automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-03-31 20:10:22 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-03-31 20:10:22 +0000
commit: 3a4c33893741305358904702d1b063a9a5b499d6 (patch)
tree: f24760f4508d9df50d68dd3d1766ce25a13ba407
parent: 73c83c5217855aa6372713cfef05887b2b748413 (diff)
2 files changed, 112 insertions, 96 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 2d94252ad0..fbe0d3aaa1 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -7,6 +7,7 @@ CVE-2020-36283 (HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF
 CVE-2020-36282 (JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vuln ...)
 	NOT-FOR-US: JMS Client for RabbitMQ
 CVE-2020-36281 (Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFew ...)
+	{DLA-2612-1}
 	- leptonlib <unfixed> (bug #985089)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140
 	NOTE: https://github.com/DanBloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5
@@ -16,14 +17,17 @@ CVE-2020-36280 (Leptonica before 1.80.0 allows a heap-based buffer over-read in
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23654
 	NOTE: https://github.com/DanBloomberg/leptonica/commit/5ba34b1fe741d69d43a6c8cf767756997eadd87c
 CVE-2020-36279 (Leptonica before 1.80.0 allows a heap-based buffer over-read in raster ...)
+	{DLA-2612-1}
 	- leptonlib <unfixed> (bug #985089)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512
 	NOTE: https://github.com/DanBloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4
 CVE-2020-36278 (Leptonica before 1.80.0 allows a heap-based buffer over-read in findNe ...)
+	{DLA-2612-1}
 	- leptonlib <unfixed> (bug #985089)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433
 	NOTE: https://github.com/DanBloomberg/leptonica/commit/8d6e1755518cfb98536d6c3daf0601f226d16842
 CVE-2020-36277 (Leptonica before 1.80.0 allows a denial of service (application crash) ...)
+	{DLA-2612-1}
 	- leptonlib <unfixed> (bug #985089)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21997
 	NOTE: https://github.com/DanBloomberg/leptonica/pull/499
@@ -6306,10 +6310,10 @@ CVE-2020-28175 (There is a local privilege escalation vulnerability in Alfredo M
 	NOT-FOR-US: Alfredo Milani Comparetti SpeedFan
 CVE-2020-28174
 	RESERVED
-CVE-2020-28173
-	RESERVED
-CVE-2020-28172
-	RESERVED
+CVE-2020-28173 (Simple College Website 1.0 allows a user to conduct remote code execut ...)
+	TODO: check
+CVE-2020-28172 (A SQL injection vulnerability in Simple College Website 1.0 allows rem ...)
+	TODO: check
 CVE-2020-28171
 	RESERVED
 CVE-2020-28170
@@ -7057,6 +7061,7 @@ CVE-2020-27841 (There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib
 	NOTE: https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce  (v2.4.0)
 CVE-2020-27840 [Heap corruption via crafted DN strings]
 	RESERVED
+	{DLA-2611-1}
 	- ldb 2:2.2.0-3.1 (bug #985936)
 	- samba <unfixed> (unimportant)
 	NOTE: https://www.samba.org/samba/security/CVE-2020-27840.html
@@ -51927,18 +51932,18 @@ CVE-2020-8287 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow t
 	NOTE: https://nodejs.org/en/blog/release/v10.23.1/
 	NOTE: https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e (v10.23.1)
 CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check for cert ...)
-	{DLA-2500-1}
+	{DSA-4881-1 DLA-2500-1}
 	- curl 7.74.0-1 (bug #977161)
 	NOTE: https://curl.se/docs/CVE-2020-8286.html
 	NOTE: https://github.com/curl/curl/commit/d9d01672785b8ac04aab1abb6de95fe3072ae199 (curl-7_74_0)
 CVE-2020-8285 (curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recu ...)
-	{DLA-2500-1}
+	{DSA-4881-1 DLA-2500-1}
 	- curl 7.74.0-1 (bug #977162)
 	NOTE: https://curl.se/docs/CVE-2020-8285.html
 	NOTE: https://github.com/curl/curl/issues/6255
 	NOTE: https://github.com/curl/curl/commit/69a358f2186e04cf44698b5100332cbf1ee7f01d (curl-7_74_0)
 CVE-2020-8284 (A malicious server can use the FTP PASV response to trick curl 7.73.0  ...)
-	{DLA-2500-1}
+	{DSA-4881-1 DLA-2500-1}
 	- curl 7.74.0-1 (bug #977163)
 	NOTE: https://curl.se/docs/CVE-2020-8284.html
 	NOTE: https://github.com/curl/curl/commit/ec9cc725d598ac77de7b6df8afeec292b3c8ad46 (curl-7_74_0)
@@ -52074,7 +52079,7 @@ CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware &
 CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwitch f ...)
 	NOT-FOR-US: Edgeswitch
 CVE-2020-8231 (Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can us ...)
-	{DLA-2382-1}
+	{DSA-4881-1 DLA-2382-1}
 	- curl 7.72.0-1 (bug #968831)
 	NOTE: https://curl.haxx.se/docs/CVE-2020-8231.html
 	NOTE: https://github.com/curl/curl/pull/5824
@@ -52212,7 +52217,7 @@ CVE-2020-8178 (Insufficient input validation in npm package `jison` &lt;= 0.4.18
 	NOTE: https://hackerone.com/reports/690010
 	NOTE: ports/ is stripped/excluded in the src:node-jison source package.
 CVE-2020-8177 (curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of na ...)
-	{DLA-2295-1}
+	{DSA-4881-1 DLA-2295-1}
 	- curl 7.72.0-1 (bug #965281)
 	NOTE: https://curl.haxx.se/docs/CVE-2020-8177.html
 	NOTE: https://github.com/curl/curl/commit/8236aba58542c5f89f1d41ca09d84579efb05e22 (7.71.0)
@@ -52236,6 +52241,7 @@ CVE-2020-8171 (We have recently released new version of AirMax AirOS firmware v6
 CVE-2020-8170 (We have recently released new version of AirMax AirOS firmware v6.3.0  ...)
 	NOT-FOR-US: AirMax AirOS
 CVE-2020-8169 (curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure  ...)
+	{DSA-4881-1}
 	- curl 7.72.0-1 (bug #965280)
 	[stretch] - curl <not-affected> (Vulnerable code introduced later)
 	[jessie] - curl <not-affected> (Vulnerable code introduced later)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 3ed1645734..e8a37cc26d 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,21 @@
+CVE-2021-29663 (CourseMS (aka Course Registration Management System) 2.1 is affected b ...)
+	TODO: check
+CVE-2021-29661
+	RESERVED
+CVE-2021-29660
+	RESERVED
+CVE-2021-29659
+	RESERVED
+CVE-2021-29658 (The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Co ...)
+	TODO: check
+CVE-2021-29657
+	RESERVED
+CVE-2021-29656
+	RESERVED
+CVE-2021-29655
+	RESERVED
+CVE-2021-29654
+	RESERVED
 CVE-2021-29653
 	RESERVED
 CVE-2021-29652
@@ -25,17 +43,16 @@ CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11. tipc
 	NOTE: https://git.kernel.org/linus/0217ed2848e8538bcf9172d97ed2eeb4a26041bb
 CVE-2021-3480
 	RESERVED
-CVE-2021-3479 [Out-of-memory caused by allocation of a very large buffer]
-	RESERVED
+CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in versions bef ...)
 	- openexr <unfixed>
 	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/830
-CVE-2021-3478
-	RESERVED
-CVE-2021-3477
-	RESERVED
+CVE-2021-3478 (There's a flaw in OpenEXR's scanline input file functionality in versi ...)
+	TODO: check
+CVE-2021-3477 (There's a flaw in OpenEXR's deep tile sample size calculations in vers ...)
+	TODO: check
 CVE-2021-29645
 	RESERVED
 CVE-2021-29644
@@ -493,7 +510,7 @@ CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafte
 	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f
-CVE-2021-29662
+CVE-2021-29662 (The Data::Validate::IP module through 0.29 for Perl does not properly  ...)
 	- libdata-validate-ip-perl <unfixed>
 	NOTE: Documentation update: https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e
 CVE-2021-29424 (The Net::Netmask module before 2.0000 for Perl does not properly consi ...)
@@ -849,8 +866,7 @@ CVE-2021-29263
 	RESERVED
 CVE-2021-3471
 	RESERVED
-CVE-2021-3470 [potential heap overflow when using a heap allocator other than jemalloc or glibc's malloc]
-	RESERVED
+CVE-2021-3470 (A heap overflow issue was found in Redis in versions before 5.0.10, be ...)
 	- redis 5:6.0.9-1 (unimportant)
 	NOTE: https://github.com/redis/redis/pull/7963
 	NOTE: https://github.com/redis/redis/commit/9824fe3e392caa04dc1b4071886e9ac402dd6d95
@@ -2172,8 +2188,7 @@ CVE-2021-28659
 	RESERVED
 CVE-2021-28658
 	RESERVED
-CVE-2021-28657 [Infinite loop]
-	RESERVED
+CVE-2021-28657 (A carefully crafted or corrupt file may trigger an infinite loop in Ti ...)
 	- tika <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/30/3
 CVE-2021-28656
@@ -3054,8 +3069,8 @@ CVE-2021-28247 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager t
 	NOT-FOR-US: CA eHealth Performance Manager
 CVE-2021-28246 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
 	NOT-FOR-US: CA eHealth Performance Manager
-CVE-2021-28245
-	RESERVED
+CVE-2021-28245 (PbootCMS 3.0.4 contains a SQL injection vulnerability through index.ph ...)
+	TODO: check
 CVE-2021-28244
 	RESERVED
 CVE-2021-28243
@@ -12708,12 +12723,10 @@ CVE-2021-23990
 	RESERVED
 CVE-2021-23989
 	RESERVED
-CVE-2021-23988
-	RESERVED
+CVE-2021-23988 (Mozilla developers reported memory safety bugs present in Firefox 86.  ...)
 	- firefox 87.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23988
-CVE-2021-23987
-	RESERVED
+CVE-2021-23987 (Mozilla developers and community members reported memory safety bugs p ...)
 	{DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1}
 	- firefox 87.0-1
 	- firefox-esr 78.9.0esr-1
@@ -12721,16 +12734,13 @@ CVE-2021-23987
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23987
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23987
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23987
-CVE-2021-23986
-	RESERVED
+CVE-2021-23986 (A malicious extension with the 'search' permission could have installe ...)
 	- firefox 87.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23986
-CVE-2021-23985
-	RESERVED
+CVE-2021-23985 (If an attacker is able to alter specific about:config values (for exam ...)
 	- firefox 87.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23985
-CVE-2021-23984
-	RESERVED
+CVE-2021-23984 (A malicious extension could have opened a popup window lacking an addr ...)
 	{DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1}
 	- firefox 87.0-1
 	- firefox-esr 78.9.0esr-1
@@ -12738,12 +12748,10 @@ CVE-2021-23984
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23984
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23984
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23984
-CVE-2021-23983
-	RESERVED
+CVE-2021-23983 (By causing a transition on a parent node by removing a CSS rule, an in ...)
 	- firefox 87.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23983
-CVE-2021-23982
-	RESERVED
+CVE-2021-23982 (Using techniques that built on the slipstream research, a malicious we ...)
 	{DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1}
 	- firefox 87.0-1
 	- firefox-esr 78.9.0esr-1
@@ -12751,8 +12759,7 @@ CVE-2021-23982
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23982
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23982
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23982
-CVE-2021-23981
-	RESERVED
+CVE-2021-23981 (A texture upload of a Pixel Buffer Object could have confused the WebG ...)
 	{DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1}
 	- firefox 87.0-1
 	- firefox-esr 78.9.0esr-1
@@ -14190,8 +14197,8 @@ CVE-2021-23350
 	RESERVED
 CVE-2021-23349
 	RESERVED
-CVE-2021-23348
-	RESERVED
+CVE-2021-23348 (This affects the package portprocesses before 1.0.5. If (attacker-cont ...)
+	TODO: check
 CVE-2021-23347 (The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0  ...)
 	NOT-FOR-US: argo-cd
 CVE-2021-23346 (This affects the package html-parse-stringify before 2.0.1; all versio ...)
@@ -14872,50 +14879,50 @@ CVE-2021-23009
 	RESERVED
 CVE-2021-23008
 	RESERVED
-CVE-2021-23007
-	RESERVED
-CVE-2021-23006
-	RESERVED
-CVE-2021-23005
-	RESERVED
-CVE-2021-23004
-	RESERVED
-CVE-2021-23003
-	RESERVED
-CVE-2021-23002
-	RESERVED
-CVE-2021-23001
-	RESERVED
-CVE-2021-23000
-	RESERVED
-CVE-2021-22999
-	RESERVED
-CVE-2021-22998
-	RESERVED
-CVE-2021-22997
-	RESERVED
-CVE-2021-22996
-	RESERVED
-CVE-2021-22995
-	RESERVED
-CVE-2021-22994
-	RESERVED
-CVE-2021-22993
-	RESERVED
-CVE-2021-22992
-	RESERVED
-CVE-2021-22991
-	RESERVED
-CVE-2021-22990
-	RESERVED
-CVE-2021-22989
-	RESERVED
-CVE-2021-22988
-	RESERVED
-CVE-2021-22987
-	RESERVED
-CVE-2021-22986
-	RESERVED
+CVE-2021-23007 (On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Mi ...)
+	TODO: check
+CVE-2021-23006 (On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages ...)
+	TODO: check
+CVE-2021-23005 (On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum devi ...)
+	TODO: check
+CVE-2021-23004 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1. ...)
+	TODO: check
+CVE-2021-23003 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1. ...)
+	TODO: check
+CVE-2021-23002 (When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1,  ...)
+	TODO: check
+CVE-2021-23001 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x bef ...)
+	TODO: check
+CVE-2021-23000 (On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc ...)
+	TODO: check
+CVE-2021-22999 (On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP  ...)
+	TODO: check
+CVE-2021-22998 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+	TODO: check
+CVE-2021-22997 (On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch  ...)
+	TODO: check
+CVE-2021-22996 (On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a ...)
+	TODO: check
+CVE-2021-22995 (On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability ...)
+	TODO: check
+CVE-2021-22994 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+	TODO: check
+CVE-2021-22993 (On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, ...)
+	TODO: check
+CVE-2021-22992 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+	TODO: check
+CVE-2021-22991 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+	TODO: check
+CVE-2021-22990 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+	TODO: check
+CVE-2021-22989 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+	TODO: check
+CVE-2021-22988 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+	TODO: check
+CVE-2021-22987 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+	TODO: check
+CVE-2021-22986 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+	TODO: check
 CVE-2021-22985 (On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2021-22984 (On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x  ...)
@@ -15108,6 +15115,7 @@ CVE-2021-22891
 	RESERVED
 CVE-2021-22890 [TLS 1.3 session ticket proxy host mixup]
 	RESERVED
+	{DSA-4881-1}
 	- curl <unfixed>
 	NOTE: https://curl.se/docs/CVE-2021-22890.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844
@@ -15155,6 +15163,7 @@ CVE-2021-22877 (A missing user check in Nextcloud prior to 20.0.6 inadvertently
 	- nextcloud-server <itp> (bug #941708)
 CVE-2021-22876 [Automatic referer leaks credentials]
 	RESERVED
+	{DSA-4881-1}
 	- curl <unfixed>
 	NOTE: https://curl.se/docs/CVE-2021-22876.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/7214288898f5625a6cc196e22a74232eada7861c
@@ -17002,8 +17011,8 @@ CVE-2021-21985
 	RESERVED
 CVE-2021-21984
 	RESERVED
-CVE-2021-21983
-	RESERVED
+CVE-2021-21983 (Arbitrary file write vulnerability in vRealize Operations Manager API  ...)
+	TODO: check
 CVE-2021-21982
 	RESERVED
 CVE-2021-21981
@@ -17018,8 +17027,8 @@ CVE-2021-21977
 	RESERVED
 CVE-2021-21976 (vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8. ...)
 	NOT-FOR-US: vSphere Replication
-CVE-2021-21975
-	RESERVED
+CVE-2021-21975 (Server Side Request Forgery in vRealize Operations Manager API (CVE-20 ...)
+	TODO: check
 CVE-2021-21974 (OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESX ...)
 	NOT-FOR-US: VMware
 	NOTE: Might affect src:openslp-dfsg, but removed years ago
@@ -17419,8 +17428,8 @@ CVE-2021-21784
 	RESERVED
 CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing plugin func ...)
 	TODO: check
-CVE-2021-21782
-	RESERVED
+CVE-2021-21782 (An out-of-bounds write vulnerability exists in the SGI format buffer s ...)
+	TODO: check
 CVE-2021-21781
 	RESERVED
 CVE-2021-21780
@@ -17431,14 +17440,14 @@ CVE-2021-21778
 	RESERVED
 CVE-2021-21777
 	RESERVED
-CVE-2021-21776
-	RESERVED
+CVE-2021-21776 (An out-of-bounds write vulnerability exists in the SGI Format Buffer S ...)
+	TODO: check
 CVE-2021-21775
 	RESERVED
 CVE-2021-21774
 	RESERVED
-CVE-2021-21773
-	RESERVED
+CVE-2021-21773 (An out-of-bounds write vulnerability exists in the TIFF header count-p ...)
+	TODO: check
 CVE-2021-21772 (A use-after-free vulnerability exists in the NMR::COpcPackageReader::r ...)
 	- lib3mf <unfixed> (bug #985092)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1226
@@ -18170,8 +18179,8 @@ CVE-2021-21420
 	RESERVED
 CVE-2021-21419
 	RESERVED
-CVE-2021-21418
-	RESERVED
+CVE-2021-21418 (ps_emailsubscription is a newsletter subscription module for the Prest ...)
+	TODO: check
 CVE-2021-21417
 	RESERVED
 CVE-2021-21416
@@ -20744,6 +20753,7 @@ CVE-2021-20278
 	NOT-FOR-US: Kiali
 CVE-2021-20277 [Out of bounds read in AD DC LDAP server]
 	RESERVED
+	{DLA-2611-1}
 	- ldb 2:2.2.0-3.1 (bug #985935)
 	- samba <unfixed> (unimportant)
 	NOTE: https://www.samba.org/samba/security/CVE-2021-20277.html
author	security tracker role <sectracker@soriano.debian.org>	2021-03-31 20:10:22 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-03-31 20:10:22 +0000
commit	3a4c33893741305358904702d1b063a9a5b499d6 (patch)
tree	f24760f4508d9df50d68dd3d1766ce25a13ba407
parent	73c83c5217855aa6372713cfef05887b2b748413 (diff)