diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-10-09 12:09:27 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-10-09 12:09:27 +0200 |
commit | c9d3ab67b7d6dd80b78f0a37c5caca8844741e8f (patch) | |
tree | edb4430ab03c0add286105101f0b9a9655039c15 | |
parent | e99daf016d544dc0c91fa1acb35bf2a14a9e9b4e (diff) |
Merge in the accepted packages from buster 10.11
Though the release has not been happened yet, this is the list of
packages which were copied over from buster-pu to buster.
The final 10.11 changes need to still be verifed for any missing
additional ones.
-rw-r--r-- | data/CVE/list | 66 | ||||
-rw-r--r-- | data/next-oldstable-point-update.txt | 63 |
2 files changed, 33 insertions, 96 deletions
diff --git a/data/CVE/list b/data/CVE/list index a51031fe6c..caad0df371 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1894,7 +1894,7 @@ CVE-2021-3808 CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Complexity ...) - node-ansi-regex 5.0.1-1 (bug #994568) [bullseye] - node-ansi-regex 5.0.1-1~deb11u1 - [buster] - node-ansi-regex <no-dsa> (Minor issue) + [buster] - node-ansi-regex 3.0.0-1+deb10u1 [stretch] - node-ansi-regex <not-affected> (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 NOTE: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 (v6.0.1) @@ -2848,7 +2848,7 @@ CVE-2021-3799 (grav-plugin-admin is vulnerable to Improper Restriction of Render CVE-2021-41054 (tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buff ...) - atftp 0.7.git20210915-1 (bug #994895) [bullseye] - atftp 0.7.git20120829-3.3+deb11u1 - [buster] - atftp <no-dsa> (Minor issue; can be fixed via point release) + [buster] - atftp 0.7.git20120829-3.2~deb10u2 [stretch] - atftp <postponed> (Minor issue) NOTE: https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/ CVE-2021-3798 [Soft token does not check if an EC key is valid] @@ -3602,7 +3602,7 @@ CVE-2021-40541 CVE-2021-40540 (ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info ...) - ulfius 2.7.1-2 (bug #993851) [bullseye] - ulfius 2.7.1-1+deb11u1 - [buster] - ulfius <no-dsa> (Minor issue) + [buster] - ulfius 2.5.2-4+deb10u1 NOTE: https://github.com/babelouest/ulfius/commit/c83f564c184a27145e07c274b305cabe943bbfaa CVE-2021-40539 (Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnera ...) NOT-FOR-US: Zoho ManageEngine @@ -4191,7 +4191,7 @@ CVE-2021-3750 [hcd-ehci: DMA reentrancy issue leads to use-after-free] CVE-2021-3749 (axios is vulnerable to Inefficient Regular Expression Complexity ...) - node-axios 0.21.3+dfsg-1 [bullseye] - node-axios 0.21.1+dfsg-1+deb11u1 - [buster] - node-axios <no-dsa> (Minor issue) + [buster] - node-axios 0.17.1+dfsg-2+deb10u1 NOTE: https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/ NOTE: https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929 NOTE: https://github.com/axios/axios/pull/3980 @@ -8277,7 +8277,7 @@ CVE-2021-38562 - request-tracker5 <unfixed> (bug #995167) - request-tracker4 4.4.4+dfsg-3 (bug #995175) [bullseye] - request-tracker4 4.4.4+dfsg-2+deb11u1 - [buster] - request-tracker4 <no-dsa> (Minor issue; will be fixed via point release) + [buster] - request-tracker4 4.4.3-2+deb10u1 [stretch] - request-tracker4 <no-dsa> (Minor issue) NOTE: https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c (rt-5.0.2) NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.4.5) @@ -9317,7 +9317,7 @@ CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mish {DLA-2755-1} - btrbk 0.27.1-2 [bullseye] - btrbk 0.27.1-1.1+deb11u1 - [buster] - btrbk <no-dsa> (Minor issue; can be fixed via point release) + [buster] - btrbk 0.27.1-1+deb10u1 NOTE: Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2) NOTE: Introduced by: https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144 (v0.23.0-rc1) CVE-2021-38172 @@ -10307,7 +10307,7 @@ CVE-2021-37750 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) b {DLA-2771-1} - krb5 1.18.3-7 (bug #992607) [bullseye] - krb5 1.18.3-6+deb11u1 - [buster] - krb5 <no-dsa> (Minor issue) + [buster] - krb5 1.17-3+deb10u3 NOTE: https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49 CVE-2021-37749 (MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16 ...) NOT-FOR-US: Hexagon GeoMedia WebMap @@ -12530,7 +12530,7 @@ CVE-2021-36774 CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...) - ublock-origin 1.37.0+dfsg-1 (bug #991386) [bullseye] - ublock-origin 1.37.0+dfsg-1~deb11u1 - [buster] - ublock-origin <no-dsa> (Minor issue) + [buster] - ublock-origin 1.37.0+dfsg-1~deb10u1 [stretch] - ublock-origin <no-dsa> (Minor issue) - umatrix <unfixed> (bug #991344) [buster] - umatrix <no-dsa> (Minor issue) @@ -15847,7 +15847,7 @@ CVE-2021-35368 [CRS Request Body Bypass] RESERVED - modsecurity-crs 3.3.2-1 (bug #992000) [bullseye] - modsecurity-crs 3.3.0-1+deb11u1 - [buster] - modsecurity-crs <no-dsa> (Minor issue) + [buster] - modsecurity-crs 3.1.0-1+deb10u2 [stretch] - modsecurity-crs <no-dsa> (Minor issue) NOTE: https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/ NOTE: https://github.com/coreruleset/coreruleset/pull/2143 @@ -19958,7 +19958,7 @@ CVE-2021-33583 (REINER timeCard 6.05.07 installs a Microsoft SQL Server with an CVE-2021-33582 (Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of s ...) - cyrus-imapd 3.4.2-1 (bug #993433) [bullseye] - cyrus-imapd 3.2.6-2+deb11u1 - [buster] - cyrus-imapd <no-dsa> (Minor issue; can be fixed via point release) + [buster] - cyrus-imapd 3.0.8-6+deb10u6 [stretch] - cyrus-imapd <no-dsa> (Minor issue; can be fixed via point release) - cyrus-imapd-2.4 <removed> NOTE: https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released @@ -21887,14 +21887,14 @@ CVE-2021-32805 (Flask-AppBuilder is an application development framework, built CVE-2021-32804 (The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4 ...) - node-tar 6.1.7+~cs11.3.10-1 (bug #992111) [bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1 - [buster] - node-tar <no-dsa> (Minor issue) + [buster] - node-tar 4.4.6+ds1-3+deb10u1 [stretch] - node-tar <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9 NOTE: https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4 CVE-2021-32803 (The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4 ...) - node-tar 6.1.7+~cs11.3.10-1 (bug #992110) [bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1 - [buster] - node-tar <no-dsa> (Minor issue) + [buster] - node-tar 4.4.6+ds1-3+deb10u1 [stretch] - node-tar <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw NOTE: https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20 @@ -30605,7 +30605,7 @@ CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG. In CVE-2021-29488 (SABnzbd is an open source binary newsreader. A vulnerability was disco ...) - sabnzbdplus 3.2.1+dfsg-1 [bullseye] - sabnzbdplus 3.1.1+dfsg-2+deb11u1 - [buster] - sabnzbdplus <no-dsa> (Minor issue; non-free/contrib not security supported) + [buster] - sabnzbdplus 2.3.6+dfsg-1+deb10u2 [stretch] - sabnzbdplus <no-dsa> (Minor issue; contrib not supported) NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp NOTE: https://github.com/sabnzbd/sabnzbd/commit/3766ba54026eaa520dbee5b57a2f33d4954fb98b @@ -30830,7 +30830,7 @@ CVE-2021-29426 CVE-2021-29425 (In Apache Commons IO before 2.7, When invoking the method FileNameUtil ...) {DLA-2741-1} - commons-io 2.8.0-1 - [buster] - commons-io <no-dsa> (Minor issue; can be fixed via point release) + [buster] - commons-io 2.6-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/04/12/1 NOTE: https://issues.apache.org/jira/browse/IO-556 CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality in versi ...) @@ -45278,7 +45278,7 @@ CVE-2021-23414 (This affects the package video.js before 7.14.3. The src attribu NOT-FOR-US: video.js CVE-2021-23413 (This affects the package jszip before 3.7.0. Crafting a new zip file w ...) - node-jszip 3.5.0+dfsg-2 - [buster] - node-jszip <no-dsa> (Minor issue) + [buster] - node-jszip 3.1.4+dfsg-1+deb10u1 NOTE: https://github.com/Stuk/jszip/pull/766 NOTE: https://github.com/Stuk/jszip/commit/22357494f424178cb416cdb7d93b26dd4f824b36 CVE-2021-23412 (All versions of package gitlogplus are vulnerable to Command Injection ...) @@ -51357,7 +51357,7 @@ CVE-2021-21375 (PJSIP is a free and open source multimedia communication library {DLA-2665-1 DLA-2636-1} - pjproject <removed> - ring 20210112.2.b757bac~ds1-1 (bug #986815) - [buster] - ring <no-dsa> (Minor issue; can be fixed via point release) + [buster] - ring 20190215.1.f152c98~ds1-1+deb10u1 NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp NOTE: https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365 CVE-2021-21374 (Nimble is a package manager for the Nim programming language. In Nim r ...) @@ -56432,7 +56432,7 @@ CVE-2021-2389 (Vulnerability in the MySQL Server product of Oracle MySQL (compon - mariadb-10.5 1:10.5.12-1 [bullseye] - mariadb-10.5 1:10.5.12-0+deb11u1 - mariadb-10.3 <removed> - [buster] - mariadb-10.3 <no-dsa> (Minor issue, can be fixed via point release) + [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 - mysql-5.7 <removed> - mysql-8.0 <unfixed> NOTE: Fixed in MariaDB 10.5.12, 10.3.31 @@ -56475,7 +56475,7 @@ CVE-2021-2372 (Vulnerability in the MySQL Server product of Oracle MySQL (compon - mariadb-10.5 1:10.5.12-1 [bullseye] - mariadb-10.5 1:10.5.12-0+deb11u1 - mariadb-10.3 <removed> - [buster] - mariadb-10.3 <no-dsa> (Minor issue, can be fixed via point release) + [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 - mysql-5.7 <removed> - mysql-8.0 <unfixed> NOTE: Fixed in MariaDB 10.5.12, 10.3.31 @@ -61753,9 +61753,9 @@ CVE-2021-1096 (NVIDIA Windows GPU Display Driver for Windows contains a vulnerab NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows CVE-2021-1095 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers 460.91.03-1 (bug #991351) - [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) + [buster] - nvidia-graphics-drivers 418.211.00-1 - nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353) - [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1 - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352) [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) @@ -61766,9 +61766,9 @@ CVE-2021-1095 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211 CVE-2021-1094 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers 460.91.03-1 (bug #991351) - [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) + [buster] - nvidia-graphics-drivers 418.211.00-1 - nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353) - [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1 - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352) [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) @@ -61779,9 +61779,9 @@ CVE-2021-1094 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211 CVE-2021-1093 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers 460.91.03-1 (bug #991351) - [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) + [buster] - nvidia-graphics-drivers 418.211.00-1 - nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353) - [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1 - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352) [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) @@ -88813,7 +88813,7 @@ CVE-2020-17510 (Apache Shiro before 1.7.0, when using Apache Shiro with Spring, {DLA-2726-1} - shiro 1.3.2-5 (bug #988728) [bullseye] - shiro 1.3.2-4+deb11u1 - [buster] - shiro <no-dsa> (Minor issue) + [buster] - shiro 1.3.2-4+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/7 NOTE: https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E NOTE: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12349284&styleName=Text&projectId=12310950 @@ -98057,7 +98057,7 @@ CVE-2020-13933 (Apache Shiro before 1.6.0, when using Apache Shiro, a specially {DLA-2726-1} - shiro 1.3.2-5 (bug #968753) [bullseye] - shiro 1.3.2-4+deb11u1 - [buster] - shiro <no-dsa> (Minor issue) + [buster] - shiro 1.3.2-4+deb10u1 NOTE: https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E CVE-2020-13932 (In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT p ...) NOT-FOR-US: Apache ActiveMQ Artemis @@ -98197,7 +98197,7 @@ CVE-2020-13882 (CISOfy Lynis before 3.0.0 has Incorrect Access Control because o CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...) {DLA-2730-1 DLA-2239-1} - libpam-tacplus 1.3.8-2.1 (low; bug #962830) - [buster] - libpam-tacplus <no-dsa> (Minor issue) + [buster] - libpam-tacplus 1.3.8-2+deb10u1 [stretch] - libpam-tacplus <no-dsa> (Minor issue) NOTE: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0 NOTE: https://github.com/kravietz/pam_tacplus/issues/149 @@ -103231,7 +103231,7 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring d {DLA-2273-1} - shiro 1.3.2-5 (bug #988728) [bullseye] - shiro 1.3.2-4+deb11u1 - [buster] - shiro <no-dsa> (Minor issue) + [buster] - shiro 1.3.2-4+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/22/1 NOTE: https://github.com/apache/shiro/pull/211 NOTE: https://issues.apache.org/jira/browse/SHIRO-753 @@ -103241,7 +103241,7 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring d CVE-2020-11988 (Apache XmlGraphics Commons 2.4 is vulnerable to server-side request fo ...) - xmlgraphics-commons 2.4-2 (bug #984949) [bullseye] - xmlgraphics-commons 2.4-2~deb11u1 - [buster] - xmlgraphics-commons <no-dsa> (Minor issue) + [buster] - xmlgraphics-commons 2.3-1+deb10u1 [stretch] - xmlgraphics-commons <not-affected> (Vulnerable code is not present) NOTE: https://github.com/apache/xmlgraphics-commons/commit/57393912eb87b994c7fed39ddf30fb778a275183 NOTE: https://issues.apache.org/jira/browse/XGC-122 @@ -122248,7 +122248,7 @@ CVE-2019-20226 CVE-2019-20326 (A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg( ...) {DLA-2749-1 DLA-2066-1} - gthumb 3:3.8.3-0.1 (bug #948197) - [buster] - gthumb <no-dsa> (Minor issue) + [buster] - gthumb 3:3.6.2-4+deb10u1 NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/14860321ce3235d420498c4f81f21003d1fb78f4 (3.8.3) NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad (master) CVE-2020-5200 @@ -131301,7 +131301,7 @@ CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dy {DLA-2273-1 DLA-2181-1} - shiro 1.3.2-5 (bug #955018) [bullseye] - shiro 1.3.2-4+deb11u1 - [buster] - shiro <no-dsa> (Minor issue) + [buster] - shiro 1.3.2-4+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2 NOTE: Fixed by: https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139 NOTE: https://github.com/apache/shiro/pull/203#issuecomment-606270322 @@ -146265,7 +146265,7 @@ CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes maliciou [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support) [jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support) - http-parser 2.9.4-2 (bug #977467) - [buster] - http-parser <no-dsa> (Minor issue) + [buster] - http-parser 2.8.1-1+deb10u1 [stretch] - http-parser <ignored> (Invasive patch, requires prior content-length support and public struct changes that break ABI) [jessie] - http-parser <ignored> (Invasive patch, requires prior content-length support and public struct changes that break ABI) NOTE: https://hackerone.com/reports/735748 @@ -155647,7 +155647,7 @@ CVE-2016-10761 (Logitech Unifying devices before 2016-02-26 allow keystroke inje NOT-FOR-US: Logitech CVE-2019-13045 (Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when S ...) - irssi 1.2.1-1 (low; bug #931264) - [buster] - irssi <no-dsa> (Minor issue) + [buster] - irssi 1.2.0-2+deb10u1 [stretch] - irssi <no-dsa> (Minor issue) [jessie] - irssi <not-affected> (vulnerable sasl code is not present) NOTE: https://irssi.org/security/irssi_sa_2019_06.txt diff --git a/data/next-oldstable-point-update.txt b/data/next-oldstable-point-update.txt index 5e5e328f85..bb95f7c93d 100644 --- a/data/next-oldstable-point-update.txt +++ b/data/next-oldstable-point-update.txt @@ -1,66 +1,3 @@ -CVE-2019-15605 - [buster] - http-parser 2.8.1-1+deb10u1 -CVE-2021-21375 - [buster] - ring 20190215.1.f152c98~ds1-1+deb10u1 -CVE-2021-1093 - [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1 - [buster] - nvidia-graphics-drivers 418.211.00-1 -CVE-2021-1094 - [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1 - [buster] - nvidia-graphics-drivers 418.211.00-1 -CVE-2021-1095 - [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1 - [buster] - nvidia-graphics-drivers 418.211.00-1 -CVE-2021-23413 - [buster] - node-jszip 3.1.4+dfsg-1+deb10u1 -CVE-2019-13045 - [buster] - irssi 1.2.0-2+deb10u1 -CVE-2020-11988 - [buster] - xmlgraphics-commons 2.3-1+deb10u1 -CVE-2020-13881 - [buster] - libpam-tacplus 1.3.8-2+deb10u1 -CVE-2021-32803 - [buster] - node-tar 4.4.6+ds1-3+deb10u1 -CVE-2021-32804 - [buster] - node-tar 4.4.6+ds1-3+deb10u1 -CVE-2021-29425 - [buster] - commons-io 2.6-2+deb10u1 -CVE-2021-35368 - [buster] - modsecurity-crs 3.1.0-1+deb10u2 -CVE-2021-29488 - [buster] - sabnzbdplus 2.3.6+dfsg-1+deb10u2 -CVE-2020-1957 - [buster] - shiro 1.3.2-4+deb10u1 -CVE-2020-11989 - [buster] - shiro 1.3.2-4+deb10u1 -CVE-2020-13933 - [buster] - shiro 1.3.2-4+deb10u1 -CVE-2020-17510 - [buster] - shiro 1.3.2-4+deb10u1 -CVE-2021-36773 - [buster] - ublock-origin 1.37.0+dfsg-1~deb10u1 -CVE-2019-20326 - [buster] - gthumb 3:3.6.2-4+deb10u1 -CVE-2021-37750 - [buster] - krb5 1.17-3+deb10u3 -CVE-2021-33582 - [buster] - cyrus-imapd 3.0.8-6+deb10u6 -CVE-2021-2389 - [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 -CVE-2021-2372 - [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 -CVE-2021-38173 - [buster] - btrbk 0.27.1-1+deb10u1 -CVE-2021-41054 - [buster] - atftp 0.7.git20120829-3.2~deb10u2 -CVE-2021-3749 - [buster] - node-axios 0.17.1+dfsg-2+deb10u1 -(CVE-2021-3807 - [buster] - node-ansi-regex 3.0.0-1+deb10u1 -CVE-2021-40540 - [buster] - ulfius 2.5.2-4+deb10u1 -CVE-2021-38562 - [buster] - request-tracker4 4.4.3-2+deb10u1 CVE-2019-20807 [buster] - vim 2:8.1.0875-5+deb10u1 CVE-2021-3770 |