From 426a58b4dafd627bb726e9af83e5e1867215abd0 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Sun, 31 Oct 2021 20:10:14 +0000 Subject: automatic update --- data/CVE/2015.list | 2 ++ data/CVE/2017.list | 2 +- data/CVE/2019.list | 26 +++++++++++++------------- data/CVE/2020.list | 21 +++++++++++++-------- data/CVE/2021.list | 10 +++++----- 5 files changed, 34 insertions(+), 27 deletions(-) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 4cdb0dfd69..35b823b2dc 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1,3 +1,5 @@ +CVE-2015-10001 + RESERVED CVE-2015-20067 RESERVED CVE-2015-20019 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index a0bd0e863f..c45ba46eec 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -45511,7 +45511,7 @@ CVE-2017-2890 (An exploitable vulnerability exists in the /api/CONFIG/restore fu CVE-2017-2889 (An exploitable Denial of Service vulnerability exists in the API daemo ...) NOT-FOR-US: Circle with Disney CVE-2017-2888 (An exploitable integer overflow vulnerability exists when creating a n ...) - {DLA-1714-2} + {DLA-2803-1 DLA-1714-2} - libsdl2 2.0.6+dfsg1-4 (bug #878264) [jessie] - libsdl2 (Minor issue) - libsdl1.2 (Issue not present, SDL_CreateRGBSurface contains further check for too large width or height) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 8f13b4d9f0..b3ea65cad5 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -19293,7 +19293,7 @@ CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a he CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in ...) NOT-FOR-US: njs CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) - {DLA-2536-1} + {DLA-2804-1 DLA-2536-1} - libsdl2 2.0.10+dfsg1-1 [buster] - libsdl2 (Minor issue) [jessie] - libsdl2 (can be fixed along with more important patches) @@ -29669,7 +29669,7 @@ CVE-2019-1010307 (GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting ( CVE-2019-1010306 (Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact ...) NOT-FOR-US: Slanger CVE-2019-1010305 (libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: I ...) - {DLA-1895-1} + {DLA-2805-1 DLA-1895-1} - libmspack 0.10.1-1 NOTE: https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d NOTE: https://github.com/kyz/libmspack/issues/27 @@ -36377,7 +36377,7 @@ CVE-2019-7640 CVE-2019-7639 (An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If P ...) NOT-FOR-US: gsi-openssh-server (OpenSSH patched with openssh-7.9p1-gsissh.patch) CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) - {DLA-2536-1 DLA-1714-1 DLA-1713-1} + {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) @@ -36386,7 +36386,7 @@ CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2) NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) - {DLA-1714-1 DLA-1713-1} + {DLA-2804-1 DLA-2803-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.6+dfsg1-4 (bug #924610) @@ -36398,7 +36398,7 @@ CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 NOTE: https://hg.libsdl.org/SDL/rev/81a4950907a0 (SDL-2) NOTE: For SDL-2 the fix for CVE-2017-2888 fixes as well CVE-2019-7637. CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) - {DLA-2536-1 DLA-1714-1 DLA-1713-1} + {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) @@ -36407,7 +36407,7 @@ CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2) NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf (SDL-2) CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) - {DLA-2536-1 DLA-1865-1 DLA-1861-1 DLA-1714-1 DLA-1713-1} + {DLA-2804-1 DLA-2536-1 DLA-1865-1 DLA-1861-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) @@ -36544,7 +36544,7 @@ CVE-2019-7580 (ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary CVE-2019-7579 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ...) NOT-FOR-US: Linksys CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) - {DLA-2536-1 DLA-1714-1 DLA-1713-1} + {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) @@ -36553,7 +36553,7 @@ CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 NOTE: https://hg.libsdl.org/SDL/rev/388987dff7bf (SDL-1.2) NOTE: https://hg.libsdl.org/SDL/rev/f9a9d6c76b21 (SDL-2) CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) - {DLA-2536-1 DLA-1714-1 DLA-1713-1} + {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) @@ -36564,7 +36564,7 @@ CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available: NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2) CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) - {DLA-1714-1 DLA-1713-1} + {DLA-2804-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) @@ -36574,7 +36574,7 @@ CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 NOTE: Proposed patch: https://bugzilla.libsdl.org/attachment.cgi?id=3620&action=diff NOTE: very similar bug to CVE-2019-7573, fix for CVE-2019-7573 is applicable to this CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) - {DLA-2536-1 DLA-1714-1 DLA-1713-1} + {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) @@ -36584,7 +36584,7 @@ CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available: NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2) CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) - {DLA-1714-1 DLA-1713-1} + {DLA-2804-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) @@ -36595,7 +36595,7 @@ CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available: NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2) CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) - {DLA-1714-1 DLA-1713-1} + {DLA-2804-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) @@ -36607,7 +36607,7 @@ CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0 NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available: NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2) CVE-2019-7572 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) - {DLA-1714-1 DLA-1713-1} + {DLA-2804-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index a80bb85763..0f3d9d656d 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -12415,10 +12415,10 @@ CVE-2020-25914 RESERVED CVE-2020-25913 RESERVED -CVE-2020-25912 - RESERVED -CVE-2020-25911 - RESERVED +CVE-2020-25912 (A XML External Entity (XXE) vulnerability was discovered in symphony\l ...) + TODO: check +CVE-2020-25911 (A XML External Entity (XXE) vulnerability was discovered in the modRes ...) + TODO: check CVE-2020-25910 RESERVED CVE-2020-25909 @@ -21139,6 +21139,7 @@ CVE-2020-22043 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b288a7eb3d963a175e177b6219c8271076ee8590 NOTE: Negligible security impact CVE-2020-22042 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) + {DSA-4998-1} - ffmpeg 7:4.4-5 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8267 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=426c16d61a9b5056a157a1a2a057a4e4d13eef84 @@ -21159,7 +21160,7 @@ CVE-2020-22038 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a NOTE: https://trac.ffmpeg.org/ticket/8285 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7c32e9cf93b712f8463573a59ed4e98fd10fa013 CVE-2020-22037 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - {DSA-4990-1} + {DSA-4998-1 DSA-4990-1} - ffmpeg 7:4.4.1-1 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8281 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7bba0dd6382e30d646cb406034a66199e071d713 @@ -21921,6 +21922,7 @@ CVE-2020-21699 CVE-2020-21698 RESERVED CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...) + {DSA-4998-1} - ffmpeg 7:4.4-5 [buster] - ffmpeg (Wait for 4.1.9) NOTE: https://trac.ffmpeg.org/ticket/8188 @@ -21942,6 +21944,7 @@ CVE-2020-21690 CVE-2020-21689 RESERVED CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...) + {DSA-4998-1} - ffmpeg 7:4.4-5 [buster] - ffmpeg (Wait for 4.1.9) NOTE: https://trac.ffmpeg.org/ticket/8186 @@ -24607,7 +24610,7 @@ CVE-2020-20455 CVE-2020-20454 RESERVED CVE-2020-20453 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccod ...) - {DSA-4990-1} + {DSA-4998-1 DSA-4990-1} - ffmpeg 7:4.4.1-1 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8003 NOTE: Negligible security impact @@ -24620,6 +24623,7 @@ CVE-2020-20451 (Denial of Service issue in FFmpeg 4.2 due to resource management NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=21265f42ecb265debe9fec1dbfd0cb7de5a8aefb NOTE: Negligible security impact CVE-2020-20450 (FFmpeg 4.2 is affected by null pointer dereference passed as argument ...) + {DSA-4998-1} [experimental] - ffmpeg 7:4.4-1 - ffmpeg 7:4.4-5 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/7993 @@ -24638,13 +24642,13 @@ CVE-2020-20448 (FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcode CVE-2020-20447 RESERVED CVE-2020-20446 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy ...) - {DSA-4990-1} + {DSA-4998-1 DSA-4990-1} - ffmpeg 7:4.4.1-1 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/7995 NOTE: Negligible security impact NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/223b5e8ac9f6461bb13ed365419ec485c5b2b002 CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, ...) - {DSA-4990-1} + {DSA-4998-1 DSA-4990-1} - ffmpeg (unimportant) NOTE: https://trac.ffmpeg.org/ticket/7996 NOTE: Negligible security impact @@ -27338,6 +27342,7 @@ CVE-2020-19144 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a d NOTE: https://gitlab.com/libtiff/libtiff/-/issues/159 NOTE: Fixed around https://gitlab.com/libtiff/libtiff/-/commit/1fb9e731ef3e4ceb7af128ce298adb271088064f (v4.1.0) CVE-2020-19143 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...) + {DSA-4997-1} - tiff 4.1.0+git201212-1 [stretch] - tiff (Vulnerable code introduced later) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2851 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 024f35d707..dc05070f58 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -11093,7 +11093,7 @@ CVE-2021-38293 CVE-2021-38292 RESERVED CVE-2021-38291 (FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) s ...) - {DSA-4990-1} + {DSA-4998-1 DSA-4990-1} - ffmpeg 7:4.4.1-1 (unimportant) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e01d306c647b5827102260b885faa223b646d2d1 NOTE: https://trac.ffmpeg.org/ticket/9312 @@ -11392,7 +11392,7 @@ CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mish CVE-2021-38172 RESERVED CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not ...) - {DSA-4990-1} + {DSA-4998-1 DSA-4990-1} - ffmpeg 7:4.4.1-1 [stretch] - ffmpeg (Wait to be fixed in buster first) NOTE: https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6 @@ -11533,7 +11533,7 @@ CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibG NOTE: https://github.com/libgd/libgd/issues/697 NOTE: https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032 CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of ...) - {DSA-4990-1 DLA-2742-1} + {DSA-4998-1 DSA-4990-1 DLA-2742-1} - ffmpeg 7:4.4.1-1 NOTE: https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1 CVE-2021-3687 @@ -22679,8 +22679,8 @@ CVE-2021-33261 RESERVED CVE-2021-33260 RESERVED -CVE-2021-33259 - RESERVED +CVE-2021-33259 (Several web interfaces in D-Link DIR-868LW 1.12b have no authenticatio ...) + TODO: check CVE-2021-33258 RESERVED CVE-2021-33257 -- cgit v1.2.3