[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 15 20:11:37 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f8748a52 by security tracker role at 2022-02-15T20:11:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,78 +1,110 @@
-CVE-2022-25212
+CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XM ...)
+ TODO: check
+CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier use ...)
+ TODO: check
+CVE-2022-25169
+ RESERVED
+CVE-2022-25168
+ RESERVED
+CVE-2022-25167
+ RESERVED
+CVE-2022-24435
+ RESERVED
+CVE-2022-23986
+ RESERVED
+CVE-2022-21159
+ RESERVED
+CVE-2022-0618
+ RESERVED
+CVE-2022-0617
+ RESERVED
+CVE-2022-0616
+ RESERVED
+CVE-2022-0615
+ RESERVED
+CVE-2022-0614
+ RESERVED
+CVE-2022-0613
+ RESERVED
+CVE-2021-4220
+ RESERVED
+CVE-2021-4219
+ RESERVED
+CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plu ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25211
+CVE-2022-25211 (A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25210
+CVE-2022-25210 (Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25208
+CVE-2022-25208 (A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and ear ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25207
+CVE-2022-25207 (A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sina ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25206
+CVE-2022-25206 (A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows at ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25205
+CVE-2022-25205 (A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25204
+CVE-2022-25204 (Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25203
+CVE-2022-25203 (Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25202
+CVE-2022-25202 (Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escap ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25201
+CVE-2022-25201 (Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and ear ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25200
+CVE-2022-25200 (A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25199
+CVE-2022-25199 (A missing permission check in Jenkins SCP publisher Plugin 1.8 and ear ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25198
+CVE-2022-25198 (A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25197
+CVE-2022-25197 (Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implement ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25196
+CVE-2022-25196 (Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25195
+CVE-2022-25195 (A missing permission check in Jenkins autonomiq Plugin 1.15 and earlie ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25194
+CVE-2022-25194 (A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25193
+CVE-2022-25193 (Missing permission checks in Jenkins Snow Commander Plugin 2.0 and ear ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25192
+CVE-2022-25192 (A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Comm ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25191
+CVE-2022-25191 (Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25190
+CVE-2022-25190 (A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25189
+CVE-2022-25189 (Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not esca ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25188
+CVE-2022-25188 (Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appNa ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25187
+CVE-2022-25187 (Jenkins Support Core Plugin 2.79 and earlier does not redact some sens ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25186
+CVE-2022-25186 (Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functional ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25185
+CVE-2022-25185 (Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escap ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25184
+CVE-2022-25184 (Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25183
+CVE-2022-25183 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25182
+CVE-2022-25182 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25181
+CVE-2022-25181 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25180
+CVE-2022-25180 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier include ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25179
+CVE-2022-25179 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier fol ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25178
+CVE-2022-25178 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25177
+CVE-2022-25177 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25176
+CVE-2022-25176 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25174
+CVE-2022-25174 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25173
+CVE-2022-25173 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses th ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-25166
RESERVED
@@ -178,10 +210,10 @@ CVE-2022-0599
RESERVED
CVE-2022-0598
RESERVED
-CVE-2022-0597
- RESERVED
-CVE-2022-0596
- RESERVED
+CVE-2022-0597 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
+ TODO: check
+CVE-2022-0596 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...)
+ TODO: check
CVE-2022-0595
RESERVED
CVE-2022-0594
@@ -194,12 +226,12 @@ CVE-2022-0591
RESERVED
CVE-2022-0590
RESERVED
-CVE-2022-0589
- RESERVED
-CVE-2022-0588
- RESERVED
-CVE-2022-0587
- RESERVED
+CVE-2022-0589 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...)
+ TODO: check
+CVE-2022-0588 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
+ TODO: check
+CVE-2022-0587 (Improper Authorization in Packagist librenms/librenms prior to 22.2.0. ...)
+ TODO: check
CVE-2021-46687
RESERVED
CVE-2021-46270
@@ -1263,8 +1295,8 @@ CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.1
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
CVE-2022-24685
RESERVED
-CVE-2022-24684
- RESERVED
+CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.1 ...)
+ TODO: check
CVE-2022-24683
RESERVED
CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...)
@@ -1564,18 +1596,18 @@ CVE-2022-24592
RESERVED
CVE-2022-24591
RESERVED
-CVE-2022-24590
- RESERVED
-CVE-2022-24589
- RESERVED
-CVE-2022-24588
- RESERVED
-CVE-2022-24587
- RESERVED
-CVE-2022-24586
- RESERVED
-CVE-2022-24585
- RESERVED
+CVE-2022-24590 (A stored cross-site scripting (XSS) vulnerability in the Add Link func ...)
+ TODO: check
+CVE-2022-24589 (Burden v3.0 was discovered to contain a stored cross-site scripting (X ...)
+ TODO: check
+CVE-2022-24588 (Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS ...)
+ TODO: check
+CVE-2022-24587 (A stored cross-site scripting (XSS) vulnerability in the component cor ...)
+ TODO: check
+CVE-2022-24586 (A stored cross-site scripting (XSS) vulnerability in the component /co ...)
+ TODO: check
+CVE-2022-24585 (A stored cross-site scripting (XSS) vulnerability in the component /co ...)
+ TODO: check
CVE-2022-24584
RESERVED
CVE-2022-24583
@@ -2678,10 +2710,10 @@ CVE-2022-24229
RESERVED
CVE-2022-24228
RESERVED
-CVE-2022-24227
- RESERVED
-CVE-2022-24226
- RESERVED
+CVE-2022-24227 (A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows at ...)
+ TODO: check
+CVE-2022-24226 (Hospital Management System v4.0 was discovered to contain a blind SQL ...)
+ TODO: check
CVE-2022-24225
RESERVED
CVE-2022-24224
@@ -3942,10 +3974,10 @@ CVE-2022-0343
RESERVED
CVE-2022-0342
RESERVED
-CVE-2021-46558
- RESERVED
-CVE-2021-46557
- RESERVED
+CVE-2021-46558 (Multiple cross-site scripting (XSS) vulnerabilities in the Add User mo ...)
+ TODO: check
+CVE-2021-46557 (Vicidial 2.14-783a was discovered to contain a cross-site scripting (X ...)
+ TODO: check
CVE-2021-46556 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
NOT-FOR-US: Cesanta MJS
CVE-2021-46555
@@ -4878,8 +4910,8 @@ CVE-2022-23641
RESERVED
CVE-2022-23640
RESERVED
-CVE-2022-23639
- RESERVED
+CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, scoped t ...)
+ TODO: check
CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scri ...)
TODO: check
CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...)
@@ -4971,8 +5003,8 @@ CVE-2022-23606
RESERVED
CVE-2022-23605 (Wire webapp is a web client for the wire messaging protocol. In versio ...)
NOT-FOR-US: Wire webapp
-CVE-2022-23604
- RESERVED
+CVE-2022-23604 (x26-Cogs is a repository of cogs made by Twentysix for the Red Discord ...)
+ TODO: check
CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application for use wi ...)
NOT-FOR-US: iTunesRPC-Remastered
CVE-2022-23602 (Nimforum is a lightweight alternative to Discourse written in Nim. In ...)
@@ -5581,8 +5613,8 @@ CVE-2022-23386
RESERVED
CVE-2022-23385
RESERVED
-CVE-2022-23384
- RESERVED
+CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin ...)
+ TODO: check
CVE-2022-23383
RESERVED
CVE-2022-23382
@@ -5715,8 +5747,8 @@ CVE-2022-23319
RESERVED
CVE-2022-23318
RESERVED
-CVE-2022-23317
- RESERVED
+CVE-2022-23317 (CobaltStrike <=4.5 HTTP(S) listener does not determine whether the ...)
+ TODO: check
CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...)
NOT-FOR-US: taocms
CVE-2022-23315 (MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnera ...)
@@ -6263,7 +6295,7 @@ CVE-2022-23224
CVE-2022-23223 (The HTTP response will disclose the user password. This issue affected ...)
NOT-FOR-US: Apache ShenYu Admin
CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...)
- {DLA-2923-1}
+ {DSA-5076-1 DLA-2923-1}
- h2database 2.1.210-1
NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210
NOTE: Fixed by https://github.com/h2database/h2database/commit/eb75633d0dfa86341e6ef77a861665c4a0f16ab8
@@ -7894,8 +7926,8 @@ CVE-2022-22772
RESERVED
CVE-2022-22771
RESERVED
-CVE-2022-22770
- RESERVED
+CVE-2022-22770 (The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe cont ...)
+ TODO: check
CVE-2022-22769 (The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX ...)
NOT-FOR-US: TIBCO
CVE-2022-22768
@@ -12098,19 +12130,19 @@ CVE-2021-45345
CVE-2021-45344
RESERVED
CVE-2021-45343 (In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of ...)
- {DLA-2908-1}
+ {DSA-5077-1 DLA-2908-1}
- librecad 2.1.3-3 (bug #1004518)
NOTE: https://github.com/LibreCAD/LibreCAD/issues/1468
NOTE: https://github.com/LibreCAD/LibreCAD/pull/1469
NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/5771425808bd16e78e1c6f28728c0712c47316f7
CVE-2021-45342 (A buffer overflow vulnerability in CDataList of the jwwlib component o ...)
- {DLA-2908-1}
+ {DSA-5077-1 DLA-2908-1}
- librecad 2.1.3-3 (bug #1004518)
NOTE: https://github.com/LibreCAD/LibreCAD/issues/1464
NOTE: https://github.com/LibreCAD/LibreCAD/pull/1465
NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/4edcbe72679f95cb60979c77a348c1522a20b0f4
CVE-2021-45341 (A buffer overflow vulnerability in CDataMoji of the jwwlib component o ...)
- {DLA-2908-1}
+ {DSA-5077-1 DLA-2908-1}
- librecad 2.1.3-3 (bug #1004518)
NOTE: https://github.com/LibreCAD/LibreCAD/issues/1462
NOTE: https://github.com/LibreCAD/LibreCAD/pull/1463
@@ -13588,8 +13620,8 @@ CVE-2021-44962
RESERVED
CVE-2021-44961
RESERVED
-CVE-2021-44960
- RESERVED
+CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the ...)
+ TODO: check
CVE-2021-44959
RESERVED
CVE-2021-44958
@@ -16792,8 +16824,8 @@ CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive
NOTE: Fixed by: https://github.com/ipython/ipython/commit/1ec91ebf328bdf3450130de4b4604c79dc1e19d9
NOTE: Testcase: https://github.com/ipython/ipython/commit/56665dfcf7df8690da46aab1278df8e47b14fe3b
NOTE: https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
-CVE-2022-21698
- RESERVED
+CVE-2022-21698 (client_golang is the instrumentation library for Go applications in Pr ...)
+ TODO: check
CVE-2022-21697 (Jupyter Server Proxy is a Jupyter notebook server extension to proxy w ...)
TODO: check
CVE-2022-21696 (OnionShare is an open source tool that lets you securely and anonymous ...)
@@ -18376,8 +18408,8 @@ CVE-2021-43736
RESERVED
CVE-2021-43735
RESERVED
-CVE-2021-43734
- RESERVED
+CVE-2021-43734 (kkFileview v4.0.0 has arbitrary file read through a directory traversa ...)
+ TODO: check
CVE-2021-43733
RESERVED
CVE-2021-43732
@@ -21165,10 +21197,10 @@ CVE-2021-43052 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL -
NOT-FOR-US: TIBCO
CVE-2021-43051 (The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire ...)
NOT-FOR-US: Spotfire Server component of TIBCO
-CVE-2021-43050
- RESERVED
-CVE-2021-43049
- RESERVED
+CVE-2021-43050 (The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConne ...)
+ TODO: check
+CVE-2021-43049 (The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect ...)
+ TODO: check
CVE-2021-43048 (The Interior Server and Gateway Server components of TIBCO Software In ...)
NOT-FOR-US: TIBCO
CVE-2021-43047 (The Interior Server and Gateway Server components of TIBCO Software In ...)
@@ -21999,12 +22031,12 @@ CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27. Th
[buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1224
NOTE: https://github.com/nothings/stb/pull/1223
-CVE-2021-42714
- RESERVED
-CVE-2021-42713
- RESERVED
-CVE-2021-42712
- RESERVED
+CVE-2021-42714 (Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a T ...)
+ TODO: check
+CVE-2021-42713 (Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a T ...)
+ TODO: check
+CVE-2021-42712 (Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Direc ...)
+ TODO: check
CVE-2021-42711 (Barracuda Network Access Client before 5.2.2 creates a Temporary File ...)
NOT-FOR-US: Barracuda Network Access Client
CVE-2021-42710
@@ -23695,7 +23727,7 @@ CVE-2020-36487
CVE-2020-36486 (Swift File Transfer Mobile v1.1.2 and below was discovered to contain ...)
NOT-FOR-US: Swift File Transfer Mobile
CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...)
- {DLA-2923-1}
+ {DSA-5076-1 DLA-2923-1}
- h2database 2.1.210-1 (bug #1003894)
NOTE: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
@@ -26020,8 +26052,8 @@ CVE-2021-41554 (** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815
NOT-FOR-US: ARCHIBUS Web Central
CVE-2021-41553 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...)
NOT-FOR-US: ARCHIBUS Web Central
-CVE-2021-41552
- RESERVED
+CVE-2021-41552 (CommScope URFboard SBG6950AC2 9.1.103AA23 devices allow Command Inject ...)
+ TODO: check
CVE-2021-41551 (Leostream Connection Broker 9.0.40.17 allows administrators to conduct ...)
NOT-FOR-US: Leostream Connection Broker
CVE-2021-41550 (Leostream Connection Broker 9.0.40.17 allows administrator to upload a ...)
@@ -67534,7 +67566,7 @@ CVE-2021-25086
RESERVED
CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron ...)
+CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced C ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
NOT-FOR-US: WordPress plugin
@@ -74741,19 +74773,19 @@ CVE-2021-21902 (An authentication bypass vulnerability exists in the CMA run_ser
CVE-2021-21901 (A stack-based buffer overflow vulnerability exists in the CMA check_ud ...)
NOT-FOR-US: Garrett Metal Detectors iC Module CMA
CVE-2021-21900 (A code execution vulnerability exists in the dxfRW::processLType() fun ...)
- {DLA-2838-1}
+ {DSA-5077-1 DLA-2838-1}
- librecad 2.1.3-2
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1351
NOTE: librecad bundles libdxfrw
NOTE: https://github.com/LibreCAD/libdxfrw/commit/fcd977cc7f8f6cc7f012e5b72d33cf7d77b3fa69
CVE-2021-21899 (A code execution vulnerability exists in the dwgCompressor::copyCompBy ...)
- {DLA-2838-1}
+ {DSA-5077-1 DLA-2838-1}
- librecad 2.1.3-2
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350
NOTE: librecad bundles libdxfrw
NOTE: https://github.com/LibreCAD/libdxfrw/commit/6417118874333309aa10c4e59f954c3905a6e8b5
CVE-2021-21898 (A code execution vulnerability exists in the dwgCompressor::decompress ...)
- {DLA-2838-1}
+ {DSA-5077-1 DLA-2838-1}
- librecad 2.1.3-2
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1349
NOTE: librecad bundles libdxfrw
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8748a524a8214a4278eba1e96d35c2c013d1f4b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8748a524a8214a4278eba1e96d35c2c013d1f4b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220215/08d3aaec/attachment.htm>
More information about the debian-security-tracker-commits
mailing list