[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Sep 25 09:10:25 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
be8377ec by security tracker role at 2021-09-25T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-41610
+	RESERVED
+CVE-2021-41609
+	RESERVED
+CVE-2021-41608
+	RESERVED
 CVE-2021-41607
 	RESERVED
 CVE-2021-41606
@@ -230,10 +236,10 @@ CVE-2021-41506
 	RESERVED
 CVE-2021-41505
 	RESERVED
-CVE-2021-41504
-	RESERVED
-CVE-2021-41503
-	RESERVED
+CVE-2021-41504 (** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in ...)
+	TODO: check
+CVE-2021-41503 (** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and ...)
+	TODO: check
 CVE-2021-41502
 	RESERVED
 CVE-2021-41501
@@ -1151,6 +1157,7 @@ CVE-2021-41075
 CVE-2021-41074
 	RESERVED
 CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6  ...)
+	{DSA-4978-1}
 	- linux 5.14.6-2
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -2098,10 +2105,10 @@ CVE-2021-40657
 	RESERVED
 CVE-2021-40656
 	RESERVED
-CVE-2021-40655
-	RESERVED
-CVE-2021-40654
-	RESERVED
+CVE-2021-40655 (An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Ve ...)
+	TODO: check
+CVE-2021-40654 (An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An  ...)
+	TODO: check
 CVE-2021-40653
 	RESERVED
 CVE-2021-40652
@@ -2616,6 +2623,7 @@ CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate add
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
 	NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd
 CVE-2021-40490 (A race condition was discovered in ext4_write_inline_data_end in fs/ex ...)
+	{DSA-4978-1}
 	- linux 5.14.6-1
 	NOTE: https://lore.kernel.org/linux-ext4/000000000000e5080305c9e51453@google.com/
 CVE-2021-40437
@@ -2863,6 +2871,7 @@ CVE-2021-3754
 	RESERVED
 CVE-2021-3753
 	RESERVED
+	{DSA-4978-1}
 	- linux 5.14.6-1
 	NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7
 CVE-2021-3752
@@ -3282,6 +3291,7 @@ CVE-2021-40148
 	RESERVED
 CVE-2021-3743
 	RESERVED
+	{DSA-4978-1}
 	- linux 5.14.6-1
 	NOTE: https://lists.openwall.net/netdev/2021/08/17/124
 	NOTE: https://git.kernel.org/linus/7e78c597c3ebfd0cb329aa09a838734147e4f117
@@ -3457,6 +3467,7 @@ CVE-2021-40081
 	RESERVED
 CVE-2021-3739
 	RESERVED
+	{DSA-4978-1}
 	- linux 5.14.6-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -4422,6 +4433,7 @@ CVE-2021-3733 [Denial of service when identifying crafted invalid RFCs]
 	NOTE: https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)
 CVE-2021-3732 [overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files]
 	RESERVED
+	{DSA-4978-1}
 	- linux 5.14.6-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995249
 	NOTE: https://git.kernel.org/linus/427215d85e8d1476da1a86b8d67aceb485eb3631
@@ -7798,6 +7810,7 @@ CVE-2021-38200 (arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.
 	- linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/60b7ed54a41b550d50caf7f2418db4a7e75b5bdc
 CVE-2021-38199 (fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect co ...)
+	{DSA-4978-1}
 	- linux 5.14.6-1
 	NOTE: https://git.kernel.org/linus/dd99e9f98fbf423ff6d365b37a98e8879170f17c
 CVE-2021-38198 (arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 inco ...)
@@ -7978,6 +7991,7 @@ CVE-2021-38162 (SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC
 CVE-2021-38161
 	RESERVED
 CVE-2021-38166 (In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is a ...)
+	{DSA-4978-1}
 	- linux 5.14.6-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -8004,6 +8018,7 @@ CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI
 	NOTE: https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9
 	NOTE: https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz
 CVE-2021-38160 (** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel be ...)
+	{DSA-4978-1}
 	- linux 5.14.6-1
 	NOTE: https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46
 CVE-2021-38154 (Certain Canon devices manufactured in 2012 through 2020 (such as image ...)
@@ -8544,6 +8559,7 @@ CVE-2021-3681
 CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...)
 	NOT-FOR-US: showdoc
 CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module functionalit ...)
+	{DSA-4978-1}
 	- linux 5.14.6-1
 	NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a
 CVE-2021-3678 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...)
@@ -9298,7 +9314,7 @@ CVE-2021-37599 (The exporter/Login.aspx login form in the Exporter in Nuance Win
 	NOT-FOR-US: Nuance
 CVE-2021-3668
 	RESERVED
-CVE-2021-37600 (An integer overflow in util-linux through 2.37.1 can potentially cause ...)
+CVE-2021-37600 (** DISPUTED ** An integer overflow in util-linux through 2.37.1 can po ...)
 	- util-linux 2.36.1-8 (low; bug #991619)
 	[buster] - util-linux <no-dsa> (Minor issue)
 	[stretch] - util-linux <no-dsa> (Minor issue)
@@ -9435,6 +9451,7 @@ CVE-2021-37539
 CVE-2021-3666 (body-parser-xml is vulnerable to Improperly Controlled Modification of ...)
 	NOT-FOR-US: Node body-parser-xml
 CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on t ...)
+	{DSA-4978-1}
 	- linux 5.14.6-1
 	[stretch] - linux <ignored> (powerpc architectures not included in LTS)
 	NOTE: https://git.kernel.org/linus/f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a (5.14-rc3)
@@ -10298,6 +10315,7 @@ CVE-2021-37140
 	RESERVED
 CVE-2021-3656 [KVM: nSVM: always intercept VMLOAD/VMSAVE when nested]
 	RESERVED
+	{DSA-4978-1}
 	- linux 5.14.6-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1
@@ -11105,6 +11123,7 @@ CVE-2021-36775
 	RESERVED
 CVE-2021-3653 [KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl]
 	RESERVED
+	{DSA-4978-1}
 	- linux 5.14.6-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1
 CVE-2020-36427 (GNOME gThumb before 3.10.1 allows an application crash via a malformed ...)
@@ -47802,8 +47821,8 @@ CVE-2021-21744
 	RESERVED
 CVE-2021-21743
 	RESERVED
-CVE-2021-21742
-	RESERVED
+CVE-2021-21742 (There is an information leak vulnerability in the message service app  ...)
+	TODO: check
 CVE-2021-21741 (A conference management system of ZTE is impacted by a command executi ...)
 	NOT-FOR-US: ZTE
 CVE-2021-21740 (There is an information leak vulnerability in the digital media player ...)
@@ -81114,8 +81133,8 @@ CVE-2020-20516
 	RESERVED
 CVE-2020-20515
 	RESERVED
-CVE-2020-20514
-	RESERVED
+CVE-2020-20514 (A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/ ...)
+	TODO: check
 CVE-2020-20513
 	RESERVED
 CVE-2020-20512
@@ -81126,8 +81145,8 @@ CVE-2020-20510
 	RESERVED
 CVE-2020-20509
 	RESERVED
-CVE-2020-20508
-	RESERVED
+CVE-2020-20508 (Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerab ...)
+	TODO: check
 CVE-2020-20507
 	RESERVED
 CVE-2020-20506
@@ -90346,6 +90365,7 @@ CVE-2020-16120 (Overlayfs did not properly perform permission checking when copy
 	[stretch] - linux <not-affected> (Vulnerable configuration combination not possible)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/6
 CVE-2020-16119 (Use-after-free vulnerability in the Linux kernel exploitable by a loca ...)
+	{DSA-4978-1}
 	- linux 5.14.6-1
 	[bullseye] - linux <no-dsa> (Minor issue, blacklisted by default, revisit if fixed upstream)
 	[buster] - linux <no-dsa> (Minor issue, blacklisted by default, revisit if fixed upstream)
@@ -125045,6 +125065,7 @@ CVE-2020-3704 (u'While processing invalid connection request PDU which is nonsta
 CVE-2020-3703 (u'Buffer over-read issue in Bluetooth peripheral firmware due to lack  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3702 (u'Specifically timed and handcrafted traffic can cause internal errors ...)
+	{DSA-4978-1}
 	- linux 5.14.6-1
 	NOTE: https://lore.kernel.org/linux-wireless/CABvG-CVvPF++0vuGzCrBj8+s=Bcx1GwWfiW1_Somu_GVncTAcQ@mail.gmail.com/
 	NOTE: https://lore.kernel.org/stable/20210818084859.vcs4vs3yd6zetmyt@pali/t/#mf8b430d4f19f1b939a29b6c5098fdc514fd1a928



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be8377eccdea6c7831e7b6c9006758d90002b568

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be8377eccdea6c7831e7b6c9006758d90002b568
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210925/b62083a8/attachment.htm>

More information about the debian-security-tracker-commits mailing list