[Git][security-tracker-team/security-tracker][master] automatic update

Sun Nov 28 20:10:25 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
802df9f8 by security tracker role at 2021-11-28T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2021-4025
+	RESERVED
 CVE-2021-44235
 	RESERVED
 CVE-2021-44234
@@ -12129,7 +12131,7 @@ CVE-2021-40529 (The ElGamal implementation in Botan through 2.18.1, as used in T
 	NOTE: Fixed by: https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2
 	NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
 	NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
-CVE-2021-33560
+CVE-2021-33560 (Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encry ...)
 	- libgcrypt20 1.9.4-2
 	[bullseye] - libgcrypt20 <no-dsa> (Minor issue)
 	[buster] - libgcrypt20 <no-dsa> (Minor issue)
@@ -28835,7 +28837,7 @@ CVE-2021-33562 (A reflected cross-site scripting (XSS) vulnerability in Shopizer
 	NOT-FOR-US: Shopizer
 CVE-2021-33561 (A stored cross-site scripting (XSS) vulnerability in Shopizer before 2 ...)
 	NOT-FOR-US: Shopizer
-CVE-2021-40528
+CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext  ...)
 	{DLA-2691-1}
 	- libgcrypt20 1.8.7-6
 	[buster] - libgcrypt20 1.8.4-5+deb10u1
@@ -88701,7 +88703,7 @@ CVE-2020-21915
 CVE-2020-21914
 	RESERVED
 CVE-2020-21913 (International Components for Unicode (ICU-20850) v66.1 was discovered  ...)
-	{DLA-2784-1}
+	{DSA-5014-1 DLA-2784-1}
 	- icu 67.1-2
 	NOTE: https://github.com/unicode-org/icu/pull/886
 	NOTE: https://unicode-org.atlassian.net/browse/ICU-20850
@@ -150109,7 +150111,7 @@ CVE-2019-17457
 CVE-2019-17456
 	RESERVED
 CVE-2019-17455 (Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequ ...)
-	{DLA-2207-1}
+	{DLA-2831-1 DLA-2207-1}
 	- libntlm 1.6-1 (bug #942145)
 	[buster] - libntlm 1.5-1+deb10u1
 	NOTE: https://gitlab.com/jas/libntlm/issues/2
@@ -191798,7 +191800,7 @@ CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a
 	NOTE: Don't use extended attributes by default: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c125d24762962d91050d925fbbd9e6f30b2302f8
 	NOTE: Introduced by: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=a933bdd31eee9c956a3b5cc142f004ef1fa94cb3 (v1.19)
 CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...)
-	{DLA-1623-1}
+	{DLA-2830-1 DLA-1623-1}
 	- tar 1.30+dfsg-3.1 (bug #917377)
 	NOTE: https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug
 	NOTE: https://news.ycombinator.com/item?id=18745431



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/802df9f872183b74059e7e2b0e2620375fe69384

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/802df9f872183b74059e7e2b0e2620375fe69384
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211128/732fd1c8/attachment.htm>
