[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Oct 4 09:10:43 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1aa9950a by security tracker role at 2021-10-04T08:10:34+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,213 @@
+CVE-2021-41970
+	RESERVED
+CVE-2021-41969
+	RESERVED
+CVE-2021-41968
+	RESERVED
+CVE-2021-41967
+	RESERVED
+CVE-2021-41966
+	RESERVED
+CVE-2021-41965
+	RESERVED
+CVE-2021-41964
+	RESERVED
+CVE-2021-41963
+	RESERVED
+CVE-2021-41962
+	RESERVED
+CVE-2021-41961
+	RESERVED
+CVE-2021-41960
+	RESERVED
+CVE-2021-41959
+	RESERVED
+CVE-2021-41958
+	RESERVED
+CVE-2021-41957
+	RESERVED
+CVE-2021-41956
+	RESERVED
+CVE-2021-41955
+	RESERVED
+CVE-2021-41954
+	RESERVED
+CVE-2021-41953
+	RESERVED
+CVE-2021-41952
+	RESERVED
+CVE-2021-41951
+	RESERVED
+CVE-2021-41950
+	RESERVED
+CVE-2021-41949
+	RESERVED
+CVE-2021-41948
+	RESERVED
+CVE-2021-41947
+	RESERVED
+CVE-2021-41946
+	RESERVED
+CVE-2021-41945
+	RESERVED
+CVE-2021-41944
+	RESERVED
+CVE-2021-41943
+	RESERVED
+CVE-2021-41942
+	RESERVED
+CVE-2021-41941
+	RESERVED
+CVE-2021-41940
+	RESERVED
+CVE-2021-41939
+	RESERVED
+CVE-2021-41938
+	RESERVED
+CVE-2021-41937
+	RESERVED
+CVE-2021-41936
+	RESERVED
+CVE-2021-41935
+	RESERVED
+CVE-2021-41934
+	RESERVED
+CVE-2021-41933
+	RESERVED
+CVE-2021-41932
+	RESERVED
+CVE-2021-41931
+	RESERVED
+CVE-2021-41930
+	RESERVED
+CVE-2021-41929
+	RESERVED
+CVE-2021-41928
+	RESERVED
+CVE-2021-41927
+	RESERVED
+CVE-2021-41926
+	RESERVED
+CVE-2021-41925
+	RESERVED
+CVE-2021-41924
+	RESERVED
+CVE-2021-41923
+	RESERVED
+CVE-2021-41922
+	RESERVED
+CVE-2021-41921
+	RESERVED
+CVE-2021-41920
+	RESERVED
+CVE-2021-41919
+	RESERVED
+CVE-2021-41918
+	RESERVED
+CVE-2021-41917
+	RESERVED
+CVE-2021-41916
+	RESERVED
+CVE-2021-41915
+	RESERVED
+CVE-2021-41914
+	RESERVED
+CVE-2021-41913
+	RESERVED
+CVE-2021-41912
+	RESERVED
+CVE-2021-41911
+	RESERVED
+CVE-2021-41910
+	RESERVED
+CVE-2021-41909
+	RESERVED
+CVE-2021-41908
+	RESERVED
+CVE-2021-41907
+	RESERVED
+CVE-2021-41906
+	RESERVED
+CVE-2021-41905
+	RESERVED
+CVE-2021-41904
+	RESERVED
+CVE-2021-41903
+	RESERVED
+CVE-2021-41902
+	RESERVED
+CVE-2021-41901
+	RESERVED
+CVE-2021-41900
+	RESERVED
+CVE-2021-41899
+	RESERVED
+CVE-2021-41898
+	RESERVED
+CVE-2021-41897
+	RESERVED
+CVE-2021-41896
+	RESERVED
+CVE-2021-41895
+	RESERVED
+CVE-2021-41894
+	RESERVED
+CVE-2021-41893
+	RESERVED
+CVE-2021-41892
+	RESERVED
+CVE-2021-41891
+	RESERVED
+CVE-2021-41890
+	RESERVED
+CVE-2021-41889
+	RESERVED
+CVE-2021-41888
+	RESERVED
+CVE-2021-41887
+	RESERVED
+CVE-2021-41886
+	RESERVED
+CVE-2021-41885
+	RESERVED
+CVE-2021-41884
+	RESERVED
+CVE-2021-41883
+	RESERVED
+CVE-2021-41882
+	RESERVED
+CVE-2021-41881
+	RESERVED
+CVE-2021-41880
+	RESERVED
+CVE-2021-41879
+	RESERVED
+CVE-2021-41878
+	RESERVED
+CVE-2021-41877
+	RESERVED
+CVE-2021-41876
+	RESERVED
+CVE-2021-41875
+	RESERVED
+CVE-2021-41874
+	RESERVED
+CVE-2021-41873
+	RESERVED
+CVE-2021-41872
+	RESERVED
+CVE-2021-41871
+	RESERVED
+CVE-2021-41870
+	RESERVED
+CVE-2021-41869 (SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable ...)
+	TODO: check
+CVE-2021-41868
+	RESERVED
+CVE-2021-41867
+	RESERVED
+CVE-2021-41866
+	RESERVED
 CVE-2021-3853
 	RESERVED
 CVE-2021-3852
@@ -11,8 +221,8 @@ CVE-2021-41863
 	RESERVED
 CVE-2021-41862 (AviatorScript through 5.2.7 allows code execution via an expression th ...)
 	NOT-FOR-US: AviatorScript
-CVE-2021-41861
-	RESERVED
+CVE-2021-41861 (The Telegram application 7.5.0 through 7.8.0 for Android does not prop ...)
+	TODO: check
 CVE-2021-41860
 	RESERVED
 CVE-2021-41859
@@ -1193,8 +1403,8 @@ CVE-2021-41324 (Directory traversal in the Copy, Move, and Delete features in Py
 	NOT-FOR-US: Pydio Cells
 CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells 2.2.9 allow ...)
 	NOT-FOR-US: Pydio Cells
-CVE-2021-41322
-	RESERVED
+CVE-2021-41322 (Poly VVX 400/410 through 5.3.1 allows low-privileged users to change t ...)
+	TODO: check
 CVE-2021-41321
 	RESERVED
 CVE-2021-41320
@@ -1307,8 +1517,8 @@ CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a suspicio
 	- openssh <unfixed> (unimportant)
 	NOTE: https://github.com/openssh/openssh-portable/pull/270
 	NOTE: Negligible impact, not treated as a security issue by upstream
-CVE-2021-41285
-	RESERVED
+CVE-2021-41285 (Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escal ...)
+	TODO: check
 CVE-2021-41284
 	RESERVED
 CVE-2021-41283
@@ -3506,14 +3716,11 @@ CVE-2021-40327
 	RESERVED
 CVE-2021-40326
 	RESERVED
-CVE-2021-40325
-	RESERVED
+CVE-2021-40325 (Cobbler before 3.3.0 allows authorization bypass for modification of s ...)
 	- cobbler <removed>
-CVE-2021-40324
-	RESERVED
+CVE-2021-40324 (Cobbler before 3.3.0 allows arbitrary file write operations via upload ...)
 	- cobbler <removed>
-CVE-2021-40323
-	RESERVED
+CVE-2021-40323 (Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code E ...)
 	- cobbler <removed>
 CVE-2021-40322
 	RESERVED
@@ -19543,6 +19750,7 @@ CVE-2021-33482
 CVE-2021-33478 (The TrustZone implementation in certain Broadcom MediaxChange firmware ...)
 	NOT-FOR-US: Broadcom
 CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bound ...)
+	{DLA-2778-1}
 	- fig2dev 1:3.2.8-3
 	[buster] - fig2dev 1:3.2.7a-5+deb10u4
 	- transfig <removed>
@@ -22497,6 +22705,7 @@ CVE-2021-32282 (An issue was discovered in gravity through 0.8.1. A NULL pointer
 CVE-2021-32281 (An issue was discovered in gravity through 0.8.1. A heap-buffer-overfl ...)
 	NOT-FOR-US: Gravity
 CVE-2021-32280 (An issue was discovered in fig2dev before 3.2.8.. A NULL pointer deref ...)
+	{DLA-2778-1}
 	- fig2dev 1:3.2.7b-5 (bug #960736)
 	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
@@ -48583,16 +48792,14 @@ CVE-2021-21708
 	RESERVED
 CVE-2021-21707
 	RESERVED
-CVE-2021-21706 [ZipArchive::extractTo extracts outside of destination]
-	RESERVED
+CVE-2021-21706 (In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below ...)
 	- php8.0 <unfixed>
 	- php7.4 <unfixed>
 	- php7.3 <removed>
 	- php7.0 <removed>
 	NOTE: Fixed in 8.0.11, 7.4.24, 7.3.31
 	NOTE: PHP Bug: https://bugs.php.net/81420
-CVE-2021-21705 [PHP: SSRF bypass in FILTER_VALIDATE_URL]
-	RESERVED
+CVE-2021-21705 (In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ...)
 	{DSA-4935-1 DLA-2708-1}
 	- php8.0 8.0.8-1 (bug #990575)
 	- php7.4 7.4.21-1+deb11u1
@@ -48600,8 +48807,7 @@ CVE-2021-21705 [PHP: SSRF bypass in FILTER_VALIDATE_URL]
 	- php7.0 <removed>
 	NOTE: Fixed in 8.0.8, 7.4.21, 7.3.29
 	NOTE: PHP Bug: https://bugs.php.net/81122
-CVE-2021-21704 [PHP: firebird issues]
-	RESERVED
+CVE-2021-21704 (In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ...)
 	{DSA-4935-1 DLA-2708-1}
 	- php8.0 8.0.8-1 (bug #990575)
 	- php7.4 7.4.21-1+deb11u1
@@ -79352,6 +79558,7 @@ CVE-2020-21677 (A heap-based buffer overflow in the sixel_encoder_output_without
 	NOTE: https://github.com/saitoha/libsixel/issues/123
 	NOTE: https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d
 CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component in genp ...)
+	{DLA-2778-1}
 	- fig2dev 1:3.2.8-1
 	[buster] - fig2dev <no-dsa> (Minor issue)
 	[stretch] - fig2dev <not-affected> (Vulnerable code introduced later)
@@ -79360,6 +79567,7 @@ CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component i
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/acccc89c20206a5db1f463438ba444e35bcb400e/ (3.2.8)
 	NOTE: Introduced by https://sourceforge.net/p/mcj/fig2dev/ci/102f607eea49785d4a9c9c24af85f046c23674de (3.2.7)
 CVE-2020-21675 (A stack-based buffer overflow in the genptk_text component in genptk.c ...)
+	{DLA-2778-1}
 	- fig2dev 1:3.2.7b-3
 	[buster] - fig2dev 1:3.2.7a-5+deb10u3
 	- transfig <removed>
@@ -79707,24 +79915,28 @@ CVE-2020-21537
 CVE-2020-21536
 	RESERVED
 CVE-2020-21535 (fig2dev 3.2.7b contains a segmentation fault in the gencgm_start funct ...)
+	{DLA-2778-1}
 	- fig2dev 1:3.2.7b-3
 	[buster] - fig2dev 1:3.2.7a-5+deb10u2
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/62/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8)
 CVE-2020-21534 (fig2dev 3.2.7b contains a global buffer overflow in the get_line funct ...)
+	{DLA-2778-1}
 	- fig2dev 1:3.2.7b-3
 	[buster] - fig2dev 1:3.2.7a-5+deb10u2
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/58/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8)
 CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject ...)
+	{DLA-2778-1}
 	- fig2dev 1:3.2.7b-3
 	[buster] - fig2dev 1:3.2.7a-5+deb10u2
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/59/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8)
 CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfont fun ...)
+	{DLA-2778-1}
 	- fig2dev 1:3.2.8-1
 	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
@@ -79732,18 +79944,21 @@ CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfo
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/421afa17d8cb8dafcaf3e6044a70790fa4fe307b/ (3.2.8)
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/00cdedac7a0b029846dee891769a1e77df83a01b/ (3.2.8)
 CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_i ...)
+	{DLA-2778-1}
 	- fig2dev 1:3.2.8-1
 	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/63/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/2f8d1ae9763dcdc99b88a2b14849fe37174bcd69/ (3.2.8)
 CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the read_objects funct ...)
+	{DLA-2778-1}
 	- fig2dev 1:3.2.7b-3
 	[buster] - fig2dev 1:3.2.7a-5+deb10u2
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/61/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8)
 CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline f ...)
+	{DLA-2778-1}
 	- fig2dev 1:3.2.8-1
 	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
@@ -126172,6 +126387,7 @@ CVE-2019-19799 (Zoho ManageEngine Applications Manager before 14600 allows a rem
 CVE-2019-19798
 	RESERVED
 CVE-2019-19797 (read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds wr ...)
+	{DLA-2778-1}
 	- fig2dev 1:3.2.7b-3 (bug #946866)
 	[buster] - fig2dev 1:3.2.7a-5+deb10u3
 	- transfig <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1aa9950aa1c82ef7d7aa017f9caa7ed83e703925

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1aa9950aa1c82ef7d7aa017f9caa7ed83e703925
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211004/76672d04/attachment.htm>

More information about the debian-security-tracker-commits mailing list