[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Oct 9 09:10:38 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
02f214a7 by security tracker role at 2021-10-09T08:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2021-42133
+ RESERVED
+CVE-2021-42132
+ RESERVED
+CVE-2021-42131
+ RESERVED
+CVE-2021-42130
+ RESERVED
+CVE-2021-42129
+ RESERVED
+CVE-2021-42128
+ RESERVED
+CVE-2021-42127
+ RESERVED
+CVE-2021-42126
+ RESERVED
+CVE-2021-42125
+ RESERVED
+CVE-2021-42124
+ RESERVED
+CVE-2021-42123
+ RESERVED
+CVE-2021-42122
+ RESERVED
+CVE-2021-42121
+ RESERVED
+CVE-2021-42120
+ RESERVED
+CVE-2021-42119
+ RESERVED
+CVE-2021-42118
+ RESERVED
+CVE-2021-42117
+ RESERVED
+CVE-2021-42116
+ RESERVED
+CVE-2021-42115
+ RESERVED
+CVE-2021-42114
+ RESERVED
+CVE-2021-42113
+ RESERVED
+CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...)
+ TODO: check
+CVE-2021-42111
+ RESERVED
+CVE-2021-42110
+ RESERVED
+CVE-2021-3874
+ RESERVED
+CVE-2021-3873
+ RESERVED
CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...)
NOT-FOR-US: VITEC Exterity IPTV products
CVE-2021-42108
@@ -3826,7 +3878,7 @@ CVE-2021-3762
CVE-2021-40439 (Apache OpenOffice has a dependency on expat software. Versions prior t ...)
NOT-FOR-US: Apache OpenOffice
CVE-2021-40438 (A crafted request uri-path can cause mod_proxy to forward the request ...)
- {DLA-2776-1}
+ {DSA-4982-1 DLA-2776-1}
- apache2 2.4.49-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-40438
NOTE: Minimal fix: https://github.com/apache/httpd/commit/496c863776c68bd08cdbeb7d8fa5935ba63b76c2 (2.4.x)
@@ -6512,7 +6564,7 @@ CVE-2021-39277
CVE-2021-39276
RESERVED
CVE-2021-39275 (ap_escape_quotes() may write beyond the end of a buffer when given mal ...)
- {DLA-2776-1}
+ {DSA-4982-1 DLA-2776-1}
- apache2 2.4.49-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-39275
NOTE: https://github.com/apache/httpd/commit/d8bce6f575abb29997bba358b31842bf757776c6 (trunk)
@@ -9734,88 +9786,68 @@ CVE-2021-37977
RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37976
- RESERVED
+CVE-2021-37976 (Inappropriate implementation in Memory in Google Chrome prior to 94.0. ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37975
- RESERVED
+CVE-2021-37975 (Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37974
- RESERVED
+CVE-2021-37974 (Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37973
- RESERVED
+CVE-2021-37973 (Use after free in Portals in Google Chrome prior to 94.0.4606.61 allow ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37972
- RESERVED
+CVE-2021-37972 (Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.460 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37971
- RESERVED
+CVE-2021-37971 (Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37970
- RESERVED
+CVE-2021-37970 (Use after free in File System API in Google Chrome prior to 94.0.4606. ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37969
- RESERVED
+CVE-2021-37969 (Inappropriate implementation in Google Updater in Google Chrome on Win ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37968
- RESERVED
+CVE-2021-37968 (Inappropriate implementation in Background Fetch API in Google Chrome ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37967
- RESERVED
+CVE-2021-37967 (Inappropriate implementation in Background Fetch API in Google Chrome ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37966
- RESERVED
+CVE-2021-37966 (Inappropriate implementation in Compositing in Google Chrome on Androi ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37965
- RESERVED
+CVE-2021-37965 (Inappropriate implementation in Background Fetch API in Google Chrome ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37964
- RESERVED
+CVE-2021-37964 (Inappropriate implementation in ChromeOS Networking in Google Chrome o ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37963
- RESERVED
+CVE-2021-37963 (Side-channel information leakage in DevTools in Google Chrome prior to ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37962
- RESERVED
+CVE-2021-37962 (Use after free in Performance Manager in Google Chrome prior to 94.0.4 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37961
- RESERVED
+CVE-2021-37961 (Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 all ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37960
RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37959
- RESERVED
+CVE-2021-37959 (Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37958
- RESERVED
+CVE-2021-37958 (Inappropriate implementation in Navigation in Google Chrome on Windows ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37957
- RESERVED
+CVE-2021-37957 (Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowe ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-37956
- RESERVED
+CVE-2021-37956 (Use after free in Offline use in Google Chrome on Android prior to 94. ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-37955
@@ -13864,7 +13896,7 @@ CVE-2021-36162 (Apache Dubbo supports various rules to support configuration ove
CVE-2021-36161 (Some component in Dubbo will try to print the formated string of the i ...)
NOT-FOR-US: Apache Dubbo
CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi to read ...)
- {DLA-2768-1}
+ {DSA-4982-1 DLA-2768-1}
- apache2 2.4.49-1
[stretch] - apache2 <not-affected> (Vulnerable module not present)
- uwsgi <unfixed> (unimportant)
@@ -17076,7 +17108,7 @@ CVE-2021-34800
CVE-2021-34799
RESERVED
CVE-2021-34798 (Malformed requests may cause the server to dereference a NULL pointer. ...)
- {DLA-2776-1}
+ {DSA-4982-1 DLA-2776-1}
- apache2 2.4.49-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-34798
NOTE: https://github.com/apache/httpd/commit/fa7b2a5250e54363b3a6c8ac3aaa7de4e8da9b2e (candidate-2.4.49-rc1)
@@ -27499,40 +27531,32 @@ CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a rem
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2021-30634
RESERVED
-CVE-2021-30633
- RESERVED
+CVE-2021-30633 (Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.8 ...)
- chromium 93.0.4577.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30632
- RESERVED
+CVE-2021-30632 (Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allow ...)
- chromium 93.0.4577.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30631
RESERVED
- chromium 93.0.4577.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30630
- RESERVED
+CVE-2021-30630 (Inappropriate implementation in Blink in Google Chrome prior to 93.0.4 ...)
- chromium 93.0.4577.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30629
- RESERVED
+CVE-2021-30629 (Use after free in Permissions in Google Chrome prior to 93.0.4577.82 a ...)
- chromium 93.0.4577.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30628
- RESERVED
+CVE-2021-30628 (Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 ...)
- chromium 93.0.4577.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30627
- RESERVED
+CVE-2021-30627 (Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 ...)
- chromium 93.0.4577.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30626
- RESERVED
+CVE-2021-30626 (Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.45 ...)
- chromium 93.0.4577.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30625
- RESERVED
+CVE-2021-30625 (Use after free in Selection API in Google Chrome prior to 93.0.4577.82 ...)
- chromium 93.0.4577.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30624 (Chromium: CVE-2021-30624 Use after free in Autofill ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02f214a799b9bed58e2e34584b0ec867e65154b4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02f214a799b9bed58e2e34584b0ec867e65154b4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211009/d646bec8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list