[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jan 23 08:10:20 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d268db91 by security tracker role at 2022-01-23T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9145,8 +9145,8 @@ CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untr
 	NOTE: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
 	NOTE: Issue for Log4j 1.2 when specifically configured to use JMSAppender (not the default)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/2
-CVE-2021-4103
-	RESERVED
+CVE-2021-4103 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vd ...)
+	TODO: check
 CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fi ...)
 	{DLA-2870-1}
 	- apache-log4j2 2.17.1-1 (bug #1002813)
@@ -47093,7 +47093,6 @@ CVE-2021-30986 (A device configuration issue was addressed with an updated confi
 CVE-2021-30985 (An out-of-bounds write issue was addressed with improved bounds checki ...)
 	NOT-FOR-US: Apple
 CVE-2021-30984 (A race condition was addressed with improved state handling. This issu ...)
-	RESERVED
 	- webkit2gtk 2.34.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.4-1
@@ -47157,25 +47156,21 @@ CVE-2021-30956
 CVE-2021-30955 (A race condition was addressed with improved state handling. This issu ...)
 	NOT-FOR-US: Apple
 CVE-2021-30954 (A type confusion issue was addressed with improved memory handling. Th ...)
-	RESERVED
 	- webkit2gtk 2.34.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.4-1
 	NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
 CVE-2021-30953 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	RESERVED
 	- webkit2gtk 2.34.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.4-1
 	NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
 CVE-2021-30952 (An integer overflow was addressed with improved input validation. This ...)
-	RESERVED
 	- webkit2gtk 2.34.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.4-1
 	NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
 CVE-2021-30951 (A use after free issue was addressed with improved memory management.  ...)
-	RESERVED
 	- webkit2gtk 2.34.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.4-1
@@ -47209,7 +47204,6 @@ CVE-2021-30938 (This issue was addressed with improved checks. This issue is fix
 CVE-2021-30937 (A memory corruption vulnerability was addressed with improved locking. ...)
 	NOT-FOR-US: Apple
 CVE-2021-30936 (A use after free issue was addressed with improved memory management.  ...)
-	RESERVED
 	- webkit2gtk 2.34.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.4-1
@@ -47217,7 +47211,6 @@ CVE-2021-30936 (A use after free issue was addressed with improved memory manage
 CVE-2021-30935 (A logic issue was addressed with improved validation. This issue is fi ...)
 	NOT-FOR-US: Apple
 CVE-2021-30934 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	RESERVED
 	- webkit2gtk 2.34.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.4-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d268db910f3cbd0e77d487521ecd7def22637d2f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d268db910f3cbd0e77d487521ecd7def22637d2f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220123/2e0c8add/attachment.htm>

More information about the debian-security-tracker-commits mailing list