diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2021-11-27 20:10:17 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2021-11-27 20:10:17 +0000 |
| commit | 4b5e427aff562f8e7a9115141380a2f8f56b65f9 (patch) | |
| tree | 3d85dd3eda8364e70fe0ea8bb0257dfc10bae1ac | |
| parent | 79862a468a5ca5f59ac21f57650062b7d82d11fc (diff) | |
automatic update
| -rw-r--r-- | data/CVE/list.2017 | 2 | ||||
| -rw-r--r-- | data/CVE/list.2018 | 4 | ||||
| -rw-r--r-- | data/CVE/list.2019 | 2 | ||||
| -rw-r--r-- | data/CVE/list.2021 | 7 |
4 files changed, 10 insertions, 5 deletions
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017 index fbdb988162..508b946af4 100644 --- a/data/CVE/list.2017 +++ b/data/CVE/list.2017 @@ -13802,7 +13802,7 @@ CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3. NOTE: https://www.openwall.com/lists/oss-security/2017/09/06/4 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/442/ CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 ...) - {DLA-2013-1} + {DLA-2828-1 DLA-2013-1} - libvorbis 1.3.6-2 (bug #876780) [wheezy] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream) NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/2 diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index a58e211cfe..1e185bb2cc 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -29112,14 +29112,14 @@ CVE-2018-10395 CVE-2018-10394 RESERVED CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-b ...) - {DLA-2013-1} + {DLA-2828-1 DLA-2013-1} - libvorbis 1.3.6-2 (bug #876780) [wheezy] - libvorbis <ignored> (Minor issue) NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2334 NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25 NOTE: Same patch as for CVE-2017-14160 CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not va ...) - {DLA-2013-1} + {DLA-2828-1 DLA-2013-1} - libvorbis 1.3.6-2 (bug #876780) [wheezy] - libvorbis <ignored> (Minor issue) NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335 diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index fcc2139438..37942b261c 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -33283,11 +33283,13 @@ CVE-2019-8923 (XAMPP through 5.6.8 and previous allows SQL injection via the cds NOT-FOR-US: XAMPP CVE-2019-8922 RESERVED + {DLA-2827-1} - bluez 5.54-1 NOTE: https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/ NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6c7243fb6ab90b7b855cead98c66394fedea135f (5.51) CVE-2019-8921 RESERVED + {DLA-2827-1} - bluez 5.54-1 NOTE: https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/ NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7bf67b32709d828fafa26256b4c78331760c6e93 (5.51) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index a90c668c21..691ed5c6ef 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -50,8 +50,8 @@ CVE-2021-44221 RESERVED CVE-2021-4021 RESERVED -CVE-2021-4020 - RESERVED +CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input During ...) + TODO: check CVE-2021-4019 RESERVED CVE-2021-44220 @@ -602,11 +602,13 @@ CVE-2021-3975 [segmentation fault during VM shutdown can lead to vdsm hung] NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024326 NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7 (v7.1.0-rc2) CVE-2021-44025 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in han ...) + {DSA-5013-1} - roundcube 1.5.0+dfsg.1-1 (bug #1000156) NOTE: https://github.com/roundcube/roundcubemail/issues/8193 NOTE: https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a (1.4.12) NOTE: https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7 (1.3.17) CVE-2021-44026 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potentia ...) + {DSA-5013-1} - roundcube 1.5.0+dfsg.1-1 (bug #1000156) NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12) NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17) @@ -6998,6 +7000,7 @@ CVE-2021-41231 CVE-2021-41230 (Pomerium is an open source identity-aware access proxy. In affected ve ...) NOT-FOR-US: Pomerium CVE-2021-41229 (BlueZ is a Bluetooth protocol stack for Linux. In affected versions a ...) + {DLA-2827-1} - bluez <unfixed> (bug #1000262) [bullseye] - bluez <no-dsa> (Minor issue) [buster] - bluez <no-dsa> (Minor issue) |