[Git][security-tracker-team/security-tracker][master] Add references to redis security advisories

Mon Oct 4 20:23:13 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27d91878 by Salvatore Bonaccorso at 2021-10-04T21:22:39+02:00
Add references to redis security advisories

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1892,6 +1892,7 @@ CVE-2021-41100
 CVE-2021-41099
 	RESERVED
 	- redis 5:6.0.16-1
+	NOTE: https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph
 CVE-2021-41098 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...)
 	- ruby-nokogiri <not-affected> (jruby implementation not shiped)
 	NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
@@ -21517,6 +21518,7 @@ CVE-2021-32763 (OpenProject is open-source, web-based project management softwar
 CVE-2021-32762
 	RESERVED
 	- redis 5:6.0.16-1
+	NOTE: https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr
 CVE-2021-32761 (Redis is an in-memory database that persists on disk. A vulnerability  ...)
 	{DLA-2717-2 DLA-2717-1}
 	- redis 5:6.0.15-1 (bug #991375)
@@ -21722,6 +21724,7 @@ CVE-2021-32688 (Nextcloud Server is a Nextcloud package that handles data storag
 CVE-2021-32687
 	RESERVED
 	- redis 5:6.0.16-1
+	NOTE: https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q
 CVE-2021-32686 (PJSIP is a free and open source multimedia communication library writt ...)
 	- asterisk 1:16.16.1~dfsg-2 (bug #991931)
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
@@ -21758,6 +21761,7 @@ CVE-2021-32676 (Nextcloud Talk is a fully on-premises audio/video and chat commu
 CVE-2021-32675
 	RESERVED
 	- redis 5:6.0.16-1
+	NOTE: https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p
 CVE-2021-32674 (Zope is an open-source web application server. This advisory extends t ...)
 	NOT-FOR-US: Zope
 CVE-2021-32673 (reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot ...)
@@ -21765,6 +21769,7 @@ CVE-2021-32673 (reg-keygen-git-hash-plugin is a reg-suit plugin to detect the sn
 CVE-2021-32672
 	RESERVED
 	- redis 5:6.0.16-1
+	NOTE: https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm
 CVE-2021-32671 (Flarum is a forum software for building communities. Flarum's translat ...)
 	NOT-FOR-US: Flarum
 CVE-2021-32670 (Datasette is an open source multi-tool for exploring and publishing da ...)
@@ -21862,18 +21867,22 @@ CVE-2021-32629 (Cranelift is an open-source code generator maintained by Bytecod
 CVE-2021-32628
 	RESERVED
 	- redis 5:6.0.16-1
+	NOTE: https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr
 CVE-2021-32627
 	RESERVED
 	- redis 5:6.0.16-1
+	NOTE: https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v
 CVE-2021-32626
 	RESERVED
 	- redis 5:6.0.16-1
+	NOTE: https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c
 CVE-2021-32625 (Redis is an open source (BSD licensed), in-memory data structure store ...)
 	- redis 5:6.0.14-1 (bug #989351)
 	[buster] - redis <not-affected> (Vulnerable code not present)
 	[stretch] - redis <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/redis/redis/pull/9011
 	NOTE: https://github.com/redis/redis/commit/1ddecf1958924b178b76a31d989ef1e05af81964
+	NOTE: https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq
 	NOTE: CVE is result of incomplete fix by CVE-2021-29477.
 CVE-2021-32624 (Keystone 5 is an open source CMS platform to build Node.js application ...)
 	NOT-FOR-US: Keystone CMS
@@ -30134,12 +30143,14 @@ CVE-2021-29478 (Redis is an open source (BSD licensed), in-memory data structure
 	[stretch] - redis <not-affected> (Vulnerable code not present)
 	NOTE: https://groups.google.com/g/redis-db/c/6GSWzTW0PR8/m/8FbdIEEoBAAJ
 	NOTE: https://github.com/redis/redis/commit/29900d4e6bccdf3691bedf0ea9a5d84863fa3592
+	NOTE: https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3
 CVE-2021-29477 (Redis is an open source (BSD licensed), in-memory data structure store ...)
 	- redis 5:6.0.13-1 (bug #988045)
 	[buster] - redis <not-affected> (Vulnerable code not present)
 	[stretch] - redis <not-affected> (Vulnerable code not present)
 	NOTE: https://groups.google.com/g/redis-db/c/6GSWzTW0PR8/m/8FbdIEEoBAAJ
 	NOTE: https://github.com/redis/redis/commit/f0c5f920d0f88bd8aa376a2c05af4902789d1ef9
+	NOTE: https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g
 CVE-2021-29476 (Requests is a HTTP library written in PHP. Requests mishandles deseria ...)
 	- wordpress 5.5.3+dfsg1-1
 	[buster] - wordpress 5.0.11+dfsg1-0+deb10u1
@@ -51043,6 +51054,7 @@ CVE-2021-21309 (Redis is an open-source, in-memory database that persists on dis
 	- redis 5:6.0.11-1 (bug #983446)
 	[buster] - redis 5:5.0.3-4+deb10u3
 	NOTE: https://github.com/redis/redis/pull/8522
+	NOTE: https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf
 CVE-2021-21308 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...)
 	NOT-FOR-US: PrestaShop
 CVE-2021-21307 (Lucee Server is a dynamic, Java based (JSR-223), tag and scripting lan ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27d91878c771d39e23f8a9b6e68fb89ba56566c1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27d91878c771d39e23f8a9b6e68fb89ba56566c1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211004/34096c18/attachment.htm>
