[Git][security-tracker-team/security-tracker][master] automatic update

Sun Sep 19 21:10:30 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4c89a1a8 by security tracker role at 2021-09-19T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -694,8 +694,7 @@ CVE-2021-41075
 	RESERVED
 CVE-2021-41074
 	RESERVED
-CVE-2021-41073 [io_uring: ensure symmetry in handling iter types in loop_rw_iter()]
-	RESERVED
+CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel through 5.14.6 allow ...)
 	- linux 5.14.6-2
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -1539,8 +1538,7 @@ CVE-2021-40692
 	RESERVED
 CVE-2021-40691
 	RESERVED
-CVE-2021-40690
-	RESERVED
+CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...)
 	- libxml-security-java <unfixed> (bug #994569)
 	NOTE: https://santuario.apache.org/secadv.data/CVE-2021-40690.txt.asc
 CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input During Web  ...)
@@ -20056,6 +20054,7 @@ CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime servi
 CVE-2021-32729 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2021-32728 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
+	{DSA-4974-1}
 	- nextcloud-desktop 3.3.1-1
 	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f5fr-5gcv-6cc5
 	NOTE: https://github.com/nextcloud/desktop/pull/3338
@@ -43028,8 +43027,8 @@ CVE-2021-23443
 	RESERVED
 CVE-2021-23442 (This affects all versions of package @cookiex/deep. The global proto o ...)
 	TODO: check
-CVE-2021-23441
-	RESERVED
+CVE-2021-23441 (All versions of package com.jsoniter:jsoniter are vulnerable to Deseri ...)
+	TODO: check
 CVE-2021-23440 (This affects the package set-value before 4.0.1. A type confusion vuln ...)
 	- node-set-value 3.0.1-3 (bug #994448)
 	[bullseye] - node-set-value <no-dsa> (Minor issue)
@@ -44275,6 +44274,7 @@ CVE-2021-22897 (curl 7.61.0 through 7.76.1 suffers from exposure of data element
 CVE-2021-22896 (Nextcloud Mail before 1.9.5 suffers from improper access control due t ...)
 	NOT-FOR-US: Nextcloud Mail
 CVE-2021-22895 (Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certif ...)
+	{DSA-4974-1}
 	- nextcloud-desktop 3.3.1-1 (bug #989846)
 	NOTE: https://github.com/nextcloud/desktop/pull/2926
 	NOTE: https://github.com/nextcloud/desktop/commit/b1ddd0e491b2af0ed040e658d8bcde2a7a61c9fc (stable-3.1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c89a1a8ef667dfd19d07fd9a044969a9924a385

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c89a1a8ef667dfd19d07fd9a044969a9924a385
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210919/1377b2cf/attachment.htm>
