[Git][security-tracker-team/security-tracker][master] automatic update

Sat Sep 18 21:10:27 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68adc46a by security tracker role at 2021-09-18T20:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-41395 (Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to contro ...)
+	TODO: check
+CVE-2021-41394 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...)
+	TODO: check
+CVE-2021-41393 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...)
+	TODO: check
 CVE-2021-41392 (static/main-preload.js in Boost Note through 0.22.0 allows remote comm ...)
 	TODO: check
 CVE-2021-41391 (In Ericsson ECM before 18.0, it was observed that Security Management  ...)
@@ -201,8 +207,8 @@ CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Comple
 	[buster] - node-ansi-regex <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
 	NOTE: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 (v6.0.1)
-CVE-2021-3806
-	RESERVED
+CVE-2021-3806 (A path traversal vulnerability on Pardus Software Center's "extractArc ...)
+	TODO: check
 CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification of Obj ...)
 	- node-object-path 0.11.8-1
 	[bullseye] - node-object-path <no-dsa> (Minor issue)
@@ -17230,7 +17236,7 @@ CVE-2021-33849
 CVE-2021-3581
 	RESERVED
 CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions handled  ...)
-	{DSA-4933-1}
+	{DSA-4933-1 DLA-2760-1}
 	- nettle 3.7.3-1 (bug #989631)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1967983
 	NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe
@@ -51888,7 +51894,7 @@ CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in li
 CVE-2021-20306 (A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any  ...)
 	NOT-FOR-US: Red Hat Business Central
 CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where several Net ...)
-	{DSA-4933-1}
+	{DSA-4933-1 DLA-2760-1}
 	- nettle 3.7.2-1 (bug #985652)
 	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html
 	NOTE: New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical:



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68adc46aa6deaa2b2de2029cc8758298b4215844

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68adc46aa6deaa2b2de2029cc8758298b4215844
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210918/b16e803c/attachment-0001.htm>
