568391cfcfcc2a8d0ea679f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211112/abb25bc4/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list