[Git][security-tracker-team/security-tracker][master] new redis issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cbe9c30e by Moritz Muehlenhoff at 2021-10-04T18:27:44+02:00
new redis issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1891,6 +1891,8 @@ CVE-2021-41100
 	RESERVED
 CVE-2021-41099
 	RESERVED
+	[experimental] - redis 5:6.2.6-1
+	- redis <unfixed>
 CVE-2021-41098 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...)
 	- ruby-nokogiri <not-affected> (jruby implementation not shiped)
 	NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
@@ -21512,6 +21514,8 @@ CVE-2021-32763 (OpenProject is open-source, web-based project management softwar
 	NOT-FOR-US: OpenProject
 CVE-2021-32762
 	RESERVED
+	[experimental] - redis 5:6.2.6-1
+	- redis <unfixed>
 CVE-2021-32761 (Redis is an in-memory database that persists on disk. A vulnerability  ...)
 	{DLA-2717-2 DLA-2717-1}
 	- redis 5:6.0.15-1 (bug #991375)
@@ -21716,6 +21720,8 @@ CVE-2021-32688 (Nextcloud Server is a Nextcloud package that handles data storag
 	- nextcloud-server <itp> (bug #941708)
 CVE-2021-32687
 	RESERVED
+	[experimental] - redis 5:6.2.6-1
+	- redis <unfixed>
 CVE-2021-32686 (PJSIP is a free and open source multimedia communication library writt ...)
 	- asterisk 1:16.16.1~dfsg-2 (bug #991931)
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
@@ -21751,12 +21757,16 @@ CVE-2021-32676 (Nextcloud Talk is a fully on-premises audio/video and chat commu
 	NOT-FOR-US: Nextcloud Talk
 CVE-2021-32675
 	RESERVED
+	[experimental] - redis 5:6.2.6-1
+	- redis <unfixed>
 CVE-2021-32674 (Zope is an open-source web application server. This advisory extends t ...)
 	NOT-FOR-US: Zope
 CVE-2021-32673 (reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot ...)
 	NOT-FOR-US: reg-keygen-git-hash-plugin
 CVE-2021-32672
 	RESERVED
+	[experimental] - redis 5:6.2.6-1
+	- redis <unfixed>
 CVE-2021-32671 (Flarum is a forum software for building communities. Flarum's translat ...)
 	NOT-FOR-US: Flarum
 CVE-2021-32670 (Datasette is an open source multi-tool for exploring and publishing da ...)
@@ -21853,10 +21863,16 @@ CVE-2021-32629 (Cranelift is an open-source code generator maintained by Bytecod
 	NOT-FOR-US: Cranelift
 CVE-2021-32628
 	RESERVED
+	[experimental] - redis 5:6.2.6-1
+	- redis <unfixed>
 CVE-2021-32627
 	RESERVED
+	[experimental] - redis 5:6.2.6-1
+	- redis <unfixed>
 CVE-2021-32626
 	RESERVED
+	[experimental] - redis 5:6.2.6-1
+	- redis <unfixed>
 CVE-2021-32625 (Redis is an open source (BSD licensed), in-memory data structure store ...)
 	- redis 5:6.0.14-1 (bug #989351)
 	[buster] - redis <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbe9c30e04971836b8ce2084644045c93b6e7d32

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbe9c30e04971836b8ce2084644045c93b6e7d32
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211004/3685a4ae/attachment.htm>