[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 1 08:10:17 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
059a837c by security tracker role at 2022-01-01T08:10:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2022-0079
+ RESERVED
+CVE-2022-0078
+ RESERVED
+CVE-2021-45959 ({fmt} 7.1.0 through 8.0.1 has a stack-based buffer overflow in fmt::v8 ...)
+ TODO: check
+CVE-2021-45958 (UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based buffer ove ...)
+ TODO: check
+CVE-2021-45957 (Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (calle ...)
+ TODO: check
+CVE-2021-45956 (Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called fro ...)
+ TODO: check
+CVE-2021-45955 (Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called ...)
+ TODO: check
+CVE-2021-45954 (Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called ...)
+ TODO: check
+CVE-2021-45953 (Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called ...)
+ TODO: check
+CVE-2021-45952 (Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called fr ...)
+ TODO: check
+CVE-2021-45951 (Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (ca ...)
+ TODO: check
+CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in ...)
+ TODO: check
+CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...)
+ TODO: check
+CVE-2021-45948 (Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-base ...)
+ TODO: check
+CVE-2021-45947 (Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from ...)
+ TODO: check
+CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...)
+ TODO: check
+CVE-2021-45945 (uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds write in std::_ ...)
+ TODO: check
+CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...)
+ TODO: check
+CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::C ...)
+ TODO: check
+CVE-2021-45942 (OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_ ...)
+ TODO: check
+CVE-2021-45941 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...)
+ TODO: check
+CVE-2021-45940 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in _ ...)
+ TODO: check
+CVE-2021-45939 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
+ TODO: check
+CVE-2021-45938 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
+ TODO: check
+CVE-2021-45937 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
+ TODO: check
+CVE-2021-45936 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Di ...)
+ TODO: check
+CVE-2021-45935 (Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K: ...)
+ TODO: check
+CVE-2021-45934 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
+ TODO: check
+CVE-2021-45933 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in Mqt ...)
+ TODO: check
+CVE-2021-45932 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in Mqt ...)
+ TODO: check
+CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t:: ...)
+ TODO: check
+CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 6.2.1 has an out-of-bounds write in QtPriva ...)
+ TODO: check
+CVE-2021-45929 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...)
+ TODO: check
+CVE-2021-45928 (libjxl before 0.6, as used in libvips 8.11 through 8.11.2 and other pr ...)
+ TODO: check
+CVE-2021-45927 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...)
+ TODO: check
+CVE-2021-45926 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...)
+ TODO: check
CVE-2021-4196
RESERVED
CVE-2021-4195
@@ -3685,8 +3757,8 @@ CVE-2021-44854 [REST API incorrectly publicly caches autocomplete search results
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44853
RESERVED
-CVE-2021-44852
- RESERVED
+CVE-2021-44852 (An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1. ...)
+ TODO: check
CVE-2021-44851
RESERVED
CVE-2021-44850
@@ -4159,8 +4231,7 @@ CVE-2021-44719
RESERVED
CVE-2021-44718
RESERVED
-CVE-2021-44717
- RESERVED
+CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operat ...)
- golang-1.17 1.17.5-1
- golang-1.15 1.15.15-5
[bullseye] - golang-1.15 1.15.15-1~deb11u2
@@ -4171,8 +4242,7 @@ CVE-2021-44717
NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ
NOTE: https://github.com/golang/go/commit/e46abcb816fb20663483f84fe52e370790a99bee (go1.17.5)
NOTE: https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.16.12)
-CVE-2021-44716
- RESERVED
+CVE-2021-44716 (net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontro ...)
- golang-1.17 1.17.5-1
- golang-1.15 1.15.15-5
[bullseye] - golang-1.15 1.15.15-1~deb11u2
@@ -8899,8 +8969,8 @@ CVE-2021-43335
RESERVED
CVE-2021-43334
RESERVED
-CVE-2021-43333
- RESERVED
+CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...)
+ TODO: check
CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...)
- mailman <removed> (bug #1000367)
[buster] - mailman <no-dsa> (Minor issue)
@@ -14725,8 +14795,7 @@ CVE-2021-41821 (Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Int
NOT-FOR-US: Wazuh
CVE-2021-41820
RESERVED
-CVE-2021-41819 [Cookie Prefix Spoofing in CGI::Cookie.parse]
- RESERVED
+CVE-2021-41819 (CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes i ...)
{DLA-2853-1}
- ruby3.0 <unfixed>
- ruby2.7 2.7.5-1
@@ -14737,8 +14806,7 @@ CVE-2021-41819 [Cookie Prefix Spoofing in CGI::Cookie.parse]
NOTE: Fixed by: https://github.com/ruby/cgi/commit/052eb3a828b0f99bca39cfd800f6c2b91307dbd5 (v0.3.1)
CVE-2021-41818
RESERVED
-CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsing Methods]
- RESERVED
+CVE-2021-41817 (Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regula ...)
{DLA-2853-1}
- ruby3.0 <unfixed>
- ruby2.7 2.7.5-1
@@ -27088,7 +27156,7 @@ CVE-2021-3652 [CRYPT password hash with asterisk allows any bind attempt to succ
NOTE: https://github.com/389ds/389-ds-base/issues/4817
NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master)
NOTE: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 (1.4.4.x)
-CVE-2021-36767 (In Digi RealPort through 4.8.488.0, authentication relies on a challen ...)
+CVE-2021-36767 (In Digi RealPort through 4.10.490, authentication relies on a challeng ...)
NOT-FOR-US: Digi RealPort
CVE-2021-36766 (Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable co ...)
NOT-FOR-US: Concrete5
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/059a837c52f8a5124ae63251b3e0c3f371615af7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/059a837c52f8a5124ae63251b3e0c3f371615af7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220101/9a45e230/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list