From 3c26aa0026a0f4138027d7dbf4a491aa30468c4b Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Mon, 17 Jan 2022 09:33:02 +0100 Subject: buster/bullseye triage --- data/CVE/list | 259 +++++++++++++++++++++++++++++++++++++++++++++++++--- data/dsa-needed.txt | 2 + 2 files changed, 247 insertions(+), 14 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 15c292774d..ded281e575 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -2389,6 +2389,7 @@ CVE-2022-0120 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0119 RESERVED @@ -2396,116 +2397,139 @@ CVE-2022-0118 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0117 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0116 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0115 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0114 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0113 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0112 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0111 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0110 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0109 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0108 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0107 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0106 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0105 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0104 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0103 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0102 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0101 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0100 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0099 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0098 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0097 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0096 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0095 RESERVED @@ -3479,40 +3503,40 @@ CVE-2021-45958 (UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based buff NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009 TODO: claimed to be fixed in range https://github.com/ultrajson/ultrajson/compare/e3ccc5a1ff945275106d9323c00683fafeffc04a...682c6601569980e9a8a05378d3c1478db30384bc which seem to indicate the fuzzing did not really was helpful and CVE is bogus CVE-2021-45957 (Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (calle ...) - - dnsmasq + - dnsmasq (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35920 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-935.yaml - TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports. + NOTE: Non issue, result of poorly automated fuzzing effort CVE-2021-45956 (Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called fro ...) - - dnsmasq + - dnsmasq (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-933.yaml - TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports. + NOTE: Non issue, result of poorly automated fuzzing effort CVE-2021-45955 (Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called ...) - - dnsmasq + - dnsmasq (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35898 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-932.yaml - TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports. + NOTE: Non issue, result of poorly automated fuzzing effort CVE-2021-45954 (Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called ...) - - dnsmasq + - dnsmasq (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35861 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-931.yaml - TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports. + NOTE: Non issue, result of poorly automated fuzzing effort CVE-2021-45953 (Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called ...) - - dnsmasq + - dnsmasq (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35858 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-929.yaml - TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports. + NOTE: Non issue, result of poorly automated fuzzing effort CVE-2021-45952 (Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called fr ...) - - dnsmasq + - dnsmasq (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35870 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-927.yaml - TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports. + NOTE: Non issue, result of poorly automated fuzzing effort CVE-2021-45951 (Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (ca ...) - - dnsmasq + - dnsmasq (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35868 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-924.yaml - TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports. + NOTE: Non issue, result of poorly automated fuzzing effort CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in ...) - libredwg (bug #595191) CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...) @@ -7624,26 +7648,31 @@ CVE-2021-4102 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4101 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4100 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4099 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4098 RESERVED {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4097 (phpservermon is vulnerable to Improper Neutralization of CRLF Sequence ...) NOT-FOR-US: phpservermon @@ -8003,10 +8032,12 @@ CVE-2021-44693 CVE-2021-4079 (Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4078 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4077 RESERVED @@ -8331,6 +8362,8 @@ CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on t NOT-FOR-US: Apache Sling CVE-2021-4069 (vim is vulnerable to Use After Free ...) - vim 2:8.2.3995-1 + [bullseye] - vim (Minor issue) + [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/ NOTE: https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 (v8.2.3741) CVE-2021-44548 (An Improper Input Validation vulnerability in DataImportHandler of Apa ...) @@ -8338,68 +8371,84 @@ CVE-2021-44548 (An Improper Input Validation vulnerability in DataImportHandler CVE-2021-4068 (Insufficient data validation in new tab page in Google Chrome prior to ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4067 (Use after free in window manager in Google Chrome on ChromeOS prior to ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4066 (Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allo ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4065 (Use after free in autofill in Google Chrome prior to 96.0.4664.93 allo ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4064 (Use after free in screen capture in Google Chrome on ChromeOS prior to ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4063 (Use after free in developer tools in Google Chrome prior to 96.0.4664. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4062 (Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4061 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4060 RESERVED CVE-2021-4059 (Insufficient data validation in loader in Google Chrome prior to 96.0. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4058 (Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4057 (Use after free in file API in Google Chrome prior to 96.0.4664.93 allo ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4056 (Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowe ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4055 (Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4054 (Incorrect security UI in autofill in Google Chrome prior to 96.0.4664. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4053 (Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4052 (Use after free in web apps in Google Chrome prior to 96.0.4664.93 allo ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4051 RESERVED @@ -20215,10 +20264,14 @@ CVE-2021-41166 RESERVED CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected version a ...) - ckeditor (bug #999909) + [bullseye] - ckeditor (Minor issue) + [buster] - ckeditor (Minor issue) [stretch] - ckeditor (Minor issue) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2 (v4.17.0) CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected versions ...) - ckeditor (bug #999909) + [bullseye] - ckeditor (Minor issue) + [buster] - ckeditor (Minor issue) [stretch] - ckeditor (Minor issue) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj (v4.17.0) CVE-2021-41163 (Discourse is an open source platform for community discussion. In affe ...) @@ -28009,268 +28062,334 @@ CVE-2021-38023 CVE-2021-38022 (Inappropriate implementation in WebAuthentication in Google Chrome pri ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38021 (Inappropriate implementation in referrer in Google Chrome prior to 96. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38020 (Insufficient policy enforcement in contacts picker in Google Chrome on ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38019 (Insufficient policy enforcement in CORS in Google Chrome prior to 96.0 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38018 (Inappropriate implementation in navigation in Google Chrome prior to 9 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38017 (Insufficient policy enforcement in iframe sandbox in Google Chrome pri ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38016 (Insufficient policy enforcement in background fetch in Google Chrome p ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38015 (Inappropriate implementation in input in Google Chrome prior to 96.0.4 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38014 (Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38013 (Heap buffer overflow in fingerprint recognition in Google Chrome on Ch ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38012 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38011 (Use after free in storage foundation in Google Chrome prior to 96.0.46 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38010 (Inappropriate implementation in service workers in Google Chrome prior ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38009 (Inappropriate implementation in cache in Google Chrome prior to 96.0.4 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38008 (Use after free in media in Google Chrome prior to 96.0.4664.45 allowed ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38007 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38006 (Use after free in storage foundation in Google Chrome prior to 96.0.46 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38005 (Use after free in loader in Google Chrome prior to 96.0.4664.45 allowe ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38004 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38003 (Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38002 (Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38001 (Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38000 (Insufficient validation of untrusted input in Intents in Google Chrome ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37999 (Insufficient data validation in New Tab Page in Google Chrome prior to ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37998 (Use after free in Garbage Collection in Google Chrome prior to 95.0.46 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37997 (Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allow ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37996 (Insufficient validation of untrusted input Downloads in Google Chrome ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37995 (Inappropriate implementation in WebApp Installer in Google Chrome prio ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37994 (Inappropriate implementation in iFrame Sandbox in Google Chrome prior ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37993 (Use after free in PDF Accessibility in Google Chrome prior to 95.0.463 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37992 (Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37991 (Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote att ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37990 (Inappropriate implementation in WebView in Google Chrome on Android pr ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37989 (Inappropriate implementation in Blink in Google Chrome prior to 95.0.4 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37988 (Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allo ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37987 (Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37986 (Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.5 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37985 (Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37984 (Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37983 (Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 all ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37982 (Use after free in Incognito in Google Chrome prior to 95.0.4638.54 all ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37981 (Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 al ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37980 (Inappropriate implementation in Sandbox in Google Chrome prior to 94.0 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37979 (heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37978 (Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37977 (Use after free in Garbage Collection in Google Chrome prior to 94.0.46 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37976 (Inappropriate implementation in Memory in Google Chrome prior to 94.0. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37975 (Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37974 (Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37973 (Use after free in Portals in Google Chrome prior to 94.0.4606.61 allow ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37972 (Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.460 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37971 (Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37970 (Use after free in File System API in Google Chrome prior to 94.0.4606. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37969 (Inappropriate implementation in Google Updater in Google Chrome on Win ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37968 (Inappropriate implementation in Background Fetch API in Google Chrome ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37967 (Inappropriate implementation in Background Fetch API in Google Chrome ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37966 (Inappropriate implementation in Compositing in Google Chrome on Androi ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37965 (Inappropriate implementation in Background Fetch API in Google Chrome ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37964 (Inappropriate implementation in ChromeOS Networking in Google Chrome o ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37963 (Side-channel information leakage in DevTools in Google Chrome prior to ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37962 (Use after free in Performance Manager in Google Chrome prior to 94.0.4 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37961 (Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 all ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37960 REJECTED CVE-2021-37959 (Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37958 (Inappropriate implementation in Navigation in Google Chrome on Windows ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37957 (Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowe ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37956 (Use after free in Offline use in Google Chrome on Android prior to 94. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37955 RESERVED @@ -29304,11 +29423,15 @@ CVE-2021-37531 (SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7. NOT-FOR-US: SAP CVE-2021-37530 (A denial of service vulnerabiity exists in fig2dev through 3.28a due t ...) - fig2dev 1:3.2.8b-1 + [bullseye] - fig2dev (Minor issue) + [buster] - fig2dev (Minor issue) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/126/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/ff103511e49c44c83fc58e2092aa37e9019a3a9f/ CVE-2021-37529 (A double-free vulnerability exists in fig2dev through 3.28a is affecte ...) - fig2dev 1:3.2.8b-1 + [bullseye] - fig2dev (Minor issue) + [buster] - fig2dev (Minor issue) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/125/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/899ea1277387ca9e9853bf61d29b7419d5692691/ @@ -46238,260 +46361,342 @@ CVE-2021-30634 RESERVED CVE-2021-30633 (Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.8 ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30632 (Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allow ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30631 REJECTED CVE-2021-30630 (Inappropriate implementation in Blink in Google Chrome prior to 93.0.4 ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30629 (Use after free in Permissions in Google Chrome prior to 93.0.4577.82 a ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30628 (Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30627 (Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30626 (Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.45 ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30625 (Use after free in Selection API in Google Chrome prior to 93.0.4577.82 ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30624 (Chromium: CVE-2021-30624 Use after free in Autofill ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30623 (Chromium: CVE-2021-30623 Use after free in Bookmarks ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30622 (Chromium: CVE-2021-30622 Use after free in WebApp Installs ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30621 (Chromium: CVE-2021-30621 UI Spoofing in Autofill ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30620 (Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30619 (Chromium: CVE-2021-30619 UI Spoofing in Autofill ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30618 (Chromium: CVE-2021-30618 Inappropriate implementation in DevTools ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30617 (Chromium: CVE-2021-30617 Policy bypass in Blink ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30616 (Chromium: CVE-2021-30616 Use after free in Media ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30615 (Chromium: CVE-2021-30615 Cross-origin data leak in Navigation ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30614 (Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30613 (Chromium: CVE-2021-30613 Use after free in Base internals ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30612 (Chromium: CVE-2021-30612 Use after free in WebRTC ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30611 (Chromium: CVE-2021-30611 Use after free in WebRTC ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30610 (Chromium: CVE-2021-30610 Use after free in Extensions API ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30609 (Chromium: CVE-2021-30609 Use after free in Sign-In ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30608 (Chromium: CVE-2021-30608 Use after free in Web Share ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30607 (Chromium: CVE-2021-30607 Use after free in Permissions ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30606 (Chromium: CVE-2021-30606 Use after free in Blink ...) - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30605 (Inappropriate implementation in the ChromeOS Readiness Tool installer ...) NOT-FOR-US: ChromeOS Readiness Tool installer on Windows CVE-2021-30604 (Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowe ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30603 (Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30602 (Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allow ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30601 (Use after free in Extensions API in Google Chrome prior to 92.0.4515.1 ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30600 (Use after free in Printing in Google Chrome prior to 92.0.4515.159 all ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30599 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30598 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30597 (Use after free in Browser UI in Google Chrome on Chrome prior to 92.0. ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30596 (Incorrect security UI in Navigation in Google Chrome on Android prior ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30595 RESERVED CVE-2021-30594 (Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30593 (Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.13 ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30592 (Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515. ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30591 (Use after free in File System API in Google Chrome prior to 92.0.4515. ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30590 (Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515. ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30589 (Insufficient validation of untrusted input in Sharing in Google Chrome ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30588 (Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30587 (Inappropriate implementation in Compositing in Google Chrome prior to ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30586 (Use after free in dialog box handling in Windows in Google Chrome prio ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30585 (Use after free in sensor handling in Google Chrome on Windows prior to ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30584 (Incorrect security UI in Downloads in Google Chrome on Android prior t ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30583 (Insufficient policy enforcement in image handling in iOS in Google Chr ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30582 (Inappropriate implementation in Animation in Google Chrome prior to 92 ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30581 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30580 (Insufficient policy enforcement in Android intents in Google Chrome pr ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30579 (Use after free in UI framework in Google Chrome prior to 92.0.4515.107 ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30578 (Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 all ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30577 (Insufficient policy enforcement in Installer in Google Chrome prior to ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30576 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30575 (Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.10 ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30574 (Use after free in protocol handling in Google Chrome prior to 92.0.451 ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30573 (Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30572 (Use after free in Autofill in Google Chrome prior to 92.0.4515.107 all ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30571 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30570 RESERVED CVE-2021-30569 (Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allow ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30568 (Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30567 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30566 (Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515. ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30565 (Out of bounds write in Tab Groups in Google Chrome on Linux and Chrome ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30564 (Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30563 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30562 (Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 al ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30561 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30560 (Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30559 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 a ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30558 RESERVED CVE-2021-30557 (Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 al ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30556 (Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 all ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30555 (Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allo ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30554 (Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowe ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30553 (Use after free in Network service in Google Chrome prior to 91.0.4472. ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30552 (Use after free in Extensions in Google Chrome prior to 91.0.4472.101 a ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30551 (Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30550 (Use after free in Accessibility in Google Chrome prior to 91.0.4472.10 ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30549 (Use after free in Spell check in Google Chrome prior to 91.0.4472.101 ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30548 (Use after free in Loader in Google Chrome prior to 91.0.4472.101 allow ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30547 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 a ...) {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1} - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) - firefox 90.0-1 - firefox-esr 78.12.0esr-1 @@ -46501,39 +46706,51 @@ CVE-2021-30547 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-30547 CVE-2021-30546 (Use after free in Autofill in Google Chrome prior to 91.0.4472.101 all ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30545 (Use after free in Extensions in Google Chrome prior to 91.0.4472.101 a ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30544 (Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allo ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30543 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30542 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30541 (Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30540 (Incorrect security UI in payments in Google Chrome on Android prior to ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30539 (Insufficient policy enforcement in content security policy in Google C ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30538 (Insufficient policy enforcement in content security policy in Google C ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30537 (Insufficient policy enforcement in cookies in Google Chrome prior to 9 ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30536 (Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowe ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30535 (Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a re ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) - icu 67.1-7 [buster] - icu (Vulnerable code introduced later) @@ -46545,45 +46762,59 @@ CVE-2021-30535 (Double free in ICU in Google Chrome prior to 91.0.4472.77 allowe NOTE: Fixed by: https://github.com/unicode-org/icu/commit/2dc5bea9061b4fb05cd03e21b775dd944a0eb81d CVE-2021-30534 (Insufficient policy enforcement in iFrameSandbox in Google Chrome prio ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30533 (Insufficient policy enforcement in PopupBlocker in Google Chrome prior ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30532 (Insufficient policy enforcement in Content Security Policy in Google C ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30531 (Insufficient policy enforcement in Content Security Policy in Google C ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30530 (Out of bounds memory access in WebAudio in Google Chrome prior to 91.0 ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30529 (Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 all ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30528 (Use after free in WebAuthentication in Google Chrome on Android prior ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30527 (Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30526 (Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30525 (Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 all ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30524 (Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allo ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30523 (Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowe ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30522 (Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allo ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30521 (Heap buffer overflow in Autofill in Google Chrome on Android prior to ...) - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30520 (Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 al ...) {DSA-4917-1} diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 66f7a63b0d..23300c66b0 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -46,5 +46,7 @@ runc trafficserver (jmm) wait until status for CVE-2021-38161 is clarified (upstream patch got reverted) -- +uriparser +-- varnish (fw) -- -- cgit v1.2.3