[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Oct 31 20:10:22 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e8fa069f by security tracker role at 2021-10-31T20:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2015-10001
+ RESERVED
CVE-2021-43083
RESERVED
CVE-2021-43082
@@ -12425,7 +12427,7 @@ CVE-2021-38293
CVE-2021-38292
RESERVED
CVE-2021-38291 (FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) s ...)
- {DSA-4990-1}
+ {DSA-4998-1 DSA-4990-1}
- ffmpeg 7:4.4.1-1 (unimportant)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e01d306c647b5827102260b885faa223b646d2d1
NOTE: https://trac.ffmpeg.org/ticket/9312
@@ -12809,7 +12811,7 @@ CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mish
CVE-2021-38172
RESERVED
CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not ...)
- {DSA-4990-1}
+ {DSA-4998-1 DSA-4990-1}
- ffmpeg 7:4.4.1-1
[stretch] - ffmpeg <postponed> (Wait to be fixed in buster first)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
@@ -12950,7 +12952,7 @@ CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibG
NOTE: https://github.com/libgd/libgd/issues/697
NOTE: https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032
CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of ...)
- {DSA-4990-1 DLA-2742-1}
+ {DSA-4998-1 DSA-4990-1 DLA-2742-1}
- ffmpeg 7:4.4.1-1
NOTE: https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1
CVE-2021-3687
@@ -24362,8 +24364,8 @@ CVE-2021-33261
RESERVED
CVE-2021-33260
RESERVED
-CVE-2021-33259
- RESERVED
+CVE-2021-33259 (Several web interfaces in D-Link DIR-868LW 1.12b have no authenticatio ...)
+ TODO: check
CVE-2021-33258
RESERVED
CVE-2021-33257
@@ -74189,10 +74191,10 @@ CVE-2020-25914
RESERVED
CVE-2020-25913
RESERVED
-CVE-2020-25912
- RESERVED
-CVE-2020-25911
- RESERVED
+CVE-2020-25912 (A XML External Entity (XXE) vulnerability was discovered in symphony\l ...)
+ TODO: check
+CVE-2020-25911 (A XML External Entity (XXE) vulnerability was discovered in the modRes ...)
+ TODO: check
CVE-2020-25910
RESERVED
CVE-2020-25909
@@ -82967,6 +82969,7 @@ CVE-2020-22043 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b288a7eb3d963a175e177b6219c8271076ee8590
NOTE: Negligible security impact
CVE-2020-22042 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ {DSA-4998-1}
- ffmpeg 7:4.4-5 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8267
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=426c16d61a9b5056a157a1a2a057a4e4d13eef84
@@ -82987,7 +82990,7 @@ CVE-2020-22038 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a
NOTE: https://trac.ffmpeg.org/ticket/8285
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7c32e9cf93b712f8463573a59ed4e98fd10fa013
CVE-2020-22037 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
- {DSA-4990-1}
+ {DSA-4998-1 DSA-4990-1}
- ffmpeg 7:4.4.1-1 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8281
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7bba0dd6382e30d646cb406034a66199e071d713
@@ -83749,6 +83752,7 @@ CVE-2020-21699
CVE-2020-21698
RESERVED
CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...)
+ {DSA-4998-1}
- ffmpeg 7:4.4-5
[buster] - ffmpeg <postponed> (Wait for 4.1.9)
NOTE: https://trac.ffmpeg.org/ticket/8188
@@ -83770,6 +83774,7 @@ CVE-2020-21690
CVE-2020-21689
RESERVED
CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...)
+ {DSA-4998-1}
- ffmpeg 7:4.4-5
[buster] - ffmpeg <postponed> (Wait for 4.1.9)
NOTE: https://trac.ffmpeg.org/ticket/8186
@@ -86435,7 +86440,7 @@ CVE-2020-20455
CVE-2020-20454
RESERVED
CVE-2020-20453 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccod ...)
- {DSA-4990-1}
+ {DSA-4998-1 DSA-4990-1}
- ffmpeg 7:4.4.1-1 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8003
NOTE: Negligible security impact
@@ -86448,6 +86453,7 @@ CVE-2020-20451 (Denial of Service issue in FFmpeg 4.2 due to resource management
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=21265f42ecb265debe9fec1dbfd0cb7de5a8aefb
NOTE: Negligible security impact
CVE-2020-20450 (FFmpeg 4.2 is affected by null pointer dereference passed as argument ...)
+ {DSA-4998-1}
[experimental] - ffmpeg 7:4.4-1
- ffmpeg 7:4.4-5 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/7993
@@ -86466,13 +86472,13 @@ CVE-2020-20448 (FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcode
CVE-2020-20447
RESERVED
CVE-2020-20446 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy ...)
- {DSA-4990-1}
+ {DSA-4998-1 DSA-4990-1}
- ffmpeg 7:4.4.1-1 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/7995
NOTE: Negligible security impact
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/223b5e8ac9f6461bb13ed365419ec485c5b2b002
CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, ...)
- {DSA-4990-1}
+ {DSA-4998-1 DSA-4990-1}
- ffmpeg <unfixed> (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/7996
NOTE: Negligible security impact
@@ -89166,6 +89172,7 @@ CVE-2020-19144 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a d
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/159
NOTE: Fixed around https://gitlab.com/libtiff/libtiff/-/commit/1fb9e731ef3e4ceb7af128ce298adb271088064f (v4.1.0)
CVE-2020-19143 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...)
+ {DSA-4997-1}
- tiff 4.1.0+git201212-1
[stretch] - tiff <not-affected> (Vulnerable code introduced later)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2851
@@ -156735,7 +156742,7 @@ CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a he
CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in ...)
NOT-FOR-US: njs
CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2536-1}
+ {DLA-2804-1 DLA-2536-1}
- libsdl2 2.0.10+dfsg1-1
[buster] - libsdl2 <no-dsa> (Minor issue)
[jessie] - libsdl2 <postponed> (can be fixed along with more important patches)
@@ -168363,7 +168370,7 @@ CVE-2019-1010307 (GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (
CVE-2019-1010306 (Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact ...)
NOT-FOR-US: Slanger
CVE-2019-1010305 (libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: I ...)
- {DLA-1895-1}
+ {DLA-2805-1 DLA-1895-1}
- libmspack 0.10.1-1
NOTE: https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d
NOTE: https://github.com/kyz/libmspack/issues/27
@@ -175262,7 +175269,7 @@ CVE-2019-7640
CVE-2019-7639 (An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If P ...)
NOT-FOR-US: gsi-openssh-server (OpenSSH patched with openssh-7.9p1-gsissh.patch)
CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2536-1 DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -175271,7 +175278,7 @@ CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf
CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-2803-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.6+dfsg1-4 (bug #924610)
@@ -175283,7 +175290,7 @@ CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: https://hg.libsdl.org/SDL/rev/81a4950907a0 (SDL-2)
NOTE: For SDL-2 the fix for CVE-2017-2888 fixes as well CVE-2019-7637.
CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2536-1 DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -175292,7 +175299,7 @@ CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf (SDL-2)
CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2536-1 DLA-1865-1 DLA-1861-1 DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-2536-1 DLA-1865-1 DLA-1861-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -175434,7 +175441,7 @@ CVE-2019-7580 (ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary
CVE-2019-7579 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ...)
NOT-FOR-US: Linksys
CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2536-1 DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -175443,7 +175450,7 @@ CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: https://hg.libsdl.org/SDL/rev/388987dff7bf (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/f9a9d6c76b21 (SDL-2)
CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2536-1 DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -175454,7 +175461,7 @@ CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -175464,7 +175471,7 @@ CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: Proposed patch: https://bugzilla.libsdl.org/attachment.cgi?id=3620&action=diff
NOTE: very similar bug to CVE-2019-7573, fix for CVE-2019-7573 is applicable to this
CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-2536-1 DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -175474,7 +175481,7 @@ CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -175485,7 +175492,7 @@ CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -175497,7 +175504,7 @@ CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7572 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
@@ -295180,7 +295187,7 @@ CVE-2017-2890 (An exploitable vulnerability exists in the /api/CONFIG/restore fu
CVE-2017-2889 (An exploitable Denial of Service vulnerability exists in the API daemo ...)
NOT-FOR-US: Circle with Disney
CVE-2017-2888 (An exploitable integer overflow vulnerability exists when creating a n ...)
- {DLA-1714-2}
+ {DLA-2803-1 DLA-1714-2}
- libsdl2 2.0.6+dfsg1-4 (bug #878264)
[jessie] - libsdl2 <no-dsa> (Minor issue)
- libsdl1.2 <not-affected> (Issue not present, SDL_CreateRGBSurface contains further check for too large width or height)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8fa069f43a705530d201219a214fb3509665f02
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8fa069f43a705530d201219a214fb3509665f02
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211031/793c999f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list