From 3629e7d325fa7f945e1c547ccd964aa309f8acb7 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Sun, 28 Nov 2021 20:10:17 +0000 Subject: automatic update --- data/CVE/list.2018 | 2 +- data/CVE/list.2019 | 2 +- data/CVE/list.2020 | 2 +- data/CVE/list.2021 | 6 ++++-- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index f58b388d48..03cbe090b0 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -2217,7 +2217,7 @@ CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a NOTE: Don't use extended attributes by default: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c125d24762962d91050d925fbbd9e6f30b2302f8 NOTE: Introduced by: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=a933bdd31eee9c956a3b5cc142f004ef1fa94cb3 (v1.19) CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...) - {DLA-1623-1} + {DLA-2830-1 DLA-1623-1} - tar 1.30+dfsg-3.1 (bug #917377) NOTE: https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug NOTE: https://news.ycombinator.com/item?id=18745431 diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index f65ba3eb82..3353b738b3 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -9230,7 +9230,7 @@ CVE-2019-17457 CVE-2019-17456 RESERVED CVE-2019-17455 (Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequ ...) - {DLA-2207-1} + {DLA-2831-1 DLA-2207-1} - libntlm 1.6-1 (bug #942145) [buster] - libntlm 1.5-1+deb10u1 NOTE: https://gitlab.com/jas/libntlm/issues/2 diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 802e4fc9a0..aadb9ed01d 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -21567,7 +21567,7 @@ CVE-2020-21915 CVE-2020-21914 RESERVED CVE-2020-21913 (International Components for Unicode (ICU-20850) v66.1 was discovered ...) - {DLA-2784-1} + {DSA-5014-1 DLA-2784-1} - icu 67.1-2 NOTE: https://github.com/unicode-org/icu/pull/886 NOTE: https://unicode-org.atlassian.net/browse/ICU-20850 diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index cc2ad6df0d..de8332131c 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,5 @@ +CVE-2021-4025 + RESERVED CVE-2021-44235 RESERVED CVE-2021-44234 @@ -8657,7 +8659,7 @@ CVE-2021-40529 (The ElGamal implementation in Botan through 2.18.1, as used in T NOTE: Fixed by: https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2 NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 -CVE-2021-33560 +CVE-2021-33560 (Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encry ...) - libgcrypt20 1.9.4-2 [bullseye] - libgcrypt20 (Minor issue) [buster] - libgcrypt20 (Minor issue) @@ -24987,7 +24989,7 @@ CVE-2021-33562 (A reflected cross-site scripting (XSS) vulnerability in Shopizer NOT-FOR-US: Shopizer CVE-2021-33561 (A stored cross-site scripting (XSS) vulnerability in Shopizer before 2 ...) NOT-FOR-US: Shopizer -CVE-2021-40528 +CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext ...) {DLA-2691-1} - libgcrypt20 1.8.7-6 [buster] - libgcrypt20 1.8.4-5+deb10u1 -- cgit v1.2.3