[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Oct 31 08:10:26 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82a20e65 by security tracker role at 2021-10-31T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -175186,7 +175186,7 @@ CVE-2019-7667 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application
 CVE-2019-7666 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application allo ...)
 	NOT-FOR-US: Prima Systems FlexAir devices
 CVE-2019-7665 (In elfutils 0.175, a heap-based buffer over-read was discovered in the ...)
-	{DLA-1689-1}
+	{DLA-2802-1 DLA-1689-1}
 	- elfutils 0.176-1 (low; bug #921880)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24089
 	NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html
@@ -176765,7 +176765,7 @@ CVE-2019-7151 (A NULL pointer dereference was discovered in wasm::Module::getFun
 	NOTE: https://github.com/WebAssembly/binaryen/commit/2127e64f42da55bb5b9b0ab1995b3ca7fc4e0d0b
 	NOTE: https://github.com/WebAssembly/binaryen/commit/85e95e315a8023c46eb804fe80ebc244bcfdae3e
 CVE-2019-7150 (An issue was discovered in elfutils 0.175. A segmentation fault can oc ...)
-	{DLA-1689-1}
+	{DLA-2802-1 DLA-1689-1}
 	- elfutils 0.176-1 (low; bug #920909)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24103
 	NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html
@@ -199110,13 +199110,13 @@ CVE-2018-18523
 CVE-2018-18522
 	RESERVED
 CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols() in  ...)
-	{DLA-1689-1}
+	{DLA-2802-1 DLA-1689-1}
 	- elfutils 0.175-1 (low; bug #911413)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786
 	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327
 CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end i ...)
-	{DLA-1689-1}
+	{DLA-2802-1 DLA-1689-1}
 	- elfutils 0.175-1 (low; bug #911414)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787
 	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html
@@ -199760,7 +199760,7 @@ CVE-2018-18311 (Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflo
 	NOTE: Introduced by: https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87
 	NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/0589f071dc6836de80b24fd798c3336c72ead850
 CVE-2018-18310 (An invalid memory address dereference was discovered in dwfl_segment_r ...)
-	{DLA-1689-1}
+	{DLA-2802-1 DLA-1689-1}
 	- elfutils 0.175-1 (bug #911083)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752
 	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html
@@ -204946,6 +204946,7 @@ CVE-2018-16403 (libdw in elfutils 0.173 checks the end of the attributes list in
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23529
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda
 CVE-2018-16402 (libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a  ...)
+	{DLA-2802-1}
 	- elfutils 0.175-1 (low)
 	[jessie] - elfutils <not-affected> (vulnerable code introduced later)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23528
@@ -205785,7 +205786,7 @@ CVE-2018-16064 (Insufficient data validation in Extensions API in Google Chrome
 CVE-2018-16063
 	RESERVED
 CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 201 ...)
-	{DLA-1689-1}
+	{DLA-2802-1 DLA-1689-1}
 	- elfutils 0.175-1 (bug #907562)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9
@@ -295195,6 +295196,7 @@ CVE-2017-2890 (An exploitable vulnerability exists in the /api/CONFIG/restore fu
 CVE-2017-2889 (An exploitable Denial of Service vulnerability exists in the API daemo ...)
 	NOT-FOR-US: Circle with Disney
 CVE-2017-2888 (An exploitable integer overflow vulnerability exists when creating a n ...)
+	{DLA-1714-2}
 	- libsdl2 2.0.6+dfsg1-4 (bug #878264)
 	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	[jessie] - libsdl2 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82a20e6521f72ce712fb61742fd071ba5bcd01ee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82a20e6521f72ce712fb61742fd071ba5bcd01ee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211031/c2a23043/attachment.htm>

More information about the debian-security-tracker-commits mailing list