automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-10-30 08:10:12 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-10-30 08:10:12 +0000
commit: a7a1c8bfa49d8d5bb37fa25e319c99ba26d95d81 (patch)
tree: c1b26acab6da700b4ebf6526383d4b8ecd23d364
parent: 99715a23da5cbf517451dd15579b0cd8babb4135 (diff)
6 files changed, 37 insertions, 34 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 753fd8dc94..b64b177db4 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -29104,7 +29104,7 @@ CVE-2016-1517 (OpenCV 3.0.0 allows remote attackers to cause a denial of service
 	NOTE: https://arxiv.org/pdf/1701.04739.pdf
 	NOTE: https://github.com/opencv/opencv/issues/5956
 CVE-2016-1516 (OpenCV 3.0.0 has a double free issue that allows attackers to execute  ...)
-	{DLA-1438-1 DLA-1117-1}
+	{DLA-2799-1 DLA-1438-1 DLA-1117-1}
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
 	- opencv 3.2.0+dfsg-6 (bug #872043)
 	NOTE: https://arxiv.org/pdf/1701.04739.pdf
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 0d6af96bbd..c636276170 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -2538,7 +2538,7 @@ CVE-2017-1000452 (An XML Signature Wrapping vulnerability exists in Samlify 2.2.
 CVE-2017-1000451 (fs-git is a file system like api for git repository. The fs-git versio ...)
 	NOT-FOR-US: fs-git
 CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and  ...)
-	{DLA-1438-1 DLA-1235-1}
+	{DLA-2799-1 DLA-1438-1 DLA-1235-1}
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
 	- opencv 3.2.0+dfsg-6 (bug #886282)
 	NOTE: https://github.com/opencv/opencv/issues/9723
@@ -3432,7 +3432,7 @@ CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in read_c
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853
 	NOTE: Crash in desktop tool, no/negligible security impact
 CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData fun ...)
-	{DLA-1438-1 DLA-1235-1}
+	{DLA-2799-1 DLA-1438-1 DLA-1235-1}
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
 	- opencv 3.2.0+dfsg-6 (bug #885843)
 	NOTE: https://github.com/opencv/opencv/issues/10351
@@ -17280,17 +17280,17 @@ CVE-2017-12865 (Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and
 	- connman 1.35-1 (bug #872844)
 	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71 (1.35)
 CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did ...)
-	{DLA-1438-1 DLA-1117-1}
+	{DLA-2799-1 DLA-1438-1 DLA-1117-1}
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
 	- opencv 3.2.0+dfsg-6 (bug #875345)
 	NOTE: https://github.com/opencv/opencv/issues/9372
 CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::re ...)
-	{DLA-1438-1 DLA-1117-1}
+	{DLA-2799-1 DLA-1438-1 DLA-1117-1}
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
 	- opencv 3.2.0+dfsg-6 (bug #875344)
 	NOTE: https://github.com/opencv/opencv/issues/9371
 CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffe ...)
-	{DLA-1438-1 DLA-1117-1}
+	{DLA-2799-1 DLA-1438-1 DLA-1117-1}
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
 	- opencv 3.2.0+dfsg-6 (bug #875342)
 	NOTE: https://github.com/opencv/opencv/issues/9370
@@ -18108,22 +18108,22 @@ CVE-2017-12607 (A vulnerability in OpenOffice's PPT file parser before 4.1.4, an
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12607
 	NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=334dba623dfb0c4fb2b5292c2d03741b7b33aef1
 CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
-	{DLA-1438-1 DLA-1117-1}
+	{DLA-2799-1 DLA-1438-1 DLA-1117-1}
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
 	- opencv 3.2.0+dfsg-6 (bug #872044)
 	NOTE: https://github.com/opencv/opencv/issues/9309
 CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
-	{DLA-1438-1 DLA-1117-1}
+	{DLA-2799-1 DLA-1438-1 DLA-1117-1}
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
 	- opencv 3.2.0+dfsg-6 (bug #872044)
 	NOTE: https://github.com/opencv/opencv/issues/9309
 CVE-2017-12604 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
-	{DLA-1438-1 DLA-1117-1}
+	{DLA-2799-1 DLA-1438-1 DLA-1117-1}
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
 	- opencv 3.2.0+dfsg-6 (bug #872044)
 	NOTE: https://github.com/opencv/opencv/issues/9309
 CVE-2017-12603 (OpenCV (Open Source Computer Vision Library) through 3.3 has an invali ...)
-	{DLA-1438-1 DLA-1117-1}
+	{DLA-2799-1 DLA-1438-1 DLA-1117-1}
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
 	- opencv 3.2.0+dfsg-6 (bug #872044)
 	NOTE: https://github.com/opencv/opencv/issues/9309
@@ -18135,7 +18135,7 @@ CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a d
 	[wheezy] - opencv <ignored> (Minor issue)
 	NOTE: https://github.com/opencv/opencv/issues/9311
 CVE-2017-12601 (OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer  ...)
-	{DLA-1438-1 DLA-1117-1}
+	{DLA-2799-1 DLA-1438-1 DLA-1117-1}
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
 	- opencv 3.2.0+dfsg-6 (bug #872044)
 	NOTE: https://github.com/opencv/opencv/issues/9309
@@ -18147,17 +18147,17 @@ CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a d
 	[wheezy] - opencv <ignored> (Minor issue)
 	NOTE: https://github.com/opencv/opencv/issues/9311
 CVE-2017-12599 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
-	{DLA-1438-1 DLA-1117-1}
+	{DLA-2799-1 DLA-1438-1 DLA-1117-1}
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
 	- opencv 3.2.0+dfsg-6 (bug #872044)
 	NOTE: https://github.com/opencv/opencv/issues/9309
 CVE-2017-12598 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
-	{DLA-1438-1 DLA-1117-1}
+	{DLA-2799-1 DLA-1438-1 DLA-1117-1}
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
 	- opencv 3.2.0+dfsg-6 (bug #872044)
 	NOTE: https://github.com/opencv/opencv/issues/9309
 CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
-	{DLA-1438-1 DLA-1117-1}
+	{DLA-2799-1 DLA-1438-1 DLA-1117-1}
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
 	- opencv 3.2.0+dfsg-6 (bug #872044)
 	NOTE: https://github.com/opencv/opencv/issues/9309
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 2c8688f947..7f37f2c9f4 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -42950,13 +42950,13 @@ CVE-2018-5271 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver fil
 CVE-2018-5270 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
 	NOT-FOR-US: Malwarebytes Premium
 CVE-2018-5269 (In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setP ...)
-	{DLA-1438-1 DLA-1354-1}
+	{DLA-2799-1 DLA-1438-1 DLA-1354-1}
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
 	- opencv 3.2.0+dfsg-6 (bug #886675)
 	NOTE: https://github.com/opencv/opencv/issues/10540
 	NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
 CVE-2018-5268 (In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDec ...)
-	{DLA-1438-1 DLA-1354-1}
+	{DLA-2799-1 DLA-1438-1 DLA-1354-1}
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
 	- opencv 3.2.0+dfsg-6 (bug #886674)
 	NOTE: https://github.com/opencv/opencv/issues/10541
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 54e23ec2ad..176617c1e4 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -12940,6 +12940,7 @@ CVE-2019-15941 (OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may all
 CVE-2019-15940 (Victure PC530 devices allow unauthenticated TELNET access as root. ...)
 	NOT-FOR-US: Victure PC530 devices
 CVE-2019-15939 (An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero err ...)
+	{DLA-2799-1}
 	- opencv 4.1.2+dfsg-3
 	[buster] - opencv <no-dsa> (Minor issue)
 	[jessie] - opencv <no-dsa> (Minor issue)
@@ -16935,6 +16936,7 @@ CVE-2019-14494 (An issue was discovered in Poppler through 0.78.0. There is a di
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/b224e2f5739fe61de9fa69955d016725b2a4b78d
 CVE-2019-14493 (An issue was discovered in OpenCV before 4.1.1. There is a NULL pointe ...)
+	{DLA-2799-1}
 	[experimental] - opencv 4.1.1+dfsg-1
 	- opencv 4.1.2+dfsg-3
 	[buster] - opencv <no-dsa> (Minor issue)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index af266fc8bf..d9e1c4cbb6 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -12473,8 +12473,8 @@ CVE-2020-25883
 	RESERVED
 CVE-2020-25882
 	RESERVED
-CVE-2020-25881
-	RESERVED
+CVE-2020-25881 (A vulnerability was discovered in the filename parameter in pathindex. ...)
+	TODO: check
 CVE-2020-25880
 	RESERVED
 CVE-2020-25879 (A stored cross site scripting (XSS) vulnerability in the 'Manage Users ...)
@@ -12489,10 +12489,10 @@ CVE-2020-25875 (A stored cross site scripting (XSS) vulnerability in the 'Smiley
 	NOT-FOR-US: Codoforum
 CVE-2020-25874
 	RESERVED
-CVE-2020-25873
-	RESERVED
-CVE-2020-25872
-	RESERVED
+CVE-2020-25873 (A directory traversal vulnerability in the component system/manager/cl ...)
+	TODO: check
+CVE-2020-25872 (A vulnerability exists within the FileManagerController.php function i ...)
+	TODO: check
 CVE-2020-25871
 	RESERVED
 CVE-2020-25870
@@ -50170,6 +50170,7 @@ CVE-2020-10003 (An issue existed within the path validation logic for symlinks.
 CVE-2020-10002 (A logic issue was addressed with improved state management. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2020-10001 (An input validation issue was addressed with improved memory handling. ...)
+	{DLA-2800-1}
 	- cups 2.3.3op2-1
 	[buster] - cups <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenPrinting/cups/commit/efbea1742bd30f842fbbfb87a473e5c84f4162f9 (v2.3.3op2)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 6afabc3e33..49e51ee2c2 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -57705,18 +57705,18 @@ CVE-2021-1125
 	RESERVED
 CVE-2021-1124
 	RESERVED
-CVE-2021-1123
-	RESERVED
-CVE-2021-1122
-	RESERVED
-CVE-2021-1121
-	RESERVED
-CVE-2021-1120
-	RESERVED
-CVE-2021-1119
-	RESERVED
-CVE-2021-1118
-	RESERVED
+CVE-2021-1123 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+	TODO: check
+CVE-2021-1122 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+	TODO: check
+CVE-2021-1121 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+	TODO: check
+CVE-2021-1120 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+	TODO: check
+CVE-2021-1119 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+	TODO: check
+CVE-2021-1118 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+	TODO: check
 CVE-2021-1117 (Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy ...)
 	TODO: check
 CVE-2021-1116 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
author	security tracker role <sectracker@soriano.debian.org>	2021-10-30 08:10:12 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-10-30 08:10:12 +0000
commit	a7a1c8bfa49d8d5bb37fa25e319c99ba26d95d81 (patch)
tree	c1b26acab6da700b4ebf6526383d4b8ecd23d364
parent	99715a23da5cbf517451dd15579b0cd8babb4135 (diff)