[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 15 20:11:37 GMT 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8748a52 by security tracker role at 2022-02-15T20:11:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,78 +1,110 @@
-CVE-2022-25212
+CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XM ...)
+	TODO: check
+CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier use ...)
+	TODO: check
+CVE-2022-25169
+	RESERVED
+CVE-2022-25168
+	RESERVED
+CVE-2022-25167
+	RESERVED
+CVE-2022-24435
+	RESERVED
+CVE-2022-23986
+	RESERVED
+CVE-2022-21159
+	RESERVED
+CVE-2022-0618
+	RESERVED
+CVE-2022-0617
+	RESERVED
+CVE-2022-0616
+	RESERVED
+CVE-2022-0615
+	RESERVED
+CVE-2022-0614
+	RESERVED
+CVE-2022-0613
+	RESERVED
+CVE-2021-4220
+	RESERVED
+CVE-2021-4219
+	RESERVED
+CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plu ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25211
+CVE-2022-25211 (A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier a ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25210
+CVE-2022-25210 (Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25208
+CVE-2022-25208 (A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and ear ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25207
+CVE-2022-25207 (A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sina ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25206
+CVE-2022-25206 (A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows at ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25205
+CVE-2022-25205 (A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25204
+CVE-2022-25204 (Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25203
+CVE-2022-25203 (Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25202
+CVE-2022-25202 (Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escap ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25201
+CVE-2022-25201 (Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and ear ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25200
+CVE-2022-25200 (A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25199
+CVE-2022-25199 (A missing permission check in Jenkins SCP publisher Plugin 1.8 and ear ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25198
+CVE-2022-25198 (A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publi ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25197
+CVE-2022-25197 (Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implement ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25196
+CVE-2022-25196 (Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25195
+CVE-2022-25195 (A missing permission check in Jenkins autonomiq Plugin 1.15 and earlie ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25194
+CVE-2022-25194 (A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25193
+CVE-2022-25193 (Missing permission checks in Jenkins Snow Commander Plugin 2.0 and ear ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25192
+CVE-2022-25192 (A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Comm ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25191
+CVE-2022-25191 (Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25190
+CVE-2022-25190 (A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25189
+CVE-2022-25189 (Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not esca ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25188
+CVE-2022-25188 (Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appNa ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25187
+CVE-2022-25187 (Jenkins Support Core Plugin 2.79 and earlier does not redact some sens ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25186
+CVE-2022-25186 (Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functional ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25185
+CVE-2022-25185 (Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escap ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25184
+CVE-2022-25184 (Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25183
+CVE-2022-25183 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25182
+CVE-2022-25182 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25181
+CVE-2022-25181 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25180
+CVE-2022-25180 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier include ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25179
+CVE-2022-25179 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier fol ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25178
+CVE-2022-25178 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25177
+CVE-2022-25177 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25176
+CVE-2022-25176 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25174
+CVE-2022-25174 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25173
+CVE-2022-25173 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses th ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-25166
 	RESERVED
@@ -178,10 +210,10 @@ CVE-2022-0599
 	RESERVED
 CVE-2022-0598
 	RESERVED
-CVE-2022-0597
-	RESERVED
-CVE-2022-0596
-	RESERVED
+CVE-2022-0597 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
+	TODO: check
+CVE-2022-0596 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...)
+	TODO: check
 CVE-2022-0595
 	RESERVED
 CVE-2022-0594
@@ -194,12 +226,12 @@ CVE-2022-0591
 	RESERVED
 CVE-2022-0590
 	RESERVED
-CVE-2022-0589
-	RESERVED
-CVE-2022-0588
-	RESERVED
-CVE-2022-0587
-	RESERVED
+CVE-2022-0589 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...)
+	TODO: check
+CVE-2022-0588 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
+	TODO: check
+CVE-2022-0587 (Improper Authorization in Packagist librenms/librenms prior to 22.2.0. ...)
+	TODO: check
 CVE-2021-46687
 	RESERVED
 CVE-2021-46270
@@ -1263,8 +1295,8 @@ CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.1
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
 CVE-2022-24685
 	RESERVED
-CVE-2022-24684
-	RESERVED
+CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.1 ...)
+	TODO: check
 CVE-2022-24683
 	RESERVED
 CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...)
@@ -1564,18 +1596,18 @@ CVE-2022-24592
 	RESERVED
 CVE-2022-24591
 	RESERVED
-CVE-2022-24590
-	RESERVED
-CVE-2022-24589
-	RESERVED
-CVE-2022-24588
-	RESERVED
-CVE-2022-24587
-	RESERVED
-CVE-2022-24586
-	RESERVED
-CVE-2022-24585
-	RESERVED
+CVE-2022-24590 (A stored cross-site scripting (XSS) vulnerability in the Add Link func ...)
+	TODO: check
+CVE-2022-24589 (Burden v3.0 was discovered to contain a stored cross-site scripting (X ...)
+	TODO: check
+CVE-2022-24588 (Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS ...)
+	TODO: check
+CVE-2022-24587 (A stored cross-site scripting (XSS) vulnerability in the component cor ...)
+	TODO: check
+CVE-2022-24586 (A stored cross-site scripting (XSS) vulnerability in the component /co ...)
+	TODO: check
+CVE-2022-24585 (A stored cross-site scripting (XSS) vulnerability in the component /co ...)
+	TODO: check
 CVE-2022-24584
 	RESERVED
 CVE-2022-24583
@@ -2678,10 +2710,10 @@ CVE-2022-24229
 	RESERVED
 CVE-2022-24228
 	RESERVED
-CVE-2022-24227
-	RESERVED
-CVE-2022-24226
-	RESERVED
+CVE-2022-24227 (A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows at ...)
+	TODO: check
+CVE-2022-24226 (Hospital Management System v4.0 was discovered to contain a blind SQL  ...)
+	TODO: check
 CVE-2022-24225
 	RESERVED
 CVE-2022-24224
@@ -3942,10 +3974,10 @@ CVE-2022-0343
 	RESERVED
 CVE-2022-0342
 	RESERVED
-CVE-2021-46558
-	RESERVED
-CVE-2021-46557
-	RESERVED
+CVE-2021-46558 (Multiple cross-site scripting (XSS) vulnerabilities in the Add User mo ...)
+	TODO: check
+CVE-2021-46557 (Vicidial 2.14-783a was discovered to contain a cross-site scripting (X ...)
+	TODO: check
 CVE-2021-46556 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
 	NOT-FOR-US: Cesanta MJS
 CVE-2021-46555
@@ -4878,8 +4910,8 @@ CVE-2022-23641
 	RESERVED
 CVE-2022-23640
 	RESERVED
-CVE-2022-23639
-	RESERVED
+CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, scoped t ...)
+	TODO: check
 CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scri ...)
 	TODO: check
 CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...)
@@ -4971,8 +5003,8 @@ CVE-2022-23606
 	RESERVED
 CVE-2022-23605 (Wire webapp is a web client for the wire messaging protocol. In versio ...)
 	NOT-FOR-US: Wire webapp
-CVE-2022-23604
-	RESERVED
+CVE-2022-23604 (x26-Cogs is a repository of cogs made by Twentysix for the Red Discord ...)
+	TODO: check
 CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application for use wi ...)
 	NOT-FOR-US: iTunesRPC-Remastered
 CVE-2022-23602 (Nimforum is a lightweight alternative to Discourse written in Nim. In  ...)
@@ -5581,8 +5613,8 @@ CVE-2022-23386
 	RESERVED
 CVE-2022-23385
 	RESERVED
-CVE-2022-23384
-	RESERVED
+CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin ...)
+	TODO: check
 CVE-2022-23383
 	RESERVED
 CVE-2022-23382
@@ -5715,8 +5747,8 @@ CVE-2022-23319
 	RESERVED
 CVE-2022-23318
 	RESERVED
-CVE-2022-23317
-	RESERVED
+CVE-2022-23317 (CobaltStrike <=4.5 HTTP(S) listener does not determine whether the  ...)
+	TODO: check
 CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...)
 	NOT-FOR-US: taocms
 CVE-2022-23315 (MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnera ...)
@@ -6263,7 +6295,7 @@ CVE-2022-23224
 CVE-2022-23223 (The HTTP response will disclose the user password. This issue affected ...)
 	NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...)
-	{DLA-2923-1}
+	{DSA-5076-1 DLA-2923-1}
 	- h2database 2.1.210-1
 	NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210
 	NOTE: Fixed by https://github.com/h2database/h2database/commit/eb75633d0dfa86341e6ef77a861665c4a0f16ab8
@@ -7894,8 +7926,8 @@ CVE-2022-22772
 	RESERVED
 CVE-2022-22771
 	RESERVED
-CVE-2022-22770
-	RESERVED
+CVE-2022-22770 (The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe cont ...)
+	TODO: check
 CVE-2022-22769 (The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX ...)
 	NOT-FOR-US: TIBCO
 CVE-2022-22768
@@ -12098,19 +12130,19 @@ CVE-2021-45345
 CVE-2021-45344
 	RESERVED
 CVE-2021-45343 (In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of ...)
-	{DLA-2908-1}
+	{DSA-5077-1 DLA-2908-1}
 	- librecad 2.1.3-3 (bug #1004518)
 	NOTE: https://github.com/LibreCAD/LibreCAD/issues/1468
 	NOTE: https://github.com/LibreCAD/LibreCAD/pull/1469
 	NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/5771425808bd16e78e1c6f28728c0712c47316f7
 CVE-2021-45342 (A buffer overflow vulnerability in CDataList of the jwwlib component o ...)
-	{DLA-2908-1}
+	{DSA-5077-1 DLA-2908-1}
 	- librecad 2.1.3-3 (bug #1004518)
 	NOTE: https://github.com/LibreCAD/LibreCAD/issues/1464
 	NOTE: https://github.com/LibreCAD/LibreCAD/pull/1465
 	NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/4edcbe72679f95cb60979c77a348c1522a20b0f4
 CVE-2021-45341 (A buffer overflow vulnerability in CDataMoji of the jwwlib component o ...)
-	{DLA-2908-1}
+	{DSA-5077-1 DLA-2908-1}
 	- librecad 2.1.3-3 (bug #1004518)
 	NOTE: https://github.com/LibreCAD/LibreCAD/issues/1462
 	NOTE: https://github.com/LibreCAD/LibreCAD/pull/1463
@@ -13588,8 +13620,8 @@ CVE-2021-44962
 	RESERVED
 CVE-2021-44961
 	RESERVED
-CVE-2021-44960
-	RESERVED
+CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the ...)
+	TODO: check
 CVE-2021-44959
 	RESERVED
 CVE-2021-44958
@@ -16792,8 +16824,8 @@ CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive
 	NOTE: Fixed by: https://github.com/ipython/ipython/commit/1ec91ebf328bdf3450130de4b4604c79dc1e19d9
 	NOTE: Testcase: https://github.com/ipython/ipython/commit/56665dfcf7df8690da46aab1278df8e47b14fe3b
 	NOTE: https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
-CVE-2022-21698
-	RESERVED
+CVE-2022-21698 (client_golang is the instrumentation library for Go applications in Pr ...)
+	TODO: check
 CVE-2022-21697 (Jupyter Server Proxy is a Jupyter notebook server extension to proxy w ...)
 	TODO: check
 CVE-2022-21696 (OnionShare is an open source tool that lets you securely and anonymous ...)
@@ -18376,8 +18408,8 @@ CVE-2021-43736
 	RESERVED
 CVE-2021-43735
 	RESERVED
-CVE-2021-43734
-	RESERVED
+CVE-2021-43734 (kkFileview v4.0.0 has arbitrary file read through a directory traversa ...)
+	TODO: check
 CVE-2021-43733
 	RESERVED
 CVE-2021-43732
@@ -21165,10 +21197,10 @@ CVE-2021-43052 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL -
 	NOT-FOR-US: TIBCO
 CVE-2021-43051 (The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire  ...)
 	NOT-FOR-US: Spotfire Server component of TIBCO
-CVE-2021-43050
-	RESERVED
-CVE-2021-43049
-	RESERVED
+CVE-2021-43050 (The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConne ...)
+	TODO: check
+CVE-2021-43049 (The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect  ...)
+	TODO: check
 CVE-2021-43048 (The Interior Server and Gateway Server components of TIBCO Software In ...)
 	NOT-FOR-US: TIBCO
 CVE-2021-43047 (The Interior Server and Gateway Server components of TIBCO Software In ...)
@@ -21999,12 +22031,12 @@ CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27. Th
 	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://github.com/nothings/stb/issues/1224
 	NOTE: https://github.com/nothings/stb/pull/1223
-CVE-2021-42714
-	RESERVED
-CVE-2021-42713
-	RESERVED
-CVE-2021-42712
-	RESERVED
+CVE-2021-42714 (Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a T ...)
+	TODO: check
+CVE-2021-42713 (Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a T ...)
+	TODO: check
+CVE-2021-42712 (Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Direc ...)
+	TODO: check
 CVE-2021-42711 (Barracuda Network Access Client before 5.2.2 creates a Temporary File  ...)
 	NOT-FOR-US: Barracuda Network Access Client
 CVE-2021-42710
@@ -23695,7 +23727,7 @@ CVE-2020-36487
 CVE-2020-36486 (Swift File Transfer Mobile v1.1.2 and below was discovered to contain  ...)
 	NOT-FOR-US: Swift File Transfer Mobile
 CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...)
-	{DLA-2923-1}
+	{DSA-5076-1 DLA-2923-1}
 	- h2database 2.1.210-1 (bug #1003894)
 	NOTE: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
 	NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
@@ -26020,8 +26052,8 @@ CVE-2021-41554 (** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815
 	NOT-FOR-US: ARCHIBUS Web Central
 CVE-2021-41553 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a  ...)
 	NOT-FOR-US: ARCHIBUS Web Central
-CVE-2021-41552
-	RESERVED
+CVE-2021-41552 (CommScope URFboard SBG6950AC2 9.1.103AA23 devices allow Command Inject ...)
+	TODO: check
 CVE-2021-41551 (Leostream Connection Broker 9.0.40.17 allows administrators to conduct ...)
 	NOT-FOR-US: Leostream Connection Broker
 CVE-2021-41550 (Leostream Connection Broker 9.0.40.17 allows administrator to upload a ...)
@@ -67534,7 +67566,7 @@ CVE-2021-25086
 	RESERVED
 CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron ...)
+CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced C ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
 	NOT-FOR-US: WordPress plugin
@@ -74741,19 +74773,19 @@ CVE-2021-21902 (An authentication bypass vulnerability exists in the CMA run_ser
 CVE-2021-21901 (A stack-based buffer overflow vulnerability exists in the CMA check_ud ...)
 	NOT-FOR-US: Garrett Metal Detectors iC Module CMA
 CVE-2021-21900 (A code execution vulnerability exists in the dxfRW::processLType() fun ...)
-	{DLA-2838-1}
+	{DSA-5077-1 DLA-2838-1}
 	- librecad 2.1.3-2
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1351
 	NOTE: librecad bundles libdxfrw
 	NOTE: https://github.com/LibreCAD/libdxfrw/commit/fcd977cc7f8f6cc7f012e5b72d33cf7d77b3fa69
 CVE-2021-21899 (A code execution vulnerability exists in the dwgCompressor::copyCompBy ...)
-	{DLA-2838-1}
+	{DSA-5077-1 DLA-2838-1}
 	- librecad 2.1.3-2
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350
 	NOTE: librecad bundles libdxfrw
 	NOTE: https://github.com/LibreCAD/libdxfrw/commit/6417118874333309aa10c4e59f954c3905a6e8b5
 CVE-2021-21898 (A code execution vulnerability exists in the dwgCompressor::decompress ...)
-	{DLA-2838-1}
+	{DSA-5077-1 DLA-2838-1}
 	- librecad 2.1.3-2
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1349
 	NOTE: librecad bundles libdxfrw



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8748a524a8214a4278eba1e96d35c2c013d1f4b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8748a524a8214a4278eba1e96d35c2c013d1f4b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220215/08d3aaec/attachment.htm>


More information about the debian-security-tracker-commits mailing list