diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-07-29 20:47:33 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-07-29 20:48:08 +0200 |
commit | 23afa7e7a112170cb24598e9d97b3510d83e5701 (patch) | |
tree | 405ea33049150136c47c3aa56b3b47072bcc90b5 /data | |
parent | a34e8be2a0435af661118eed7018123cca8fe82f (diff) |
bullseye triage
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 28ef01d323..1fb5ea02b7 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1323,6 +1323,9 @@ CVE-2021-23184 RESERVED CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-f ...) - openvswitch <unfixed> (bug #991308) + [bullseye] - openvswitch <no-dsa> (Minor issue) + [buster] - openvswitch <not-affected> (Vulnerable code not present, introduced in 2.11) + [stretch] - openvswitch <not-affected> (Vulnerable code not present, introduced in 2.11) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml NOTE: https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f @@ -1330,6 +1333,8 @@ CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-a NOTE: https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35 NOTE: https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2 NOTE: https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575 + NOTE: https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2 + NOTE: Introduced in: https://github.com/openvswitch/ovs/commit/418a7a84245f5fbe589dd1267463fc9ba27a1dd6 CVE-2021-36979 (Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (cal ...) NOT-FOR-US: Unicorn Engine CVE-2021-36978 (QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer ...) @@ -1829,6 +1834,8 @@ CVE-2021-36768 CVE-2021-3652 [CRYPT password hash with asterisk allows any bind attempt to succeed] RESERVED - 389-ds-base <unfixed> (bug #991405) + [bullseye] - 389-ds-base <no-dsa> (Minor issue) + [buster] - 389-ds-base <no-dsa> (Minor issue) NOTE: https://github.com/389ds/389-ds-base/issues/4817 NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master) NOTE: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 (1.4.4.x) @@ -6466,6 +6473,7 @@ CVE-2021-3605 [Heap buffer overflow in the rleUncompress function] NOTE: not to be confused with CVE-2020-11760 whose fix is similar but applied around 10 lines above, in the other branch of the 'if' CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a vulnerability that can result in ...) - libphp-phpmailer <unfixed> + [bullseye] - libphp-phpmailer <no-dsa> (Minor issue) [buster] - libphp-phpmailer <no-dsa> (Minor issue) [stretch] - libphp-phpmailer <postponed> (Minor issue, fix along with next DLA) NOTE: https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/ @@ -10603,6 +10611,9 @@ CVE-2021-3551 RESERVED - dogtag-pki <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959971 + NOTE: https://github.com/dogtagpki/pki/commit/0c2f3b84499584bb6029f5ba3988ed3cb081e548 + NOTE: https://github.com/dogtagpki/pki/commit/b01cd8cc7d3e391e69ed2c8161f7e15fa84553e6 + NOTE: https://github.com/dogtagpki/pki/commit/5b09fcaff11d33010469e695ef365a91c91674b5 CVE-2021-3550 (A DLL search path vulnerability was reported in Lenovo PCManager, prio ...) NOT-FOR-US: Microsoft CVE-2021-32925 (admin/user_import.php in Chamilo 1.11.14 reads XML data without disabl ...) @@ -19324,6 +19335,7 @@ CVE-2021-29500 (bubble fireworks is an open source java package relating to Spri NOT-FOR-US: bubble fireworks CVE-2021-29499 (SIF is an open source implementation of the Singularity Container Imag ...) - golang-github-sylabs-sif <unfixed> + [bullseye] - golang-github-sylabs-sif <no-dsa> (Minor issue) NOTE: https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg CVE-2021-29498 RESERVED |