diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-05-27 08:10:29 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-05-27 08:10:29 +0000 |
commit | 606f9e1cf2dd90e0abe359570266e192ca8ace18 (patch) | |
tree | 0565403ea2e1988a551b2c2124b874476cc63371 | |
parent | 3acc21f547bbea65416dd58c9774ca9f616bd132 (diff) |
automatic update
-rw-r--r-- | data/CVE/2008.list | 8 | ||||
-rw-r--r-- | data/CVE/2009.list | 3 | ||||
-rw-r--r-- | data/CVE/2020.list | 35 | ||||
-rw-r--r-- | data/CVE/2021.list | 156 |
4 files changed, 90 insertions, 112 deletions
diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 3dad705c6b..f58e6b4506 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -3924,7 +3924,7 @@ CVE-2008-5510 (The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support) NOTE: patch will be checked for icedove/iceape/xulrunner by Alexander for next round CVE-2008-5509 - RESERVED + REJECTED CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...) {DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1} - iceweasel 3.0.5-1 @@ -5089,9 +5089,9 @@ CVE-2008-5087 (SQL injection vulnerability in TYPO3 Another Backend Login (wrg_a CVE-2008-5086 (Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a conn ...) - libvirt 0.4.6-10 CVE-2008-5085 - RESERVED + REJECTED CVE-2008-5084 - RESERVED + REJECTED CVE-2008-5083 (In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security ...) NOT-FOR-US: Red Hat JBoss Operations Network CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS) componen ...) @@ -8935,7 +8935,7 @@ CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subs CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux ...) NOT-FOR-US: rc.sysinit on Fedora CVE-2008-3523 - RESERVED + REJECTED CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in libjasper/base/ja ...) {DSA-2080-1} - jasper 1.900.1-5.1 (medium; bug #501021) diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 869064c8a1..6a4ab35145 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -3636,8 +3636,7 @@ CVE-2009-3722 (The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem - kvm 88+dfsg-2 (low; bug #557739) NOTE: http://bugzilla.redhat.com/531660 NOTE: https://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2 -CVE-2009-3721 [ytnef buffer overflow] - RESERVED +CVE-2009-3721 (Multiple directory traversal and buffer overflow vulnerabilities were ...) - ytnef <removed> (bug #567631) [lenny] - ytnef <no-dsa> (Minor issue) NOTE: http://www.ocert.org/advisories/ocert-2009-013.html diff --git a/data/CVE/2020.list b/data/CVE/2020.list index e3b8259e57..2ffa19fba7 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -7389,8 +7389,7 @@ CVE-2020-27840 (A flaw was found in samba. Spaces used in a string around a doma NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=dbb3e65f7e382adf5fa6a6afb3d8684aca3f201a NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=9532c44baea130db74f866e1472cb871936cd3dd NOTE: Samba uses the System ldb library -CVE-2020-27839 - RESERVED +CVE-2020-27839 (A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for ...) - ceph 14.2.18-1 (bug #985670) [buster] - ceph <no-dsa> (Minor issue) [stretch] - ceph <not-affected> (dashboard introduced in 12.1.0) @@ -7424,8 +7423,7 @@ CVE-2020-27833 (A Zip Slip vulnerability was found in the oc binary in openshift CVE-2020-27832 RESERVED NOT-FOR-US: Quay -CVE-2020-27831 - RESERVED +CVE-2020-27831 (A flaw was found in Red Hat Quay, where it does not properly protect t ...) NOT-FOR-US: Quay CVE-2020-27830 (A vulnerability was found in Linux Kernel where in the spk_ttyio_recei ...) {DSA-4843-1 DLA-2557-1} @@ -12457,8 +12455,7 @@ CVE-2020-25726 CVE-2020-25725 (In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOut ...) - xpdf <not-affected> (Debian uses poppler, which is not affected) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41915 -CVE-2020-25724 - RESERVED +CVE-2020-25724 (A flaw was found in RESTEasy, where an incorrect response to an HTTP r ...) - resteasy <unfixed> - resteasy3.0 <unfixed> [bullseye] - resteasy3.0 <no-dsa> (Minor issue) @@ -12867,8 +12864,7 @@ CVE-2020-25636 (A flaw was found in Ansible Base when using the aws_ssm connecti CVE-2020-25635 (A flaw was found in Ansible Base when using the aws_ssm connection plu ...) - ansible <not-affected> (Vulnerable connection/aws_ssm plugin not included) NOTE: https://github.com/ansible-collections/community.aws/issues/222 -CVE-2020-25634 - RESERVED +CVE-2020-25634 (A flaw was found in Red Hat 3scale’s API docs URL, where it is a ...) NOT-FOR-US: 3scale CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy up to ...) - resteasy <unfixed> (bug #970585) @@ -20486,28 +20482,28 @@ CVE-2020-22030 RESERVED CVE-2020-22029 RESERVED -CVE-2020-22028 - RESERVED +CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_verticall ...) + TODO: check CVE-2020-22027 RESERVED -CVE-2020-22026 - RESERVED +CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input ...) + TODO: check CVE-2020-22025 RESERVED -CVE-2020-22024 - RESERVED +CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 func ...) + TODO: check CVE-2020-22023 RESERVED CVE-2020-22022 RESERVED -CVE-2020-22021 - RESERVED +CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function i ...) + TODO: check CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map func ...) - ffmpeg 7:4.3-2 NOTE: https://trac.ffmpeg.org/ticket/8239 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765 -CVE-2020-22019 - RESERVED +CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in ...) + TODO: check CVE-2020-22018 RESERVED CVE-2020-22017 @@ -46876,8 +46872,7 @@ CVE-2020-10697 CVE-2020-10696 (A path traversal flaw was found in Buildah in versions before 1.14.5. ...) - golang-github-containers-buildah 1.11.6-2 NOTE: https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed -CVE-2020-10695 - RESERVED +CVE-2020-10695 (An insecure modification flaw in the /etc/passwd file was found in the ...) NOTE: Red Hat specific CVE assignment for openshift/redhat-sso-7 container CVE-2020-10694 RESERVED diff --git a/data/CVE/2021.list b/data/CVE/2021.list index cf1efbd9e7..e0f1e7c24d 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,7 @@ +CVE-2021-33588 + RESERVED +CVE-2021-33587 + RESERVED CVE-2021-33585 RESERVED CVE-2021-33584 @@ -10,7 +14,7 @@ CVE-2021-33581 RESERVED CVE-2021-33580 RESERVED -CVE-2021-33586 [inspircd memory disclosure] +CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to co ...) - inspircd 3.8.1-2 (bug #989144) [buster] - inspircd <not-affected> (Vulnerable code not present) [stretch] - inspircd <not-affected> (Vulnerable code not present) @@ -238,8 +242,7 @@ CVE-2021-33482 RESERVED CVE-2021-33478 RESERVED -CVE-2021-3561 [Global buffer overflow in fig2dev/read.c in function read_objects] - RESERVED +CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bound ...) - fig2dev 1:3.2.8-3 [buster] - fig2dev <no-dsa> (Minor issue) [stretch] - fig2dev <no-dsa> (Minor issue) @@ -2080,16 +2083,14 @@ CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, wri NOTE: https://github.com/Exiv2/exiv2/pull/1657 CVE-2021-32616 RESERVED -CVE-2021-3549 - RESERVED +CVE-2021-3549 (An out of bounds flaw was found in GNU binutils objdump utility versio ...) - binutils <unfixed> (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27294 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1cfcf3004e1830f8fe9112cfcd15285508d2c2b7 NOTE: binutils not covered by security support CVE-2021-32615 (Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Inj ...) - piwigo <removed> -CVE-2021-32614 [read in memcpy() for up to 204 bytes in fill_mishblk()] - RESERVED +CVE-2021-32614 (A flaw was found in dmg2img through 20170502. fill_mishblk() does not ...) - dmg2img <unfixed> (unimportant; bug #989008) NOTE: https://github.com/Lekensteyn/dmg2img/issues/11 NOTE: Crash in CLI tool, no security impact @@ -2197,8 +2198,7 @@ CVE-2021-3544 [vhost-user-gpu: multiple memory leaks] NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01152.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01156.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01158.html -CVE-2021-3548 [OOB in dmg2img.c memcpy() causing undefined behavior] - RESERVED +CVE-2021-3548 (A flaw was found in dmg2img through 20170502. dmg2img did not validate ...) - dmg2img <unfixed> (unimportant) NOTE: https://github.com/Lekensteyn/dmg2img/issues/9 NOTE: Crash in CLI tool, no security impact @@ -3671,8 +3671,7 @@ CVE-2021-31922 (An HTTP Request Smuggling vulnerability in Pulse Secure Virtual NOT-FOR-US: Pulse Secure CVE-2021-3528 (A flaw was found in noobaa-operator in versions before 5.7.0, where in ...) NOT-FOR-US: noobaa -CVE-2021-3527 [usb: unbounded stack allocation in usbredir] - RESERVED +CVE-2021-3527 (A flaw was found in the USB redirector device (usb-redir) of QEMU. Sma ...) - qemu <unfixed> (bug #988157) [bullseye] - qemu <no-dsa> (Minor issue) [buster] - qemu <no-dsa> (Minor issue) @@ -3694,8 +3693,7 @@ CVE-2021-3523 CVE-2021-31921 RESERVED NOT-FOR-US: Istio -CVE-2021-31920 - RESERVED +CVE-2021-31920 (Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable v ...) NOT-FOR-US: Istio CVE-2021-31919 (An issue was discovered in the rkyv crate before 0.6.0 for Rust. When ...) NOT-FOR-US: Rust crate rkyv @@ -4616,8 +4614,7 @@ CVE-2021-31522 RESERVED CVE-2021-3510 RESERVED -CVE-2021-3509 - RESERVED +CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ...) - ceph <unfixed> (bug #988888) [buster] - ceph <not-affected> (Vulnerable code introduced later) [stretch] - ceph <not-affected> (Vulnerable code introduced later) @@ -6914,22 +6911,19 @@ CVE-2021-3493 (The overlayfs implementation in the linux kernel did not properly - linux 5.10.38-1 [stretch] - linux <not-affected> (Unprivileged users cannot mount overlayfs) NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1 -CVE-2021-30501 - RESERVED -CVE-2021-30500 - RESERVED +CVE-2021-30501 (An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in ...) + TODO: check +CVE-2021-30500 (Null pointer dereference was found in upx PackLinuxElf::canUnpack() in ...) - upx-ucl <unfixed> (unimportant) NOTE: https://github.com/upx/upx/issues/485 NOTE: https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc -CVE-2021-30499 - RESERVED +CVE-2021-30499 (A flaw was found in libcaca. A buffer overflow of export.c in function ...) - libcaca <unfixed> (bug #987278) [bullseye] - libcaca <no-dsa> (Minor issue) [buster] - libcaca <no-dsa> (Minor issue) [stretch] - libcaca <postponed> (Minor issue; can be fixed in next update) NOTE: https://github.com/cacalabs/libcaca/issues/54 -CVE-2021-30498 - RESERVED +CVE-2021-30498 (A flaw was found in libcaca. A heap buffer overflow in export.c in fun ...) - libcaca <unfixed> (bug #987278) [bullseye] - libcaca <no-dsa> (Minor issue) [buster] - libcaca <no-dsa> (Minor issue) @@ -7011,8 +7005,7 @@ CVE-2021-3487 (There's a flaw in the BFD library of binutils in versions before NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26946 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24 NOTE: binutils not covered by security support -CVE-2021-3486 - RESERVED +CVE-2021-3486 (GLPi 9.5.4 does not sanitize the metadata. This way its possible to in ...) - glpi <removed> NOTE: https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS CVE-2021-30475 @@ -7023,29 +7016,25 @@ CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory - aom <unfixed> (bug #988211) NOTE: https://aomedia.googlesource.com/aom/+/4efe20e99dcd9b6f8eadc8de8acc825be7416578 NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2998 -CVE-2021-30472 - RESERVED +CVE-2021-30472 (A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in Pdf ...) - libpodofo <unfixed> (bug #986794) [bullseye] - libpodofo <no-dsa> (Minor issue) [buster] - libpodofo <no-dsa> (Minor issue) [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/podofo/tickets/132/ -CVE-2021-30471 - RESERVED +CVE-2021-30471 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in Pd ...) - libpodofo <unfixed> (bug #986793) [bullseye] - libpodofo <no-dsa> (Minor issue) [buster] - libpodofo <no-dsa> (Minor issue) [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/podofo/tickets/131/ -CVE-2021-30470 - RESERVED +CVE-2021-30470 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among ...) - libpodofo <unfixed> (bug #986792) [bullseye] - libpodofo <no-dsa> (Minor issue) [buster] - libpodofo <no-dsa> (Minor issue) [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/podofo/tickets/130/ -CVE-2021-30469 - RESERVED +CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecO ...) - libpodofo <unfixed> (bug #986791) [bullseye] - libpodofo <no-dsa> (Minor issue) [buster] - libpodofo <no-dsa> (Minor issue) @@ -12371,8 +12360,8 @@ CVE-2021-28172 (There is a Path Traversal vulnerability in the file download fun NOT-FOR-US: Vangene deltaFlow E-platform CVE-2021-28171 (The Vangene deltaFlow E-platform does not take properly protective mea ...) NOT-FOR-US: Vangene deltaFlow E-platform -CVE-2021-28170 - RESERVED +CVE-2021-28170 (In the Jakarta Expression Language implementation 3.0.3 and earlier, a ...) + TODO: check CVE-2021-28169 RESERVED CVE-2021-28168 (Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains ...) @@ -18390,8 +18379,8 @@ CVE-2021-25645 (An issue was discovered in Couchbase Server before 6.0.5, 6.1.x NOT-FOR-US: Couchbase Server CVE-2021-25644 (An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 ...) NOT-FOR-US: Couchbase Server -CVE-2021-25643 - RESERVED +CVE-2021-25643 (An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 a ...) + TODO: check CVE-2021-25642 RESERVED CVE-2021-25641 @@ -19393,8 +19382,7 @@ CVE-2021-25219 RESERVED CVE-2021-25218 RESERVED -CVE-2021-25217 [A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient] - RESERVED +CVE-2021-25217 (In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 ( ...) - isc-dhcp <unfixed> NOTE: https://kb.isc.org/docs/cve-2021-25217 NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/6 @@ -24788,40 +24776,40 @@ CVE-2021-22749 RESERVED CVE-2021-22748 RESERVED -CVE-2021-22747 - RESERVED -CVE-2021-22746 - RESERVED -CVE-2021-22745 - RESERVED -CVE-2021-22744 - RESERVED -CVE-2021-22743 - RESERVED -CVE-2021-22742 - RESERVED -CVE-2021-22741 - RESERVED -CVE-2021-22740 - RESERVED -CVE-2021-22739 - RESERVED -CVE-2021-22738 - RESERVED -CVE-2021-22737 - RESERVED -CVE-2021-22736 - RESERVED -CVE-2021-22735 - RESERVED -CVE-2021-22734 - RESERVED -CVE-2021-22733 - RESERVED -CVE-2021-22732 - RESERVED -CVE-2021-22731 - RESERVED +CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) + TODO: check +CVE-2021-22746 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) + TODO: check +CVE-2021-22745 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) + TODO: check +CVE-2021-22744 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) + TODO: check +CVE-2021-22743 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) + TODO: check +CVE-2021-22742 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) + TODO: check +CVE-2021-22741 (Use of Password Hash with Insufficient Computational Effort vulnerabil ...) + TODO: check +CVE-2021-22740 (Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) ...) + TODO: check +CVE-2021-22739 (Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) ...) + TODO: check +CVE-2021-22738 (Use of a Broken or Risky Cryptographic Algorithm vulnerability exists ...) + TODO: check +CVE-2021-22737 (Insufficiently Protected Credentials vulnerability exists in homeLYnk ...) + TODO: check +CVE-2021-22736 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2021-22735 (Improper Verification of Cryptographic Signature vulnerability exists ...) + TODO: check +CVE-2021-22734 (Improper Verification of Cryptographic Signature vulnerability exists ...) + TODO: check +CVE-2021-22733 (Improper Privilege Management vulnerability exists in homeLYnk (Wiser ...) + TODO: check +CVE-2021-22732 (Improper Privilege Management vulnerability exists in homeLYnk (Wiser ...) + TODO: check +CVE-2021-22731 (Weak Password Recovery Mechanism for Forgotten Password vulnerability ...) + TODO: check CVE-2021-22730 RESERVED CVE-2021-22729 @@ -24872,8 +24860,8 @@ CVE-2021-22707 RESERVED CVE-2021-22706 RESERVED -CVE-2021-22705 - RESERVED +CVE-2021-22705 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...) + TODO: check CVE-2021-22704 RESERVED CVE-2021-22703 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...) @@ -24884,8 +24872,8 @@ CVE-2021-22701 (A CWE-352: Cross-Site Request Forgery vulnerability exists in Po NOT-FOR-US: PowerLogic CVE-2021-22700 RESERVED -CVE-2021-22699 - RESERVED +CVE-2021-22699 (Improper Input Validation vulnerability exists in Modicon M241/M251 lo ...) + TODO: check CVE-2021-22698 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...) NOT-FOR-US: EcoStruxure Power Build CVE-2021-22697 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...) @@ -28728,7 +28716,7 @@ CVE-2021-21044 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier) NOT-FOR-US: Adobe CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross ...) NOT-FOR-US: Adobe -CVE-2021-21042 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) +CVE-2021-21042 (Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.3001 ...) NOT-FOR-US: Adobe CVE-2021-21041 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe @@ -30264,8 +30252,7 @@ CVE-2021-20299 RESERVED CVE-2021-20298 RESERVED -CVE-2021-20297 [Setting match.path and activating a profiles crashes NetworkManager] - RESERVED +CVE-2021-20297 (A flaw was found in NetworkManager in versions before 1.30.0. Setting ...) - network-manager 1.30.0-2 (bug #986809) [buster] - network-manager <not-affected> (Vulnerable code introduced later) [stretch] - network-manager <not-affected> (Vulnerable code introduced later) @@ -30783,8 +30770,7 @@ CVE-2021-20197 (There is an open race window when writing output in the followin NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=365f5fb6d0f0da83817431a275e99e6f6babbe04 NOTE: binutils not covered by security support -CVE-2021-20196 [block: fdc: null pointer dereference may lead to guest crash] - RESERVED +CVE-2021-20196 (A NULL pointer dereference flaw was found in the floppy disk emulator ...) - qemu <unfixed> (bug #984453) [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream) [buster] - qemu <postponed> (Fix along in future DSA) @@ -30808,8 +30794,7 @@ CVE-2021-20193 (A flaw was found in the src/list.c of tar 1.33 and earlier. This NOTE: Memory leak in CLI tool, no security impact CVE-2021-20192 RESERVED -CVE-2021-20191 - RESERVED +CVE-2021-20191 (A flaw was found in ansible. Credentials, such as secrets, are being d ...) - ansible <unfixed> (bug #985753) [bullseye] - ansible <no-dsa> (Minor issue) [buster] - ansible <no-dsa> (Minor issue) @@ -30867,8 +30852,7 @@ CVE-2021-20178 (A flaw was found in ansible module where credentials are disclos NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1914774 NOTE: https://github.com/ansible-collections/community.general/pull/1621 NOTE: https://github.com/ansible-collections/community.general/commit/3560aeb12f7061bf21d63ca0e1e19feb99c57de3 -CVE-2021-20177 - RESERVED +CVE-2021-20177 (A flaw was found in the Linux kernel's implementation of string matchi ...) {DSA-4843-1 DLA-2557-1} - linux 5.5.13-1 [stretch] - linux <not-affected> (Vulnerable code not present) |