path: root/security/vuxml/vuln.xml

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE vuxml PUBLIC "-//vuxml.org//DTD VuXML 1.1//EN" "http://www.vuxml.org/dtd/vuxml-1/vuxml-11.dtd" [
<!ENTITY vuln-2003 SYSTEM "vuln-2003.xml">
<!ENTITY vuln-2004 SYSTEM "vuln-2004.xml">
<!ENTITY vuln-2005 SYSTEM "vuln-2005.xml">
<!ENTITY vuln-2006 SYSTEM "vuln-2006.xml">
<!ENTITY vuln-2007 SYSTEM "vuln-2007.xml">
<!ENTITY vuln-2008 SYSTEM "vuln-2008.xml">
<!ENTITY vuln-2009 SYSTEM "vuln-2009.xml">
<!ENTITY vuln-2010 SYSTEM "vuln-2010.xml">
<!ENTITY vuln-2011 SYSTEM "vuln-2011.xml">
<!ENTITY vuln-2012 SYSTEM "vuln-2012.xml">
<!ENTITY vuln-2013 SYSTEM "vuln-2013.xml">
<!ENTITY vuln-2014 SYSTEM "vuln-2014.xml">
<!ENTITY vuln-2015 SYSTEM "vuln-2015.xml">
<!ENTITY vuln-2016 SYSTEM "vuln-2016.xml">
<!ENTITY vuln-2017 SYSTEM "vuln-2017.xml">
<!ENTITY vuln-2018 SYSTEM "vuln-2018.xml">
<!ENTITY vuln-2019 SYSTEM "vuln-2019.xml">
<!ENTITY vuln-2020 SYSTEM "vuln-2020.xml">
]>
<!--
Copyright 2003-2021 Jacques Vidrine and contributors

Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
HTML, PDF, PostScript, RTF and so forth) with or without modification,
are permitted provided that the following conditions are met:
1. Redistributions of source code (VuXML) must retain the above
   copyright notice, this list of conditions and the following
   disclaimer as the first lines of this file unmodified.
2. Redistributions in compiled form (transformed to other DTDs,
   published online in any format, converted to PDF, PostScript,
   RTF and other formats) must reproduce the above copyright
   notice, this list of conditions and the following disclaimer
   in the documentation and/or other materials provided with the
   distribution.

THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


QUICK GUIDE TO ADDING A NEW ENTRY

1. run 'make newentry' to add a template to the top of the document
2. fill in the template
3. use 'make validate' to verify syntax correctness (you might need to install
   textproc/libxml2 for parser, and this port for catalogs)
4. fix any errors
5. use 'make VID=xxx-yyy-zzz html' to emit the entry's html file for formatting review
6. profit!

Additional tests can be done this way:
 $ make vuln-flat.xml
 $ pkg audit -f ./vuln-flat.xml py26-django-1.6
 $ pkg audit -f ./vuln-flat.xml py27-django-1.6.1

Extensive documentation of the format and help with writing and verifying
a new entry is available in The Porter's Handbook at:

  http://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html

Help is also available from ports-security@freebsd.org.

Notes:

  * Please add new entries to the beginning of this file.
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="dec7e4b6-961a-11eb-9c34-080027f515ea">
    <topic>ruby -- XML round-trip vulnerability in REXML</topic>
    <affects>
      <package>
	<name>ruby</name>
	<range><ge>2.5.0,1</ge><lt>2.5.9,1</lt></range>
	<range><ge>2.6.0,1</ge><lt>2.6.7,1</lt></range>
	<range><ge>2.7.0,1</ge><lt>2.7.3,1</lt></range>
	<range><ge>3.0.0.p1,1</ge><lt>3.0.1,1</lt></range>
      </package>
      <package>
	<name>rubygem-rexml</name>
	<range><lt>3.2.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Juho Nurminen  reports:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/">
	  <p>
	    When parsing and serializing a crafted XML document, REXML gem
	    (including the one bundled with Ruby) can create a wrong XML
	    document whose structure is different from the original one.
	    The impact of this issue highly depends on context, but it may
	    lead to a vulnerability in some programs that are using REXML.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-28965</cvename>
      <url>https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/</url>
    </references>
    <dates>
      <discovery>2021-04-05</discovery>
      <entry>2021-04-05</entry>
    </dates>
  </vuln>

  <vuln vid="bddadaa4-9227-11eb-99c5-e09467587c17">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>89.0.4389.114</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html">
	  <p>This update contains 8 security fixes, including:</p>
	  <ul>
	    <li>[1181228] High CVE-2021-21194: Use after free in screen capture.
	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2021-02-23</li>
	    <li>[1182647] High CVE-2021-21195: Use after free in V8.
	      Reported by Bohan Liu (@P4nda20371774) and Moon Liang of Tencent
	      Security Xuanwu Lab on 2021-02-26</li>
	    <li>[1175992] High CVE-2021-21196: Heap buffer overflow in
	      TabStrip. Reported by Khalil Zhani on 2021-02-08</li>
	    <li>[1173903] High CVE-2021-21197: Heap buffer overflow in
	      TabStrip. Reported by Abdulrahman Alqabandi, Microsoft Browser
	      Vulnerability Research on 2021-02-03</li>
	    <li>[1184399] High CVE-2021-21198: Out of bounds read in IPC.
	      Reported by Mark Brand of Google Project Zero on 2021-03-03</li>
	    <li>[1179635] High CVE-2021-21199: Use Use after free in Aura.
	      Reported by Weipeng Jiang (@Krace) from Codesafe Team of
	      Legendsec at Qi'anxin Group and Evangelos Foutras</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21194</cvename>
      <cvename>CVE-2021-21195</cvename>
      <cvename>CVE-2021-21196</cvename>
      <cvename>CVE-2021-21197</cvename>
      <cvename>CVE-2021-21198</cvename>
      <cvename>CVE-2021-21199</cvename>
      <url>https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html</url>
    </references>
    <dates>
      <discovery>2021-03-31</discovery>
      <entry>2021-03-31</entry>
    </dates>
  </vuln>

  <vuln vid="56abf87b-96ad-11eb-a218-001b217b3468">
    <topic>Gitlab -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.10.0</ge><lt>13.10.1</lt></range>
	<range><ge>13.9.0</ge><lt>13.9.5</lt></range>
	<range><ge>9</ge><lt>13.8.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/03/31/security-release-gitlab-13-10-1-released/">
	  <p>Arbitrary File Read During Project Import</p>
	  <p>Kroki Arbitrary File Read/Write</p>
	  <p>Stored Cross-Site-Scripting in merge requests</p>
	  <p>Access data of an internal project through a public project fork as an anonymous user</p>
	  <p>Incident metric images can be deleted by any user</p>
	  <p>Infinite Loop When a User Access a Merge Request</p>
	  <p>Stored XSS in scoped labels</p>
	  <p>Admin CSRF in System Hooks Execution Through API</p>
	  <p>Update OpenSSL dependency</p>
	  <p>Update PostgreSQL dependency</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/releases/2021/03/31/security-release-gitlab-13-10-1-released/</url>
    </references>
    <dates>
      <discovery>2021-03-31</discovery>
      <entry>2021-04-06</entry>
    </dates>
  </vuln>

  <vuln vid="1f6d97da-8f72-11eb-b3f1-005056a311d1">
    <topic>samba -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>samba411</name>
	<range><le>4.11.15</le></range>
      </package>
      <package>
	<name>samba412</name>
	<range><lt>4.12.14</lt></range>
      </package>
      <package>
	<name>samba413</name>
	<range><lt>4.13.7</lt></range>
      </package>
      <package>
	<name>samba414</name>
	<range><lt>4.14.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Samba Team reports:</p>
	<blockquote cite="https://www.samba.org/samba/history/security.html">
	  <ul>
	  <li>CVE-2020-27840: An anonymous attacker can crash the Samba AD DC
		LDAP server by sending easily crafted DNs as
		part of a bind request. More serious heap corruption
		is likely also possible.</li>
	  <li>CVE-2021-20277: User-controlled LDAP filter strings against
		the AD DC LDAP server may crash the LDAP server.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.samba.org/samba/security/CVE-2020-27840.html</url>
      <url>https://www.samba.org/samba/security/CVE-2021-20277.html</url>
      <cvename>CVE-2020-27840</cvename>
      <cvename>CVE-2021-20277</cvename>
    </references>
    <dates>
      <discovery>2021-03-24</discovery>
      <entry>2021-03-28</entry>
    </dates>
  </vuln>

  <vuln vid="80f9dbd3-8eec-11eb-b9e8-3525f51429a0">
    <topic>nettle 3.7.2 -- fix serious ECDSA signature verify bug</topic>
    <affects>
      <package>
	<name>nettle</name>
	<range><lt>3.7.2</lt></range>
      </package>
      <package>
	<name>linux-c7-nettle</name>
	<range><lt>3.7.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Niels Möller reports:</p>
	<blockquote cite="https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009458.html">
	  <p>
	    I've prepared a new bug-fix release of Nettle, a low-level
	    cryptographics library, to fix a serious bug in the function to
	    verify ECDSA signatures. Implications include an assertion failure,
	    which could be used for denial-of-service, when verifying signatures
	    on the secp_224r1 and secp521_r1 curves.
	  </p>
	  <p>
	    Even when no assert is triggered in ecdsa_verify, ECC point
	    multiplication may get invalid intermediate values as input, and
	    produce incorrect results. [...] It appears difficult to construct
	    an alleged signature that makes the function misbehave in such a way
	    that an invalid signature is accepted as valid, but such attacks
	    can't be ruled out without further analysis.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009458.html</url>
    </references>
    <dates>
      <discovery>2021-03-21</discovery>
      <entry>2021-03-27</entry>
    </dates>
  </vuln>

  <vuln vid="5a668ab3-8d86-11eb-b8d6-d4c9ef517024">
    <topic>OpenSSL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.1.1k,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20210325.txt">
	  <p>High: CA certificate check bypass with X509_V_FLAG_X509_STRICT
	    (CVE-2021-3450)<br/>The X509_V_FLAG_X509_STRICT flag enables
	    additional security checks of the certificates present in a
	    certificate chain. It is not set by default.</p>
	  <p>High: NULL pointer deref in signature_algorithms processing
	    (CVE-2021-3449)<br/>An OpenSSL TLS server may crash if sent a
	    maliciously crafted renegotiation ClientHello message from a client.
	    If a TLSv1.2 renegotiation ClientHello omits the
	    signature_algorithms extension (where it was present in the initial
	    ClientHello), but includes a signature_algorithms_cert extension
	    then a NULL pointer dereference will result, leading to a crash and
	    a denial of service attack.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.openssl.org/news/secadv/20210325.txt</url>
      <cvename>CVE-2021-3449</cvename>
      <cvename>CVE-2021-3450</cvename>
    </references>
    <dates>
      <discovery>2021-03-25</discovery>
      <entry>2021-03-26</entry>
    </dates>
  </vuln>

  <vuln vid="ec04f3d0-8cd9-11eb-bb9f-206a8a720317">
    <topic>spamassassin -- Malicious rule configuration (.cf) files can be configured to run system commands</topic>
    <affects>
      <package>
	<name>spamassassin</name>
	<range><lt>3.4.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache SpamAssassin project reports:</p>
	<blockquote cite="https://mail-archives.apache.org/mod_mbox/spamassassin-announce/202103.mbox/%3C5b7cfd35-27b7-584b-1b39-b7ff0a55f586%40apache.org%3E">
	  <p>Apache SpamAssassin 3.4.5 was recently released [1], and fixes
	     an issue of security note where malicious rule configuration (.cf)
	     files can be configured to run system commands.</p>
	  <p>In Apache SpamAssassin before 3.4.5, exploits can be injected in
	     a number of scenarios. In addition to upgrading to SA 3.4.5,
	     users should only use update channels or 3rd party .cf files from
	     trusted places.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://spamassassin.apache.org/news.html</url>
      <url>https://mail-archives.apache.org/mod_mbox/spamassassin-announce/202103.mbox/%3C5b7cfd35-27b7-584b-1b39-b7ff0a55f586%40apache.org%3E</url>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946</url>
      <cvename>CVE-2020-1946</cvename>
    </references>
    <dates>
      <discovery>2021-03-24</discovery>
      <entry>2021-03-24</entry>
    </dates>
  </vuln>

  <vuln vid="c4d2f950-8c27-11eb-a3ae-0800278d94f0">
    <topic>gitea -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.13.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea Team reports for release 1.13.6:</p>
	<blockquote cite="https://blog.gitea.io/2021/03/gitea-1.13.6-is-released/">
	  <ul>
	    <li>Fix bug on avatar middleware</li>
	    <li>Fix another clusterfuzz identified issue</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.13.5</url>
      <freebsdpr>ports/254515</freebsdpr>
    </references>
    <dates>
      <discovery>2021-03-21</discovery>
      <entry>2021-03-23</entry>
    </dates>
  </vuln>

  <vuln vid="1431a25c-8a70-11eb-bd16-0800278d94f0">
    <topic>gitea -- quoting in markdown text</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.13.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea Team reports for release 1.13.5:</p>
	<blockquote cite="https://blog.gitea.io/2021/03/gitea-1.13.5-is-released/">
	  <ul>
	    <li>Update to goldmark 1.3.3</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.13.5</url>
      <freebsdpr>ports/254130</freebsdpr>
    </references>
    <dates>
      <discovery>2021-03-20</discovery>
      <entry>2021-03-21</entry>
    </dates>
  </vuln>

  <vuln vid="76b5068c-8436-11eb-9469-080027f515ea">
    <topic>OpenSSH -- Double-free memory corruption in ssh-agent</topic>
    <affects>
      <package>
	<name>openssh-portable</name>
	<name>openssh-portable-hpn</name>
	<name>openssh-portable-gssapi</name>
	<range><ge>8.2p1,1</ge><lt>8.4p1,1_4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OpenBSD Project reports:</p>
	<blockquote cite="https://www.openssh.com/txt/release-8.5">
	  <p>
	    ssh-agent(1): fixed a double-free memory corruption that was
	    introduced in OpenSSH 8.2 . We treat all such memory faults as
	    potentially exploitable. This bug could be reached by an attacker
	    with access to the agent socket.
	  </p>
	  <p>
	    On modern operating systems where the OS can provide information
	    about the user identity connected to a socket, OpenSSH ssh-agent
	    and sshd limit agent socket access only to the originating user
	    and root. Additional mitigation may be afforded by the system's
	    malloc(3)/free(3) implementation, if it detects double-free
	    conditions.
	  </p>
	  <p>
	    The most likely scenario for exploitation is a user forwarding an
	    agent either to an account shared with a malicious user or to a
	    host with an attacker holding root access.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-28041</cvename>
      <url>https://www.openssh.com/txt/release-8.5</url>
    </references>
    <dates>
      <discovery>2021-03-03</discovery>
      <entry>2021-03-13</entry>
    </dates>
  </vuln>

  <vuln vid="50e59056-87f2-11eb-b6a2-001b217b3468">
    <topic>Gitlab -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.9.0</ge><lt>13.9.4</lt></range>
	<range><ge>13.8.0</ge><lt>13.8.6</lt></range>
	<range><ge>13.2.0</ge><lt>13.7.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gigtlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/03/17/security-release-gitlab-13-9-4-released/">
	  <p>Remote code execution via unsafe user-controlled markdown rendering options</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/releases/2021/03/17/security-release-gitlab-13-9-4-released/</url>
    </references>
    <dates>
      <discovery>2021-03-17</discovery>
      <entry>2021-03-18</entry>
    </dates>
  </vuln>

  <vuln vid="5b72b1ff-877c-11eb-bd4f-2f1d57dafe46">
    <topic>dnsmasq -- cache poisoning vulnerability in certain configurations</topic>
    <affects>
      <package>
	<name>dnsmasq</name>
	<range><lt>2.85.r1,1</lt></range>
      </package>
      <package>
	<name>dnsmasq-devel</name>
	<range><lt>2.85.r1,3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Simon Kelley reports:</p>
	<blockquote cite="https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014835.html">
	  <p>
	    [In configurations where the forwarding server address contains an @
	    character for specifying a sending interface or source address, the]
	    random source port behavior was disabled, making cache poisoning
	    attacks possible.
	  </p>
	</blockquote>
	<p>
	  This only affects configurations of the form server=1.1.1.1@em0 or
	  server=1.1.1.1@192.0.2.1, i. e. those that specify an interface to
	  send through, or an IP address to send from, or use together with
	  NetworkManager.
	</p>
      </body>
    </description>
    <references>
      <url>https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014835.html</url>
      <cvename>CVE-2021-3448</cvename>
    </references>
    <dates>
      <discovery>2021-03-17</discovery>
      <entry>2021-03-18</entry>
    </dates>
  </vuln>

  <vuln vid="b073677f-253a-41f9-bf2b-2d16072a25f6">
    <topic>minio -- MITM attack</topic>
    <affects>
      <package>
	<name>minio</name>
	<range><lt>2021.03.17.02.33.02</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>minio developer report:</p>
	<blockquote cite="https://github.com/minio/minio/security/advisories/GHSA-xr7r-7gpj-5pgp">
	  <p>
	    This is a security issue because it enables MITM modification of
	    request bodies that are meant to have integrity guaranteed by chunk
	    signatures.
	  </p>
	  <p>
	    In a PUT request using aws-chunked encoding, MinIO ordinarily
	    verifies signatures at the end of a chunk. This check can be skipped
	    if the client sends a false chunk size that is much greater than the
	    actual data sent: the server accepts and completes the request
	    without ever reaching the end of the chunk + thereby without ever
	    checking the chunk signature.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/minio/minio/security/advisories/GHSA-xr7r-7gpj-5pgp</url>
    </references>
    <dates>
      <discovery>2021-03-17</discovery>
      <entry>2021-03-17</entry>
    </dates>
  </vuln>

  <vuln vid="eeca52dc-866c-11eb-b8d6-d4c9ef517024">
    <topic>LibreSSL -- use-after-free</topic>
    <affects>
      <package>
	<name>libressl</name>
	<range><lt>3.2.4_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OpenBSD reports:</p>
	<blockquote cite="https://marc.info/?l=openbsd-announce&amp;m=161582456312832&amp;w=2">
	  <p>A TLS client using session resumption may cause a use-after-free.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://marc.info/?l=openbsd-announce&amp;m=161582456312832&amp;w=2</url>
      <url>https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/017_libssl.patch.sig</url>
    </references>
    <dates>
      <discovery>2021-03-15</discovery>
      <entry>2021-03-16</entry>
    </dates>
  </vuln>

  <vuln vid="b81ad6d6-8633-11eb-99c5-e09467587c17">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>89.0.4389.90</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html">
	  <p>This release includes 5 security fixes, including:</p>
	  <ul>
	    <li>[1167357] High CVE-2021-21191: Use after free in WebRTC.
	      Reported by raven (@raid_akame)  on 2021-01-15</li>
	    <li>[1181387] High CVE-2021-21192: Heap buffer overflow in tab
	      groups. Reported by Abdulrahman Alqabandi, Microsoft Browser
	      Vulnerability Research on 2021-02-23</li>
	    <li>[1186287] High CVE-2021-21193: Use after free in Blink.
	      Reported by Anonymous on 2021-03-09</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-11191</cvename>
      <cvename>CVE-2021-11192</cvename>
      <cvename>CVE-2021-11193</cvename>
      <url>https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html</url>
    </references>
    <dates>
      <discovery>2021-03-12</discovery>
      <entry>2021-03-16</entry>
    </dates>
  </vuln>

  <vuln vid="317487c6-85ca-11eb-80fa-14dae938ec40">
    <topic>squashfs-tools -- Integer overflow</topic>
    <affects>
      <package>
	<name>squashfs-tools</name>
	<range><lt>4.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Phillip Lougher reports:</p>
	<blockquote cite="https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1">
	  <p>Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2015-4645</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2015-4645</url>
    </references>
    <dates>
      <discovery>2017-03-17</discovery>
      <entry>2021-03-15</entry>
    </dates>
  </vuln>

  <vuln vid="72709326-81f7-11eb-950a-00155d646401">
    <topic>go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open</topic>
    <affects>
      <package>
	<name>go</name>
	<range><lt>1.16.1,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://github.com/golang/go/issues/44913">
	  <p>The Decode, DecodeElement, and Skip methods of an xml.Decoder
	    provided by xml.NewTokenDecoder may enter an infinite loop when
	    operating on a custom xml.TokenReader which returns an EOF in the
	    middle of an open XML element.</p>
	</blockquote>
	<blockquote cite="https://github.com/golang/go/issues/44916">
	  <p>The Reader.Open API, new in Go 1.16, will panic when used on a ZIP
	    archive containing files that start with "../".</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-27918</cvename>
      <url>http://golang.org/issue/44913</url>
      <cvename>CVE-2021-27919</cvename>
      <url>http://golang.org/issue/44916</url>
    </references>
    <dates>
      <discovery>2021-03-05</discovery>
      <entry>2021-03-10</entry>
    </dates>
  </vuln>

  <vuln vid="502ba001-7ffa-11eb-911c-0800278d94f0">
    <topic>gitea -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.13.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea Team reports for release 1.13.3:</p>
	<blockquote cite="https://blog.gitea.io/2021/03/gitea-1.13.3-is-released/">
	  <ul>
	    <li>Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one </li>
	  </ul>
	</blockquote>
	<p>The Gitea Team reports for release 1.13.4:</p>
	<blockquote cite="https://blog.gitea.io/2021/03/gitea-1.13.4-is-released/">
	  <ul>
	    <li>Fix issue popups</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.13.3</url>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.13.4</url>
      <freebsdpr>ports/254130</freebsdpr>
    </references>
    <dates>
      <discovery>2021-01-07</discovery>
      <entry>2021-02-06</entry>
    </dates>
  </vuln>

  <vuln vid="2dc8927b-54e0-11eb-9342-1c697a013f4b">
    <topic>mantis -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mantis-php72</name>
	<name>mantis-php73</name>
	<name>mantis-php74</name>
	<name>mantis-php80</name>
	<range><lt>2.24.4,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mantis 2.24.4 release reports:</p>
	<blockquote cite="https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&amp;version=2.24.4">
	  <p>Security and maintenance release, addressing 6 CVEs:</p>
	  <ul>
	    <li>0027726: CVE-2020-29603: disclosure of private project name</li>
	    <li>0027727: CVE-2020-29605: disclosure of private issue summary</li>
	    <li>0027728: CVE-2020-29604: full disclosure of private issue contents, including bugnotes and attachments</li>
	    <li>0027361: Private category can be access/used by a non member of a private project (IDOR)</li>
	    <li>0027779: CVE-2020-35571: XSS in helper_ensure_confirmed() calls</li>
	    <li>0026794: User Account - Takeover</li>
	    <li>0027363: Fixed in version can be changed to a version that doesn't exist</li>
	    <li>0027350: When updating an issue, a Viewer user can be set as Reporter</li>
	    <li>0027370: CVE-2020-35849: Revisions allow viewing private bugnotes id and summary</li>
	    <li>0027495: CVE-2020-28413: SQL injection in the parameter "access" on the mc_project_get_users function throught the API SOAP.</li>
	    <li>0027444: Printing unsanitized user input in install.php</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-28413</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28413</url>
      <cvename>CVE-2020-35849</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35849</url>
    </references>
    <dates>
      <discovery>2020-11-10</discovery>
      <entry>2021-03-10</entry>
    </dates>
  </vuln>

  <vuln vid="2f3cd69e-7dee-11eb-b92e-0022489ad614">
    <topic>Node.js -- February 2021 Security Releases</topic>
    <affects>
      <package>
	<name>node10</name>
	<range><lt>10.24.0</lt></range>
      </package>
      <package>
	<name>node12</name>
	<range><lt>12.21.0</lt></range>
      </package>
      <package>
	<name>node14</name>
	<range><lt>14.16.0</lt></range>
      </package>
      <package>
	<name>node</name>
	<range><lt>15.10.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Node.js reports:</p>
	<blockquote cite="https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/">
	  <h1>HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (Critical) (CVE-2021-22883)</h1>
	  <p>Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.</p>
	  <h1>DNS rebinding in --inspect (CVE-2021-22884)</h1>
	  <p>Affected Node.js versions are vulnerable to a DNS rebinding attack when the whitelist includes "localhost6". When "localhost6" is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the "localhost6" domain. As long as the attacker uses the "localhost6" domain, they can still apply the attack described in CVE-2018-7160.</p>
	  <h1>OpenSSL - Integer overflow in CipherUpdate (CVE-2021-23840)</h1>
	  <p>This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210216.txt</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/</url>
      <cvename>CVE-2021-22883</cvename>
      <cvename>CVE-2021-22884</cvename>
      <cvename>CVE-2021-23840</cvename>
    </references>
    <dates>
      <discovery>2021-02-23</discovery>
      <entry>2021-03-09</entry>
    </dates>
  </vuln>

  <vuln vid="8bf856ea-7df7-11eb-9aad-001b217b3468">
    <topic>Gitlab -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.9.0</ge><lt>13.9.2</lt></range>
	<range><ge>13.8.0</ge><lt>13.8.5</lt></range>
	<range><lt>13.7.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/">
	  <p>JWT token leak via Workhorse</p>
	  <p>Stored XSS in wiki pages</p>
	  <p>Group Maintainers are able to use the Group CI/CD Variables API</p>
	  <p>Insecure storage of GitLab session keys</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/</url>
      <cvename>CVE-2021-22185</cvename>
      <cvename>CVE-2021-22186</cvename>
    </references>
    <dates>
      <discovery>2021-03-04</discovery>
      <entry>2021-03-05</entry>
    </dates>
  </vuln>

  <vuln vid="9e8f0766-7d21-11eb-a2be-001999f8d30b">
    <topic>asterisk -- Crash when negotiating T.38 with a zero port</topic>
    <affects>
      <package>
	<name>asterisk16</name>
	<range><lt>16.16.2</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><lt>18.2.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
	  <p>When Asterisk sends a re-invite initiating T.38 faxing
	  and the endpoint responds with a m=image line and zero
	  port, a crash will occur in Asterisk. This is a reoccurrence
	  of AST-2019-004.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-15297</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2021-006.html</url>
    </references>
    <dates>
      <discovery>2021-02-20</discovery>
      <entry>2021-03-04</entry>
    </dates>
  </vuln>

  <vuln vid="f00b65d8-7ccb-11eb-b3be-e09467587c17">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>89.0.4389.72</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html">
	  <p>This release includes 47 security fixes, including the below.
	  Google is aware of reports that an exploit for CVE-2021-21166 exists
	  in the wild.</p>
	  <ul>
	    <li>[1171049] High CVE-2021-21159: Heap buffer overflow in
	      TabStrip. Reported by Khalil Zhani on 2021-01-27</li>
	    <li>[1170531] High CVE-2021-21160: Heap buffer overflow in
	      WebAudio. Reported by Marcin 'Icewall' Noga of Cisco Talos on
	      2021-01-25</li>
	    <li>[1173702] High CVE-2021-21161: Heap buffer overflow in
	      TabStrip. Reported by Khalil Zhani on 2021-02-02</li>
	    <li>[1172054] High CVE-2021-21162: Use after free in WebRTC.
	      Reported by Anonymous on 2021-01-29</li>
	    <li>[1111239] High CVE-2021-21163: Insufficient data validation in
	      Reader Mode. Reported by Alison Huffman, Microsoft Browser
	      Vulnerability Research on 2020-07-30</li>
	    <li>[1164846] High CVE-2021-21164: Insufficient data validation in
	      Chrome for iOS. Reported by Muneaki Nishimura (nishimunea) on
	      2021-01-11</li>
	    <li>[1174582] High CVE-2021-21165: Object lifecycle issue in audio.
	      Reported by Alison Huffman, Microsoft Browser Vulnerability
	      Research on 2021-02-04</li>
	    <li>[1177465] High CVE-2021-21166: Object lifecycle issue in audio.
	      Reported by Alison Huffman, Microsoft Browser Vulnerability
	      Research on 2021-02-11</li>
	    <li>[1161144] Medium CVE-2021-21167: Use after free in bookmarks.
	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2020-12-22</li>
	    <li>[1152226] Medium CVE-2021-21168: Insufficient policy
	      enforcement in appcache. Reported by Luan Herrera (@lbherrera_)
	      on 2020-11-24</li>
	    <li>[1166138] Medium CVE-2021-21169: Out of bounds memory access in
	      V8. Reported by Bohan Liu (@P4nda20371774) and Moon Liang of
	      Tencent Security Xuanwu Lab on 2021-01-13</li>
	    <li>[1111646] Medium CVE-2021-21170: Incorrect security UI in
	      Loader. Reported by David Erceg on 2020-07-31</li>
	    <li>[1152894] Medium CVE-2021-21171: Incorrect security UI in
	      TabStrip and Navigation. Reported by Irvan Kurniawan (sourc7) on
	      2020-11-25</li>
	    <li>[1150810] Medium CVE-2021-21172: Insufficient policy
	      enforcement in File System API. Reported by Maciej Pulikowski on
	      2020-11-19</li>
	    <li>[1154250] Medium CVE-2021-21173: Side-channel information
	      leakage in Network Internals. Reported by Tom Van Goethem from
	      imec-DistriNet, KU Leuven on 2020-12-01</li>
	    <li>[1158010] Medium CVE-2021-21174: Inappropriate implementation
	      in Referrer. Reported by Ashish Gautam Kamble on 2020-12-11</li>
	    <li>[1146651] Medium CVE-2021-21175: Inappropriate implementation
	      in Site isolation. Reported by Jun Kokatsu, Microsoft Browser
	      Vulnerability Research on 2020-11-07</li>
	    <li>[1170584] Medium CVE-2021-21176: Inappropriate implementation
	      in full screen mode. Reported by Luan Herrera (@lbherrera_) on
	      2021-01-26</li>
	    <li>[1173879] Medium CVE-2021-21177: Insufficient policy
	      enforcement in Autofill. Reported by Abdulrahman Alqabandi,
	      Microsoft Browser Vulnerability Research on 2021-02-03</li>
	    <li>[1174186] Medium CVE-2021-21178: Inappropriate implementation
	      in Compositing. Reported by Japong on 2021-02-03</li>
	    <li>[1174943] Medium CVE-2021-21179: Use after free in Network
	      Internals. Reported by Anonymous on 2021-02-05</li>
	    <li>[1175507] Medium CVE-2021-21180: Use after free in tab search.
	      Reported by Abdulrahman Alqabandi, Microsoft Browser
	      Vulnerability Research on 2021-02-07</li>
	    <li>[1177875] Medium CVE-2020-27844: Heap buffer overflow in
	      OpenJPEG. Reported by Sean Campbell at Tableau on 2021-02-12</li>
	    <li>[1182767] Medium CVE-2021-21181: Side-channel information
	      leakage in autofill. Reported by Xu Lin (University of Illinois
	      at Chicago), Panagiotis Ilia (University of Illinois at Chicago),
	      Jason Polakis (University of Illinois at Chicago) on
	      2021-02-26</li>
	    <li>[1049265] Low CVE-2021-21182: Insufficient policy enforcement
	      in navigations. Reported by Luan Herrera (@lbherrera_) on
	      2020-02-05</li>
	    <li>[1105875] Low CVE-2021-21183: Inappropriate implementation in
	      performance APIs. Reported by Takashi Yoneuchi (@y0n3uchy) on
	      2020-07-15</li>
	    <li>[1131929] Low CVE-2021-21184: Inappropriate implementation in
	      performance APIs. Reported by James Hartig on 2020-09-24</li>
	    <li>[1100748] Low CVE-2021-21185: Insufficient policy enforcement
	      in extensions. Reported by David Erceg on 2020-06-30</li>
	    <li>[1153445] Low CVE-2021-21186: Insufficient policy enforcement
	      in QR scanning. Reported by dhirajkumarnifty on 2020-11-28</li>
	    <li>[1155516] Low CVE-2021-21187: Insufficient data validation in
	      URL formatting. Reported by Kirtikumar Anandrao Ramchandani on
	      2020-12-04</li>
	    <li>[1161739] Low CVE-2021-21188: Use after free in Blink. Reported
	      by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-12-24</li>
	    <li>[1165392] Low CVE-2021-21189: Insufficient policy enforcement
	      in payments. Reported by Khalil Zhani on 2021-01-11</li>
	    <li>[1166091] Low CVE-2021-21190: Uninitialized Use in PDFium.
	      Reported by Zhou Aiting(@zhouat1) of Qihoo 360 Vulcan Team on
	      2021-01-13</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21159</cvename>
      <cvename>CVE-2021-21160</cvename>
      <cvename>CVE-2021-21161</cvename>
      <cvename>CVE-2021-21162</cvename>
      <cvename>CVE-2021-21163</cvename>
      <cvename>CVE-2021-21164</cvename>
      <cvename>CVE-2021-21165</cvename>
      <cvename>CVE-2021-21166</cvename>
      <cvename>CVE-2021-21167</cvename>
      <cvename>CVE-2021-21168</cvename>
      <cvename>CVE-2021-21169</cvename>
      <cvename>CVE-2021-21170</cvename>
      <cvename>CVE-2021-21171</cvename>
      <cvename>CVE-2021-21172</cvename>
      <cvename>CVE-2021-21173</cvename>
      <cvename>CVE-2021-21174</cvename>
      <cvename>CVE-2021-21175</cvename>
      <cvename>CVE-2021-21176</cvename>
      <cvename>CVE-2021-21177</cvename>
      <cvename>CVE-2021-21178</cvename>
      <cvename>CVE-2021-21179</cvename>
      <cvename>CVE-2021-21180</cvename>
      <cvename>CVE-2021-21181</cvename>
      <cvename>CVE-2021-21182</cvename>
      <cvename>CVE-2021-21183</cvename>
      <cvename>CVE-2021-21184</cvename>
      <cvename>CVE-2021-21185</cvename>
      <cvename>CVE-2021-21186</cvename>
      <cvename>CVE-2021-21187</cvename>
      <cvename>CVE-2021-21188</cvename>
      <cvename>CVE-2021-21189</cvename>
      <cvename>CVE-2021-21190</cvename>
      <cvename>CVE-2020-27844</cvename>
      <url>https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2021-03-02</discovery>
      <entry>2021-03-04</entry>
    </dates>
  </vuln>

  <vuln vid="3a469cbc-7a66-11eb-bd3f-08002728f74c">
    <topic>jasper -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>jasper</name>
	<range><lt>2.0.25</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>JasPer Releases:</p>
	<blockquote cite="https://github.com/jasper-software/jasper/releases">
	  <p>- Fix memory-related bugs in the JPEG-2000 codec resulting from
	    attempting to decode invalid code streams. (#264, #265)</p>
	  <p>  This fix is associated with CVE-2021-26926 and CVE-2021-26927.</p>
	  <p>- Fix wrong return value under some compilers (#260)</p>
	  <p>- Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/jasper-software/jasper/releases</url>
      <cvename>CVE-2021-26926</cvename>
      <cvename>CVE-2021-26927</cvename>
      <cvename>CVE-2021-3272</cvename>
    </references>
    <dates>
      <discovery>2021-02-07</discovery>
      <entry>2021-03-03</entry>
    </dates>
  </vuln>

  <vuln vid="a1e03a3d-7be0-11eb-b392-20cf30e32f6d">
    <topic>salt -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py36-salt-2019</name>
	<name>py37-salt-2019</name>
	<name>py38-salt-2019</name>
	<name>py36-salt</name>
	<name>py37-salt</name>
	<name>py38-salt</name>
	<name>py39-salt</name>
	<range><lt>2019.2.8</lt></range>
	<range><ge>3000</ge><lt>3002.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>SaltStack reports multiple security vulnerabilities in Salt</p>
	<blockquote cite="https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/">
	  <ul>
	  <li>CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.</li>
	  <li>CVE-2021-25281: The Salt-API does not have eAuth credentials for the wheel_async client.</li>
	  <li>CVE-2021-25282: The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.</li>
	  <li>CVE-2021-25283: The jinja renderer does not protect against server-side template injection attacks.</li>
	  <li>CVE-2021-25284: webutils write passwords in cleartext to /var/log/salt/minion</li>
	  <li>CVE-2021-3148: command injection in salt.utils.thin.gen_thin()</li>
	  <li>CVE-2020-35662: Several places where Salt was not verifying the SSL cert by default.</li>
	  <li>CVE-2021-3144: eauth Token can be used once after expiration.</li>
	  <li>CVE-2020-28972: Code base not validating SSL/TLS certificate of the server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack</li>
	  <li>CVE-2020-28243: Local Privilege Escalation in the Minion.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>"https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"</url>
      <cvename>CVE-2021-3197</cvename>
      <cvename>CVE-2021-25281</cvename>
      <cvename>CVE-2021-25282</cvename>
      <cvename>CVE-2021-25283</cvename>
      <cvename>CVE-2021-25284</cvename>
      <cvename>CVE-2021-3148</cvename>
      <cvename>CVE-2020-35662</cvename>
      <cvename>CVE-2021-3144</cvename>
      <cvename>CVE-2020-28972</cvename>
      <cvename>CVE-2020-28243</cvename>
    </references>
    <dates>
      <discovery>2021-02-25</discovery>
      <entry>2021-03-03</entry>
    </dates>
  </vuln>

  <vuln vid="52bd2d59-4ab5-4bef-a599-7aac4e92238b">
    <topic>vault -- unauthenticated license read</topic>
    <affects>
      <package>
	<name>vault</name>
	<range><lt>1.6.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>vault developers report:</p>
	<blockquote cite="https://github.com/hashicorp/vault/releases/tag/v1.6.3">
	  <p>Limited Unauthenticated License Read: We addressed a security vulnerability that allowed for the unauthenticated reading of Vault licenses from DR Secondaries.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-27668</cvename>
      <url>https://github.com/hashicorp/vault/releases/tag/v1.6.3</url>
    </references>
    <dates>
      <discovery>2021-02-26</discovery>
      <entry>2021-02-27</entry>
    </dates>
  </vuln>

  <vuln vid="31ad2f10-7711-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD -- jail_remove(2) fails to kill all jailed processes</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>12.2</ge><lt>12.2_4</lt></range>
	<range><ge>11.4</ge><lt>11.4_8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Due to a race condition in the jail_remove(2) implementation, it
	may fail to kill some of the processes.</p>
	<h1>Impact:</h1>
	<p>A process running inside a jail can avoid being killed during jail
	termination.  If a jail is subsequently started with the same root
	path, a lingering jailed process may be able to exploit the window
	during which a devfs filesystem is mounted but the jail's devfs
	ruleset has not been applied, to access device nodes which are
	ordinarily inaccessible.  If the process is privileged, it may be able
	to escape the jail and gain full access to the system.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-25581</cvename>
      <freebsdsa>SA-21:04.jail_remove</freebsdsa>
    </references>
    <dates>
      <discovery>2021-02-24</discovery>
      <entry>2021-02-25</entry>
    </dates>
  </vuln>

  <vuln vid="5b8c6e1e-770f-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD -- Xen grant mapping error handling issues</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>12.2</ge><lt>12.2_4</lt></range>
	<range><ge>11.4</ge><lt>11.4_8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Grant mapping operations often occur in batch hypercalls, where a
	number of operations are done in a single hypercall, the success or
	failure of each one reported to the backend driver, and the backend
	driver then loops over the results, performing follow-up actions
	based on the success or failure of each operation.</p>
	<p>Unfortunately, when running in HVM/PVH mode, the FreeBSD backend
	drivers mishandle this: Some errors are ignored, effectively implying
	their success from the success of related batch elements. In other
	cases, errors resulting from one batch element lead to further batch
	elements not being inspected, and hence successful ones to not be
	possible to properly unmap upon error recovery.</p>
	<h1>Impact:</h1>
	<p>A malicious or buggy frontend driver may be able to cause resource
	leaks in the domain running the corresponding backend driver.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-26932</cvename>
      <freebsdsa>SA-21:06.xen</freebsdsa>
    </references>
    <dates>
      <discovery>2021-02-24</discovery>
      <entry>2021-02-25</entry>
    </dates>
  </vuln>

  <vuln vid="bba850fd-770e-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD -- jail_attach(2) relies on the caller to change the cwd</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>12.2</ge><lt>12.2_4</lt></range>
	<range><ge>11.4</ge><lt>11.4_8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>When a process, such as jexec(8) or killall(1), calls jail_attach(2)
	to enter a jail, the jailed root can attach to it using ptrace(2) before
	the current working directory is changed.</p>
	<h1>Impact:</h1>
	<p>A process with superuser privileges running inside a jail could change
	the root directory outside of the jail, thereby gaining full read and
	writing access to all files and directories in the system.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-25582</cvename>
      <freebsdsa>SA-21:05.jail_chdir</freebsdsa>
    </references>
    <dates>
      <discovery>2021-02-24</discovery>
      <entry>2021-02-25</entry>
    </dates>
  </vuln>

  <vuln vid="a8654f1d-770d-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD -- login.access fails to apply rules</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>12.2</ge><lt>12.2_4</lt></range>
	<range><ge>11.4</ge><lt>11.4_8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>A regression in the login.access(5) rule processor has the effect
	of causing rules to fail to match even when they should not. This
	means that rules denying access may be ignored.</p>
	<h1>Impact:</h1>
	<p>The configuration in login.access(5) may not be applied, permitting
	login access to users even when the system is configured to deny it.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-25580</cvename>
      <freebsdsa>SA-21:03.pam_login_access</freebsdsa>
    </references>
    <dates>
      <discovery>2021-02-24</discovery>
      <entry>2021-02-25</entry>
    </dates>
  </vuln>

  <vuln vid="0e38b8f8-75dd-11eb-83f2-8c164567ca3c">
    <topic>redis -- Integer overflow on 32-bit systems</topic>
    <affects>
      <package>
	<name>redis-devel</name>
	<range><lt>6.2.0</lt></range>
      </package>
      <package>
	<name>redis</name>
	<range><lt>6.0.11</lt></range>
      </package>
      <package>
	<name>redis5</name>
	<range><lt>5.0.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Redis Development team reports:</p>
	<blockquote cite="https://github.com/redis/redis/releases/tag/6.2.0">
	  <p>Redis 4.0 or newer uses a configurable limit for
	  the maximum supported bulk input size. By default,
	  it is 512MB which is a safe value for all platforms.
	  If the limit is significantly increased, receiving a
	  large request from a client may trigger several
	  integer overflow scenarios, which would result with
	  buffer overflow and heap corruption.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21309</cvename>
    </references>
    <dates>
      <discovery>2021-02-22</discovery>
      <entry>2021-02-23</entry>
    </dates>
  </vuln>

  <vuln vid="3e9624b3-e92b-4460-8a5a-93247c52c5a1">
    <topic>zeek -- Remote crash vulnerability</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>3.0.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jon Siwek of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v3.0.13">
	  <p>Fix ASCII Input reader's treatment of input files
	  containing null-bytes. An input file containing null-bytes
	  could lead to a buffer-over-read, crash Zeek, and be
	  exploited to cause Denial of Service. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v3.0.13</url>
    </references>
    <dates>
      <discovery>2021-02-10</discovery>
      <entry>2021-02-22</entry>
    </dates>
  </vuln>

  <vuln vid="9c03845c-7398-11eb-bc0e-2cf05d620ecc">
    <topic>raptor2 -- malformed input file can lead to a segfault</topic>
    <affects>
      <package>
	<name>raptor2</name>
	<range><lt>2.0.15_17</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Redland Issue Tracker reports:</p>
	<blockquote cite="https://bugs.librdf.org/mantis/view.php?id=650">
	  <p>due to an out of bounds array access in
raptor_xml_writer_start_element_common.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://bugs.librdf.org/mantis/view.php?id=650</url>
    </references>
    <dates>
      <discovery>2020-11-24</discovery>
      <entry>2021-02-20</entry>
    </dates>
  </vuln>

  <vuln vid="a45d945a-cc2c-4cd7-a941-fb58fdb1b01e">
    <topic>jenkins -- Privilege escalation vulnerability in bundled Spring Security library</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.280</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2021-02-19/">
	  <h1>Description</h1>
	  <h5>(high) SECURITY-2195 / CVE-2021-22112</h5>
	  <p>Privilege escalation vulnerability in bundled Spring Security library</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.jenkins.io/security/advisory/2021-02-19/</url>
    </references>
    <dates>
      <discovery>2021-02-19</discovery>
      <entry>2021-02-20</entry>
    </dates>
  </vuln>

  <vuln vid="1bb2826b-7229-11eb-8386-001999f8d30b">
    <topic>asterisk -- Remote Crash Vulnerability in PJSIP channel driver</topic>
    <affects>
      <package>
	<name>asterisk13</name>
	<range><lt>13.38.2</lt></range>
      </package>
      <package>
	<name>asterisk16</name>
	<range><lt>16.16.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><lt>18.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
	  <p>Given a scenario where an outgoing call is placed from
	  Asterisk to a remote SIP server it is possible for a crash
	  to occur.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-26906</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2021-005.html</url>
    </references>
    <dates>
      <discovery>2021-02-08</discovery>
      <entry>2021-02-18</entry>
    </dates>
  </vuln>

  <vuln vid="ca21f5e7-7228-11eb-8386-001999f8d30b">
    <topic>asterisk -- An unsuspecting user could crash Asterisk with multiple hold/unhold requests</topic>
    <affects>
      <package>
	<name>asterisk16</name>
	<range><ge>16.16.0</ge><lt>16.16.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><ge>18.2.0</ge><lt>18.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
	  <p>Due to a signedness comparison mismatch, an authenticated
	  WebRTC client could cause a stack overflow and Asterisk
	  crash by sending multiple hold/unhold requests in quick
	  succession.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-26714</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2021-004.html</url>
    </references>
    <dates>
      <discovery>2021-02-11</discovery>
      <entry>2021-02-18</entry>
    </dates>
  </vuln>

  <vuln vid="5d8ef725-7228-11eb-8386-001999f8d30b">
    <topic>asterisk -- Remote attacker could prematurely tear down SRTP calls</topic>
    <affects>
      <package>
	<name>asterisk13</name>
	<range><ge>13.38.1</ge><lt>13.38.2</lt></range>
      </package>
      <package>
	<name>asterisk16</name>
	<range><ge>16.16.0</ge><lt>16.16.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><ge>18.2.0</ge><lt>18.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
	  <p>An unauthenticated remote attacker could replay SRTP
	  packets which could cause an Asterisk instance configured
	  without strict RTP validation to tear down calls
	  prematurely.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-26712</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2021-003.html</url>
    </references>
    <dates>
      <discovery>2021-02-18</discovery>
      <entry>2021-02-18</entry>
    </dates>
  </vuln>

  <vuln vid="e3894955-7227-11eb-8386-001999f8d30b">
    <topic>asterisk -- Remote crash possible when negotiating T.38</topic>
    <affects>
      <package>
	<name>asterisk16</name>
	<range><ge>16.15.0</ge><lt>16.16.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><ge>18.1.0</ge><lt>18.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
	  <p>When re-negotiating for T.38 if the initial remote
	  response was delayed just enough Asterisk would send both
	  audio and T.38 in the SDP. If this happened, and the
	  remote responded with a declined T.38 stream then Asterisk
	  would crash.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-26717</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2021-002.html</url>
    </references>
    <dates>
      <discovery>2021-02-05</discovery>
      <entry>2021-02-18</entry>
    </dates>
  </vuln>

  <vuln vid="b330db5f-7225-11eb-8386-001999f8d30b">
    <topic>asterisk -- Remote crash in res_pjsip_diversion</topic>
    <affects>
      <package>
	<name>asterisk13</name>
	<range><ge>13.38.1</ge><lt>13.38.2</lt></range>
      </package>
      <package>
	<name>asterisk16</name>
	<range><ge>16.15.1</ge><lt>16.16.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><ge>18.1.1</ge><lt>18.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
	  <p>If a registered user is tricked into dialing a malicious
	  number that sends lots of 181 responses to Asterisk, each
	  one will cause a 181 to be sent back to the original
	  caller with an increasing number of entries in the
	  "Supported" header. Eventually the number of entries in
	  the header exceeds the size of the entry array and causes
	  a crash.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-35776</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2021-001.html</url>
    </references>
    <dates>
      <discovery>2021-01-04</discovery>
      <entry>2021-02-18</entry>
    </dates>
  </vuln>

  <vuln vid="8e670b85-706e-11eb-abb2-08002728f74c">
    <topic>Rails -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>rubygem-activerecord52</name>
	<range><lt>5.2.4.5</lt></range>
      </package>
      <package>
	<name>rubygem-actionpack60</name>
	<name>rubygem-activerecord60</name>
	<range><lt>6.0.3.5</lt></range>
      </package>
      <package>
	<name>rubygem-actionpack61</name>
	<name>rubygem-activerecord61</name>
	<range><lt>6.1.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Ruby on Rails blog:</p>
	<blockquote cite="https://weblog.rubyonrails.org/2021/2/10/Rails-5-2-4-5-6-0-3-5-and-6-1-2-1-have-been-released/">
	  <p>Rails version 5.2.4.5, 6.0.3.5 and 6.1.2.1 have been released! Those
	    version are security releases and addresses two issues:</p>
	  <p>CVE-2021-22880: Possible DoS Vulnerability in Active Record PostgreSQL adapter.</p>
	  <p>CVE-2021-22881: Possible Open Redirect in Host Authorization Middleware.</p>
	  <p></p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://weblog.rubyonrails.org/2021/2/10/Rails-5-2-4-5-6-0-3-5-and-6-1-2-1-have-been-released/</url>
      <url>https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129</url>
      <url>https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130</url>
      <cvename>CVE-2021-22880</cvename>
      <cvename>CVE-2021-22881</cvename>
    </references>
    <dates>
      <discovery>2021-02-10</discovery>
      <entry>2021-02-17</entry>
    </dates>
  </vuln>

  <vuln vid="48514901-711d-11eb-9846-e09467587c17">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>88.0.4324.182</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html">
	  <p>This release contains 10 security fixes, including:</p>
	  <ul>
	    <li>[1138143] High CVE-2021-21149: Stack overflow in Data Transfer.
	      Reported by Ryoya Tsukasaki on 2020-10-14</li>
	    <li>[1172192] High CVE-2021-21150: Use after free in Downloads.
	     Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2021-01-29</li>
	    <li>[1165624] High CVE-2021-21151: Use after free in Payments.
	      Reported by Khalil Zhani on 2021-01-12</li>
	    <li>[1166504] High CVE-2021-21152: Heap buffer overflow in Media.
	      Reported by Anonymous on 2021-01-14</li>
	    <li>[1155974] High CVE-2021-21153: Stack overflow in GPU Process.
	      Reported by Jan Ruge of ERNW GmbH on 2020-12-06</li>
	    <li>[1173269] High CVE-2021-21154: Heap buffer overflow in Tab
	      Strip. Reported by Abdulrahman Alqabandi, Microsoft Browser
	      Vulnerability Research on 2021-02-01</li>
	    <li>[1175500] High CVE-2021-21155: Heap buffer overflow in Tab
	      Strip. Reported by Khalil Zhani on 2021-02-07</li>
	    <li>[1177341] High CVE-2021-21156: Heap buffer overflow in V8.
	      Reported by Sergei Glazunov of Google Project Zero on
	      2021-02-11</li>
	    <li>[1170657] Medium CVE-2021-21157: Use after free in Web
	      Sockets. Reported by Anonymous on 2021-01-26</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21149</cvename>
      <cvename>CVE-2021-21150</cvename>
      <cvename>CVE-2021-21151</cvename>
      <cvename>CVE-2021-21152</cvename>
      <cvename>CVE-2021-21153</cvename>
      <cvename>CVE-2021-21154</cvename>
      <cvename>CVE-2021-21155</cvename>
      <cvename>CVE-2021-21156</cvename>
      <cvename>CVE-2021-21157</cvename>
      <url>https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html</url>
    </references>
    <dates>
      <discovery>2021-02-16</discovery>
      <entry>2021-02-17</entry>
    </dates>
  </vuln>

  <vuln vid="96a21236-707b-11eb-96d8-d4c9ef517024">
    <topic>OpenSSL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.1.1j,1</lt></range>
      </package>
      <package>
	<name>openssl-devel</name>
	<range><lt>3.0.0a12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20210216.txt">
	  <p>Null pointer deref in X509_issuer_and_serial_hash()
	    CVE-2021-23841<br/>(Moderate) The OpenSSL public API function
	    X509_issuer_and_serial_hash() attempts to create a unique hash
	    value based on the issuer and serial number data contained within
	    an X509 certificate. However it fails to correctly handle any errors
	    that may occur while parsing the issuer field (which might occur if
	    the issuer field is maliciously constructed). This may subsequently
	    result in a NULL pointer deref and a crash leading to a potential
	    denial of service attack.</p>
	  <p>Integer overflow in CipherUpdate CVE-2021-23840<br/>(Low)
	    Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate
	    may overflow the output length argument in some cases where the
	    input length is close to the maximum permissable length for an
	    integer on the platform. In such cases the return value from the
	    function call will be 1 (indicating success), but the output length
	    value will be negative. This could cause applications to behave
	    incorrectly or crash.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.openssl.org/news/secadv/20210216.txt</url>
      <cvename>CVE-2021-23841</cvename>
      <cvename>CVE-2021-23840</cvename>
      <cvename>CVE-2021-23839</cvename>
    </references>
    <dates>
      <discovery>2021-02-16</discovery>
      <entry>2021-02-16</entry>
      <modified>2021-02-18</modified>
    </dates>
  </vuln>

  <vuln vid="98044aba-6d72-11eb-aed7-1b1b8a70cc8b">
    <topic>openexr, ilmbase -- security fixes related to reading corrupted input files</topic>
    <affects>
      <package>
	<name>ilmbase</name>
	<range><lt>2.5.5</lt></range>
      </package>
      <package>
	<name>openexr</name>
	<range><lt>2.5.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cary Phillips reports:</p>
	<blockquote cite="https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.5">
	  <p>Patch release with various bug/sanitizer/security fixes, primarily related to reading corrupted input files[...].</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.5</url>
    </references>
    <dates>
      <discovery>2021-02-12</discovery>
      <entry>2021-02-12</entry>
    </dates>
  </vuln>

  <vuln vid="1020d401-6d2d-11eb-ab0b-001b217b3468">
    <topic>Gitlab -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.8.0</ge><lt>13.8.4</lt></range>
	<range><ge>13.7.0</ge><lt>13.7.7</lt></range>
	<range><ge>10.5</ge><lt>13.6.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/">
	  <p>Improper Certificate Validation for Fortinet OTP</p>
	  <p>Denial of Service Attack on gitlab-shell</p>
	  <p>Resource exhaustion due to pending jobs</p>
	  <p>Confidential issue titles were exposed</p>
	  <p>Improper access control allowed demoted project members to access authored merge requests</p>
	  <p>Improper access control allowed unauthorized users to access analytic pages</p>
	  <p>Unauthenticated CI lint API may lead to information disclosure and SSRF</p>
	  <p>Prometheus integration in Gitlab may lead to SSRF</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/</url>
    </references>
    <dates>
      <discovery>2021-02-11</discovery>
      <entry>2021-02-12</entry>
    </dates>
  </vuln>

  <vuln vid="3003ba60-6cec-11eb-8815-040e3c1b8a02">
    <topic>oauth2-proxy -- domain whitelist could be used as redirect</topic>
    <affects>
      <package>
	<name>oauth2-proxy</name>
	<range><lt>7.0.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>SO-AND-SO reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2021-21291">
	  <p>In OAuth2 Proxy before version 7.0.0, for users that use the
	     whitelist domain feature, a domain that ended in a similar way to
	     the intended domain could have been allowed as a redirect.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-21291</url>
    </references>
    <dates>
      <discovery>2021-02-02</discovery>
      <entry>2021-02-12</entry>
    </dates>
  </vuln>

  <vuln vid="06a5abd4-6bc2-11eb-b292-90e2baa3bafc">
    <topic>mod_dav_svn -- server crash</topic>
    <affects>
      <package>
	<name>mod_dav_svn</name>
	<range><ge>1.9.0</ge><le>1.10.6</le></range>
	<range><ge>1.11.0</ge><le>1.14.0</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Subversion project reports:</p>
	<blockquote cite="https://subversion.apache.org/security/CVE-2020-17525-advisory.txt">
	<p>Subversion's mod_authz_svn module will crash if the server is using
	   in-repository authz rules with the AuthzSVNReposRelativeAccessFile
	   option and a client sends a request for a non-existing repository URL.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://subversion.apache.org/security/CVE-2020-17525-advisory.txt</url>
    </references>
    <dates>
      <discovery>2021-01-29</discovery>
      <entry>2021-02-10</entry>
    </dates>
  </vuln>

  <vuln vid="cdb10765-6879-11eb-a7d8-08002734b9ed">
    <topic>gitea -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.13.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea Team reports for release 1.13.2:</p>
	<blockquote cite="https://blog.gitea.io/2021/02/gitea-1.13.2-is-released/">
	  <ul>
	    <li>Prevent panic on fuzzer provided string</li>
	    <li>Add secure/httpOnly attributes to the lang cookie</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.13.2</url>
      <freebsdpr>ports/253295</freebsdpr>
    </references>
    <dates>
      <discovery>2021-01-07</discovery>
      <entry>2021-02-06</entry>
    </dates>
  </vuln>

  <vuln vid="3e01aad2-680e-11eb-83e2-e09467587c17">
    <topic>chromium -- heap buffer overflow in V8</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>88.0.4324.150</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html">
	  <p>[1170176] High CVE-2021-21148: Heap buffer overflow in V8.
	    Reported by Mattias Buelens on 2021-01-24. Google is aware of
	    reports that an exploit for CVE-2021-21148 exists in the wild.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21148</cvename>
      <url>https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html</url>
    </references>
    <dates>
      <discovery>2021-02-04</discovery>
      <entry>2021-02-05</entry>
    </dates>
  </vuln>

  <vuln vid="479fdfda-6659-11eb-83e2-e09467587c17">
    <topic>www/chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>88.0.4324.146</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html">
	  <p>This update include 6 security fixes:</p>
	  <ul>
	    <li>1169317] Critical CVE-2021-21142: Use after free in Payments.
	      Reported by Khalil Zhani on 2021-01-21</li>
	    <li>[1163504] High CVE-2021-21143: Heap buffer overflow in
	      Extensions. Reported by Allen Parker and Alex Morgan of MU on
	      2021-01-06</li>
	    <li>[1163845] High CVE-2021-21144: Heap buffer overflow in Tab
	      Groups. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2021-01-07</li>
	    <li>[1154965] High CVE-2021-21145: Use after free in Fonts. Reported
	      by Anonymous on 2020-12-03</li>
	    <li>[1161705] High CVE-2021-21146: Use after free in Navigation.
	      Reported by Alison Huffman and Choongwoo Han of Microsoft Browser
	      Vulnerability Research on 2020-12-24</li>
	    <li>[1162942] Medium CVE-2021-21147: Inappropriate implementation in
	      Skia. Reported by Roman Starkov on 2021-01-04</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-21142</cvename>
      <cvename>CVE-2021-21143</cvename>
      <cvename>CVE-2021-21144</cvename>
      <cvename>CVE-2021-21145</cvename>
      <cvename>CVE-2021-21146</cvename>
      <cvename>CVE-2021-21147</cvename>
      <url>https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2021-02-02</discovery>
      <entry>2021-02-03</entry>
    </dates>
  </vuln>

  <vuln vid="66d1c277-652a-11eb-bb3f-001b217b3468">
    <topic>Gitlab -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.8.0</ge><lt>13.8.2</lt></range>
	<range><ge>13.7.0</ge><lt>13.7.6</lt></range>
	<range><ge>11.8</ge><lt>13.6.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/">
	  <p>Stored XSS in merge request</p>
	  <p>Stored XSS in epic's pages</p>
	  <p>Sensitive GraphQL variables exposed in structured log</p>
	  <p>Guest user can see tag names in private projects</p>
	  <p>Information disclosure via error message</p>
	  <p>DNS rebinding protection bypass</p>
	  <p>Validate existence of private project</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/</url>
      <cvename>CVE-2021-22172</cvename>
      <cvename>CVE-2021-22169</cvename>
    </references>
    <dates>
      <discovery>2021-02-01</discovery>
      <entry>2021-02-02</entry>
    </dates>
  </vuln>

  <vuln vid="8ec7d426-055d-46bc-8f5a-a9d73a5a71ab">
    <topic>minio -- Server Side Request Forgery</topic>
    <affects>
      <package>
	<name>minio</name>
	<range><lt>2021.01.30.00.20.58</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Minio developers report:</p>
	<blockquote cite="https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q">
	  <p>Thanks to @phith0n from our community upon a code review, discovered an SSRF (Server Side Request Forgery) in our Browser API implementation. We have not observed this report/attack in the wild or reported elsewhere in the community at large.</p>
	  <p>All users are advised to upgrade ASAP.</p>
	  <p>The target application may have functionality for importing data from a URL, publishing data to a URL, or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal etc.).</p>
	  <p>In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running on the server will read or submit data, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like HTTP enabled databases, or perform post requests towards internal services which are not intended to be exposed.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q</url>
    </references>
    <dates>
      <discovery>2021-01-29</discovery>
      <entry>2021-01-31</entry>
    </dates>
  </vuln>

  <vuln vid="5d91370b-61fd-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD -- Xen guests can triger backend Out Of Memory</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>12.2</ge><lt>12.2_3</lt></range>
	<range><ge>12.1</ge><lt>12.1_13</lt></range>
	<range><ge>11.4</ge><lt>11.4_7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Some OSes (including Linux, FreeBSD, and NetBSD) are processing watch
	events using a single thread.  If the events are received faster than
	the thread is able to handle, they will get queued.</p>
	<p>As the queue is unbound, a guest may be able to trigger a OOM in
	the backend.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-29568</cvename>
      <freebsdsa>SA-21:02.xenoom</freebsdsa>
    </references>
    <dates>
      <discovery>2021-01-29</discovery>
      <entry>2021-01-29</entry>
    </dates>
  </vuln>

  <vuln vid="a9c6e9be-61fb-11eb-b87a-901b0ef719ab">
    <topic>FreeBSD -- Uninitialized kernel stack leaks in several file systems</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>12.2</ge><lt>12.2_3</lt></range>
	<range><ge>12.1</ge><lt>12.1_13</lt></range>
	<range><ge>11.4</ge><lt>11.4_7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Several file systems were not properly initializing the d_off field
	of the dirent structures returned by VOP_READDIR. In particular,
	tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so.
	As a result, eight uninitialized kernel stack bytes may be leaked to
	userspace by these file systems. This problem is not present in
	FreeBSD 11.</p>
	<p>Additionally, msdosfs(5) was failing to zero-fill a pair of padding
	fields in the dirent structure, resulting in a leak of three
	uninitialized bytes.</p>
	<h1>Impact:</h1>
	<p>Kernel stack disclosures may leak sensitive information which could
	be used to compromise the security of the system.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-25578</cvename>
      <cvename>CVE-2020-25579</cvename>
      <freebsdsa>SA-21:01.fsdisclosure</freebsdsa>
    </references>
    <dates>
      <discovery>2021-01-29</discovery>
      <entry>2021-01-29</entry>
    </dates>
  </vuln>

  <vuln vid="13ca36b8-6141-11eb-8a36-7085c2fb2c14">
    <topic>pngcheck -- Buffer-overrun vulnerability</topic>
    <affects>
      <package>
	<name>pngcheck</name>
	<range><lt>3.0.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The libpng project reports:</p>
	<blockquote cite="http://www.libpng.org/pub/png/apps/pngcheck.html">
	  <p>pngcheck versions 3.0.0 and earlier have a pair of buffer-overrun
	    bugs related to the sPLT and PPLT chunks (the latter is a MNG-only
	    chunk, but it gets noticed even in PNG files if the -s option is used).
	    Both bugs are fixed in version 3.0.1, released on 24 January 2021.
	    Again, while all known vulnerabilities are fixed in this version,
	    the code is quite crufty, so it would be safest to assume there are
	    still some problems hidden in there. As always, use at your own risk.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.libpng.org/pub/png/apps/pngcheck.html</url>
    </references>
    <dates>
      <discovery>2021-01-24</discovery>
      <entry>2021-01-28</entry>
    </dates>
  </vuln>

  <vuln vid="f3cf4b33-6013-11eb-9a0e-206a8a720317">
    <topic>sudo -- Multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>sudo</name>
       <range><lt>1.9.5p2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Todd C. Miller reports:</p>
       <blockquote cite="https://www.sudo.ws/stable.html#1.9.5p2">
	 <p>When invoked as sudoedit, the same set of command line options
	    are now accepted as for sudo -e. The -H and -P options are now
	    rejected for sudoedit and sudo -e which matches the sudo 1.7
	    behavior. This is part of the fix for CVE-2021-3156.</p>
	 <p>Fixed a potential buffer overflow when unescaping backslashes in
	    the command's arguments. Normally, sudo escapes special characters
	    when running a command via a shell (sudo -s or sudo -i). However,
	    it was also possible to run sudoedit with the -s or -i flags in
	    which case no escaping had actually been done, making a buffer
	    overflow possible. This fixes CVE-2021-3156.</p>
       </blockquote>
      </body>
    </description>
    <references>
      <url>https://www.sudo.ws/stable.html#1.9.5p2</url>
      <cvename>CVE-2021-3156</cvename>
    </references>
    <dates>
      <discovery>2021-01-26</discovery>
      <entry>2021-01-26</entry>
    </dates>
  </vuln>

  <vuln vid="fb67567a-5d95-11eb-a955-08002728f74c">
    <topic>pysaml2 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py36-pysaml2</name>
	<name>py37-pysaml2</name>
	<name>py38-pysaml2</name>
	<name>py39-pysaml2</name>
	<range><lt>6.5.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>pysaml2 Releases:</p>
	<blockquote cite="https://github.com/IdentityPython/pysaml2/releases">
	  <p>Fix processing of invalid SAML XML documents - CVE-2021-21238</p>
	  <p>Fix unspecified xmlsec1 key-type preference - CVE-2021-21239</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/IdentityPython/pysaml2/releases</url>
      <url>https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9</url>
      <url>https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-5p3x-r448-pc62</url>
      <cvename>CVE-2021-21238</cvename>
      <cvename>CVE-2021-21239</cvename>
    </references>
    <dates>
      <discovery>2021-01-20</discovery>
      <entry>2021-01-26</entry>
    </dates>
  </vuln>

  <vuln vid="425f2143-8876-4b0a-af84-e0238c5c2062">
    <topic>jenkins -- Arbitrary file read vulnerability in workspace browsers</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.276</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.263.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2021-01-26/">
	  <h1>Description</h1>
	  <h5>(Medium) SECURITY-2197 / CVE-2021-21615</h5>
	  <p>Arbitrary file read vulnerability in workspace browsers</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.jenkins.io/security/advisory/2021-01-26/</url>
    </references>
    <dates>
      <discovery>2021-01-26</discovery>
      <entry>2021-01-26</entry>
    </dates>
  </vuln>

  <vuln vid="387bbade-5d1d-11eb-bf20-4437e6ad11c4">
    <topic>mutt -- denial of service</topic>
    <affects>
      <package>
	<name>mutt</name>
	<range><lt>2.0.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tavis Ormandy reports:</p>
	<blockquote cite="https://gitlab.com/muttmua/mutt/-/issues/323">
	  <p>
	    rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a
	    denial of service (mailbox unavailability) by sending email messages
	    with sequences of semicolon characters in RFC822 address fields
	    (aka terminators of empty groups). A small email message from the
	    attacker can cause large memory consumption, and the victim
	    may then be unable to see email messages from other persons.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
    <url>https://gitlab.com/muttmua/mutt/-/issues/323</url>
    <cvename>CVE-2021-3181</cvename>
    </references>
    <dates>
      <discovery>2021-01-17</discovery>
      <entry>2021-01-23</entry>
    </dates>
  </vuln>

  <vuln vid="31344707-5d87-11eb-929d-d4c9ef517024">
    <topic>MySQL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mysql56-client</name>
	<range><lt>5.6.51</lt></range>
      </package>
      <package>
	<name>mysql57-client</name>
	<range><lt>5.7.33</lt></range>
      </package>
      <package>
	<name>mysql80-client</name>
	<range><lt>8.0.23</lt></range>
      </package>
      <package>
	<name>mysql56-server</name>
	<range><lt>5.6.51</lt></range>
      </package>
      <package>
	<name>mysql57-server</name>
	<range><lt>5.7.33</lt></range>
      </package>
      <package>
	<name>mysql80-server</name>
	<range><lt>8.0.23</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL">
	  <p>This Critical Patch Update contains 34 new security patches for
	    Oracle MySQL Server and 4 for MySQL Client. </p>
	  <p>The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle
	    MySQL is 6.8.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL</url>
      <url>CVE-2021-2046</url>
      <url>CVE-2021-2020</url>
      <url>CVE-2021-2024</url>
      <url>CVE-2021-2011</url>
      <url>CVE-2021-2006</url>
      <url>CVE-2021-2048</url>
      <url>CVE-2021-2028</url>
      <url>CVE-2021-2122</url>
      <url>CVE-2021-2058</url>
      <url>CVE-2021-2001</url>
      <url>CVE-2021-2016</url>
      <url>CVE-2021-2021</url>
      <url>CVE-2021-2030</url>
      <url>CVE-2021-2031</url>
      <url>CVE-2021-2036</url>
      <url>CVE-2021-2055</url>
      <url>CVE-2021-2060</url>
      <url>CVE-2021-2070</url>
      <url>CVE-2021-2076</url>
      <url>CVE-2021-2065</url>
      <url>CVE-2021-2014</url>
      <url>CVE-2021-2002</url>
      <url>CVE-2021-2012</url>
      <url>CVE-2021-2009</url>
      <url>CVE-2021-2072</url>
      <url>CVE-2021-2081</url>
      <url>CVE-2021-2022</url>
      <url>CVE-2021-2038</url>
      <url>CVE-2021-2061</url>
      <url>CVE-2021-2056</url>
      <url>CVE-2021-2087</url>
      <url>CVE-2021-2088</url>
      <url>CVE-2021-2032</url>
      <url>CVE-2021-2010</url>
      <url>CVE-2021-1998</url>
      <url>CVE-2021-2007</url>
      <url>CVE-2021-2019</url>
      <url>CVE-2021-2042</url>
    </references>
    <dates>
      <discovery>2021-01-23</discovery>
      <entry>2021-01-23</entry>
    </dates>
  </vuln>

  <vuln vid="4ed0e43c-5cef-11eb-bafd-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>88.0.4324.96</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html">
	  <p>This release contains 36 security fixes, including:</p>
	  <ul>
	    <li>[1137179] Critical CVE-2021-21117: Insufficient policy
	      enforcement in Cryptohome. Reported by Rory McNamara on
	      2020-10-10</li>
	    <li>[1161357] High CVE-2021-21118: Insufficient data validation in
	      V8. Reported by Tyler Nighswander (@tylerni7) of Theori on
	      2020-12-23</li>
	    <li>[1160534] High CVE-2021-21119: Use after free in Media. Reported
	      by Anonymous on 2020-12-20</li>
	    <li>[1160602] High CVE-2021-21120: Use after free in WebSQL.
	      Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha
	      Lab on 2020-12-21</li>
	    <li>[1161143] High CVE-2021-21121: Use after free in Omnibox.
	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2020-12-22</li>
	    <li>[1162131] High CVE-2021-21122: Use after free in Blink. Reported
	      by Renata Hodovan on 2020-12-28</li>
	    <li>[1137247] High CVE-2021-21123: Insufficient data validation in
	      File System API. Reported by Maciej Pulikowski on 2020-10-11</li>
	    <li>[1131346] High CVE-2021-21124: Potential user after free in
	      Speech Recognizer. Reported by Chaoyang Ding(@V4kst1z) from
	      Codesafe Team of Legendsec at Qi'anxin Group on 2020-09-23</li>
	    <li>[1152327] High CVE-2021-21125: Insufficient policy enforcement
	      in File System API. Reported by Ron Masas (Imperva) on
	      2020-11-24</li>
	    <li>[1163228] High CVE-2020-16044: Use after free in WebRTC.
	      Reported by Ned Williamson of Project Zero on 2021-01-05</li>
	    <li>[1108126] Medium CVE-2021-21126: Insufficient policy enforcement
	      in extensions. Reported by David Erceg on 2020-07-22</li>
	    <li>[1115590] Medium CVE-2021-21127: Insufficient policy enforcement
	      in extensions. Reported by Jasminder Pal Singh, Web Services Point
	      WSP, Kotkapura on 2020-08-12</li>
	    <li>[1138877] Medium CVE-2021-21128: Heap buffer overflow in Blink.
	      Reported by Liang Dong on 2020-10-15</li>
	    <li>[1140403] Medium CVE-2021-21129: Insufficient policy enforcement
	      in File System API. Reported by Maciej Pulikowski on
	      2020-10-20</li>
	    <li>[1140410] Medium CVE-2021-21130: Insufficient policy enforcement
	      in File System API. Reported by Maciej Pulikowski on
	      2020-10-20</li>
	    <li>[1140417] Medium CVE-2021-21131: Insufficient policy enforcement
	      in File System API. Reported by Maciej Pulikowski on
	      2020-10-20</li>
	    <li>[1128206] Medium CVE-2021-21132: Inappropriate implementation in
	      DevTools. Reported by David Erceg on 2020-09-15</li>
	    <li>[1157743] Medium CVE-2021-21133: Insufficient policy enforcement
	      in Downloads. Reported by wester0x01
	      (https://twitter.com/wester0x01) on 2020-12-11</li>
	    <li>[1157800] Medium CVE-2021-21134: Incorrect security UI in Page
	      Info. Reported by wester0x01 (https://twitter.com/wester0x01) on
	      2020-12-11</li>
	    <li>[1157818] Medium CVE-2021-21135: Inappropriate implementation in
	      Performance API. Reported by ndevtk on 2020-12-11</li>
	    <li>[1038002] Low CVE-2021-21136: Insufficient policy enforcement in
	      WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad
	      Mohammed on 2019-12-27</li>
	    <li>[1093791] Low CVE-2021-21137: Inappropriate implementation in
	      DevTools. Reported by bobblybear on 2020-06-11</li>
	    <li>[1122487] Low CVE-2021-21138: Use after free in DevTools.
	      Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec
	      at Qi'anxin Group on 2020-08-27</li>
	    <li>[1136327] Low CVE-2021-21140: Uninitialized Use in USB. Reported
	      by David Manouchehri on 2020-10-08</li>
	    <li>[1140435] Low CVE-2021-21141: Insufficient policy enforcement in
	      File System API. Reported by Maciej Pulikowski on 2020-10-20</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-16044</cvename>
      <cvename>CVE-2021-21117</cvename>
      <cvename>CVE-2021-21118</cvename>
      <cvename>CVE-2021-21119</cvename>
      <cvename>CVE-2021-21120</cvename>
      <cvename>CVE-2021-21121</cvename>
      <cvename>CVE-2021-21122</cvename>
      <cvename>CVE-2021-21123</cvename>
      <cvename>CVE-2021-21124</cvename>
      <cvename>CVE-2021-21125</cvename>
      <cvename>CVE-2021-21126</cvename>
      <cvename>CVE-2021-21127</cvename>
      <cvename>CVE-2021-21128</cvename>
      <cvename>CVE-2021-21129</cvename>
      <cvename>CVE-2021-21130</cvename>
      <cvename>CVE-2021-21131</cvename>
      <cvename>CVE-2021-21132</cvename>
      <cvename>CVE-2021-21133</cvename>
      <cvename>CVE-2021-21134</cvename>
      <cvename>CVE-2021-21135</cvename>
      <cvename>CVE-2021-21136</cvename>
      <cvename>CVE-2021-21137</cvename>
      <cvename>CVE-2021-21138</cvename>
      <cvename>CVE-2021-21139</cvename>
      <cvename>CVE-2021-21140</cvename>
      <cvename>CVE-2021-21141</cvename>
      <url>https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html</url>
    </references>
    <dates>
      <discovery>2021-01-19</discovery>
      <entry>2021-01-22</entry>
    </dates>
  </vuln>

  <vuln vid="35aef72c-5c8e-11eb-8309-4ccc6adda413">
    <topic>chocolate-doom -- Arbitrary code execution</topic>
    <affects>
      <package>
	<name>chocolate-doom</name>
	<range><lt>3.0.1</lt></range>
      </package>
      <package>
	<name>crispy-doom</name>
	<range><lt>5.9.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Michal Dardas from LogicalTrust reports:</p>
	<blockquote cite="https://github.com/chocolate-doom/chocolate-doom/issues/1293">
	  <p>
	    The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate
	    the user-controlled num_players value, leading to a buffer overflow. A
	    malicious user can overwrite the server's stack.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/chocolate-doom/chocolate-doom/issues/1293</url>
      <cvename>CVE-2020-14983</cvename>
    </references>
    <dates>
      <discovery>2020-06-22</discovery>
      <entry>2021-01-22</entry>
    </dates>
  </vuln>

  <vuln vid="13c54e6d-5c45-11eb-b4e2-001b217b3468">
    <topic>nokogiri -- Security vulnerability</topic>
    <affects>
      <package>
	<name>rubygem-nokogiri</name>
	<name>rubygem-nokogiri18</name>
	<range><lt>1.11.0.rc3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Nokogiri reports:</p>
	<blockquote cite="https://nokogiri.org/CHANGELOG.html">
	  <p>In Nokogiri versions &lt;= 1.11.0.rc3, XML Schemas parsed by Nokogiri::XML::Schema were trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://nokogiri.org/CHANGELOG.html</url>
      <cvename>CVE-2020-26247</cvename>
    </references>
    <dates>
      <discovery>2021-01-22</discovery>
      <entry>2021-01-22</entry>
    </dates>
  </vuln>

  <vuln vid="5b5cf6e5-5b51-11eb-95ac-7f9491278677">
    <topic>dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities</topic>
    <affects>
      <package>
	<name>dnsmasq</name>
	<range><lt>2.83</lt></range>
      </package>
      <package> <!-- not currently active, but in case that someone had a stale package -->
	<name>dnsmasq-devel</name>
	<range><lt>2.83</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Simon Kelley reports:</p>
	<blockquote cite="http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html">
	  <p>
	    There are broadly two sets of problems. The first is subtle errors
	    in dnsmasq's protections against the chronic weakness of the DNS
	    protocol to cache-poisoning attacks; the Birthday attack, Kaminsky,
	    etc.[...]
	  </p>
	  <p>
	    the second set of errors is a good old fashioned buffer overflow in
	    dnsmasq's DNSSEC code. If DNSSEC validation is enabled, an
	    installation is at risk.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html</url>
      <url>https://www.jsof-tech.com/disclosures/dnspooq/</url>
      <cvename>CVE-2020-25684</cvename>
      <cvename>CVE-2020-25685</cvename>
      <cvename>CVE-2020-25686</cvename>
      <cvename>CVE-2020-25681</cvename>
      <cvename>CVE-2020-25682</cvename>
      <cvename>CVE-2020-25683</cvename>
      <cvename>CVE-2020-25687</cvename>
    </references>
    <dates>
      <discovery>2020-09-16</discovery> <!-- CVE creation date, vuln apparently known since August to JSOF? -->
      <entry>2021-01-20</entry>
    </dates>
  </vuln>

  <vuln vid="6a4805d5-5aaf-11eb-a21d-79f5bc5ef6a9">
    <topic>go -- cmd/go: packages using cgo can cause arbitrary code execution at build time; crypto/elliptic: incorrect operations on the P-224 curve</topic>
    <affects>
      <package>
	<name>go</name>
	<range><lt>1.15.7,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://github.com/golang/go/issues/43783">
	  <p>The go command may execute arbitrary code at build time when cgo is
	    in use on Windows. This may occur when running "go get", or
	    any other command that builds code. Only users who build untrusted
	    code (and don't execute it) are affected. In addition to Windows
	    users, this can also affect Unix users who have "." listed
	    explicitly in their PATH and are running "go get" or build
	    commands outside of a module or with module mode disabled.</p>
	</blockquote>
	<blockquote cite="https://github.com/golang/go/issues/43786">
	  <p>The P224() Curve implementation can in rare circumstances generate
	    incorrect outputs, including returning invalid points from
	    ScalarMult. The crypto/x509 and golang.org/x/crypto/ocsp (but not
	    crypto/tls) packages support P-224 ECDSA keys, but they are not
	    supported by publicly trusted certificate authorities. No other
	    standard library or golang.org/x/crypto package supports or uses the
	    P-224 curve.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-3115</cvename>
      <url>http://golang.org/issue/43783</url>
      <cvename>CVE-2021-3114</cvename>
      <url>http://golang.org/issue/43786</url>
    </references>
    <dates>
      <discovery>2021-01-13</discovery>
      <entry>2021-01-19</entry>
    </dates>
  </vuln>

  <vuln vid="8899298f-5a92-11eb-8558-3085a9a47796">
    <topic>cloud-init -- Wrong access permissions of authorized keys</topic>
    <affects>
      <package>
       <name>cloud-init</name>
       <range><ge>20.4</ge><lt>20.4.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>cloud-init reports:</p>
	<blockquote cite="https://bugs.launchpad.net/cloud-init/+bug/1911680">
	 <p>cloud-init release 20.4.1 is now available.  This is a hotfix
	 release, that contains a single patch to address a security issue in
	 cloud-init 20.4.</p>

	 <p>Briefly, for users who provide more than one unique SSH key to
	 cloud-init and have a shared AuthorizedKeysFile configured in
	 sshd_config, cloud-init 20.4 started writing all of these keys to such a
	 file, granting all such keys SSH access as root.</p>

	 <p>It's worth restating this implication: if you are using the default
	 AuthorizedKeysFile setting in /etc/ssh/sshd_config, as most will be,
	 then you are _not_ affected by this issue.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://bugs.launchpad.net/cloud-init/+bug/1911680</url>
    </references>
    <dates>
      <discovery>2021-01-14</discovery>
      <entry>2021-01-19</entry>
    </dates>
  </vuln>

  <vuln vid="abed4ff0-7da1-4236-880d-de33e4895315">
    <topic>moinmoin -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>moinmoin</name>
	<range><lt>1.9.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MoinMoin reports:</p>
	<blockquote cite="https://github.com/moinwiki/moin-1.9/blob/1.9.11/docs/CHANGES#L13">
	<ul>
	  <li><p>Security fix for CVE-2020-25074: fix remote code execution via cache action</p></li>
	  <li><p>Security fix for CVE-2020-15275: fix malicious SVG attachment causing stored XSS vulnerability</p></li>
	</ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/moinwiki/moin-1.9/blob/1.9.11/docs/CHANGES#L13</url>
      <cvename>CVE-2020-25074</cvename>
      <cvename>CVE-2020-15275</cvename>
    </references>
    <dates>
      <discovery>2020-11-08</discovery>
      <entry>2021-01-18</entry>
    </dates>
  </vuln>

  <vuln vid="62642942-590f-11eb-a0dc-8c164582fbac">
    <topic>Ghostscript -- SAFER Sandbox Breakout</topic>
    <affects>
      <package>
	<name>ghostscript9-agpl-base</name>
	<range><ge>9.50</ge><lt>9.52_8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>SO-AND-SO reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2020-15900">
	  <p>A memory corruption issue was found in Artifex
	  Ghostscript 9.50 and 9.52. Use of a non-standard
	  PostScript operator can allow overriding of file access
	  controls. The 'rsearch' calculation for the 'post' size
	  resulted in a size that was too large, and could underflow
	  to max uint32_t. This was fixed in commit
	  5d499272b95a6b890a1397e11d20937de000d31b.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2020-15900</url>
    </references>
    <dates>
      <discovery>2020-07-28</discovery>
      <entry>2021-01-17</entry>
    </dates>
  </vuln>

  <vuln vid="08b553ed-537a-11eb-be6e-0022489ad614">
    <topic>Node.js -- January 2021 Security Releases</topic>
    <affects>
      <package>
	<name>node10</name>
	<range><lt>10.23.1</lt></range>
      </package>
      <package>
	<name>node12</name>
	<range><lt>12.20.1</lt></range>
      </package>
      <package>
	<name>node14</name>
	<range><lt>14.15.4</lt></range>
      </package>
      <package>
	<name>node</name>
	<range><lt>15.5.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Node.js reports:</p>
	<blockquote cite="https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/">
	  <h1>use-after-free in TLSWrap (High) (CVE-2020-8265)</h1>
	  <p>Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.</p>
	  <h1>HTTP Request Smuggling in nodejs (Low) (CVE-2020-8287)</h1>
	  <p>Affected versions of Node.js allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.</p>
	  <h1>OpenSSL - EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)</h1>
	  <p>iThis is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/</url>
      <url>https://www.openssl.org/news/secadv/20201208.txt</url>
      <cvename>CVE-2020-8265</cvename>
      <cvename>CVE-2020-8287</cvename>
      <cvename>CVE-2020-1971</cvename>
    </references>
    <dates>
      <discovery>2021-01-04</discovery>
      <entry>2021-01-14</entry>
    </dates>
  </vuln>

  <vuln vid="0a8ebf4a-5660-11eb-b4e2-001b217b3468">
    <topic>Gitlab -- vulnerability</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.7.0</ge><lt>13.7.4</lt></range>
	<range><ge>13.6.0</ge><lt>13.6.5</lt></range>
	<range><ge>12.2</ge><lt>13.5.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>SO-AND-SO reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/01/14/critical-security-release-gitlab-13-7-4-released/">
	  <p>Ability to steal a user's API access token through GitLab Pages</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/releases/2021/01/14/critical-security-release-gitlab-13-7-4-released/</url>
    </references>
    <dates>
      <discovery>2021-01-14</discovery>
      <entry>2021-01-14</entry>
    </dates>
  </vuln>

  <vuln vid="6d554d6e-5638-11eb-9d36-5404a68ad561">
    <topic>wavpack -- integer overflow in pack_utils.c</topic>
    <affects>
      <package>
	<name>wavpack</name>
	<range><lt>5.4.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The wavpack project reports:</p>
	<blockquote cite="https://github.com/dbry/WavPack/blob/733616993d53cc1f9a7ffb88a858447ba51eb0ee/ChangeLog">
	  <p>src/pack_utils.c
	    - issue #91: fix integer overflows resulting in buffer overruns (CVE-2020-35738)
	    - sanitize configuration parameters better (improves clarity and aids debugging)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/dbry/WavPack/blob/733616993d53cc1f9a7ffb88a858447ba51eb0ee/ChangeLog</url>
      <cvename>CVE-2020-35738</cvename>
    </references>
    <dates>
      <discovery>2020-12-29</discovery>
      <entry>2021-01-14</entry>
    </dates>
  </vuln>

  <vuln vid="d6f76976-e86d-4f9a-9362-76c849b10db2">
    <topic>jenkins -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.275</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.263.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2021-01-13/">
	  <h1>Description</h1>
	  <h5>(Medium) SECURITY-1452 / CVE-2021-21602</h5>
	  <p>Arbitrary file read vulnerability in workspace browsers</p>
	  <h5>(High) SECURITY-1889 / CVE-2021-21603</h5>
	  <p>XSS vulnerability in notification bar</p>
	  <h5>(High) SECURITY-1923 / CVE-2021-21604</h5>
	  <p>Improper handling of REST API XML deserialization errors</p>
	  <h5>(High) SECURITY-2021 / CVE-2021-21605</h5>
	  <p>Path traversal vulnerability in agent names</p>
	  <h5>(Medium) SECURITY-2023 / CVE-2021-21606</h5>
	  <p>Arbitrary file existence check in file fingerprints</p>
	  <h5>(Medium) SECURITY-2025 / CVE-2021-21607</h5>
	  <p>Excessive memory allocation in graph URLs leads to denial of service</p>
	  <h5>(High) SECURITY-2035 / CVE-2021-21608</h5>
	  <p>Stored XSS vulnerability in button labels</p>
	  <h5>(Low) SECURITY-2047 / CVE-2021-21609</h5>
	  <p>Missing permission check for paths with specific prefix</p>
	  <h5>(High) SECURITY-2153 / CVE-2021-21610</h5>
	  <p>Reflected XSS vulnerability in markup formatter preview</p>
	  <h5>(High) SECURITY-2171 / CVE-2021-21611</h5>
	  <p>Stored XSS vulnerability on new item page</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.jenkins.io/security/advisory/2021-01-13/</url>
    </references>
    <dates>
      <discovery>2021-01-13</discovery>
      <entry>2021-01-13</entry>
    </dates>
  </vuln>

  <vuln vid="1f655433-551b-11eb-9cda-589cfc0f81b0">
    <topic>phpmyfaq -- XSS vulnerability</topic>
    <affects>
      <package>
	<name>phpmyfaq</name>
	<range><le>3.0.6</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>phpmyfaq developers report:</p>
	<blockquote cite="https://www.phpmyfaq.de/security/advisory-2020-12-23">
	  <p> phpMyFAQ does not implement sufficient checks to avoid XSS
	  injection for displaying tags. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.phpmyfaq.de/security/advisory-2020-12-23</url>
    </references>
    <dates>
      <discovery>2020-12-23</discovery>
      <entry>2021-01-12</entry>
    </dates>
  </vuln>

  <vuln vid="6193b3f6-548c-11eb-ba01-206a8a720317">
    <topic>sudo -- Potential information leak in sudoedit</topic>
    <affects>
      <package>
       <name>sudo</name>
       <range><lt>1.9.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Todd C. Miller reports:</p>
       <blockquote cite="https://www.sudo.ws/stable.html#1.9.5">
	 <p>A potential information leak in sudoedit that could be used to
	    test for the existence of directories not normally accessible to
	    the user in certain circumstances. When creating a new file,
	    sudoedit checks to make sure the parent directory of the new file
	    exists before running the editor. However, a race condition exists
	    if the invoking user can replace (or create) the parent directory.
	    If a symbolic link is created in place of the parent directory,
	    sudoedit will run the editor as long as the target of the link
	    exists.If the target of the link does not exist, an error message
	    will be displayed. The race condition can be used to test for the
	    existence of an arbitrary directory. However, it _cannot_ be used
	    to write to an arbitrary location.</p>
       </blockquote>
      </body>
    </description>
    <references>
      <url>https://www.sudo.ws/stable.html#1.9.5</url>
      <cvename>CVE-2021-23239</cvename>
    </references>
    <dates>
      <discovery>2021-01-11</discovery>
      <entry>2021-01-11</entry>
    </dates>
  </vuln>

  <vuln vid="a3cef1e6-51d8-11eb-9b8d-08002728f74c">
    <topic>CairoSVG -- Regular Expression Denial of Service vulnerability</topic>
    <affects>
      <package>
	<name>py36-cairosvg</name>
	<name>py37-cairosvg</name>
	<name>py38-cairosvg</name>
	<name>py39-cairosvg</name>
	<range><ge>2.0.0</ge><lt>2.5.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>CairoSVG security advisories:</p>
	<blockquote cite="https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf">
	  <p>When processing SVG files, the python package CairoSVG uses two regular
	    expressions which are vulnerable to Regular Expression Denial of Service
	    (REDoS).</p>
	  <p>If an attacker provides a malicious SVG, it can make cairosvg get stuck
	    processing the file for a very long time.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf</url>
    </references>
    <dates>
      <discovery>2020-12-30</discovery>
      <entry>2021-01-10</entry>
    </dates>
  </vuln>

  <vuln vid="a2a2b34d-52b4-11eb-87cb-001b217b3468">
    <topic>Gitlab -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>13.7.0</ge><lt>13.7.2</lt></range>
	<range><ge>13.6.0</ge><lt>13.6.4</lt></range>
	<range><ge>12.2</ge><lt>13.5.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/">
	  <p>Ability to steal a user's API access token through GitLab Pages</p>
	  <p>Prometheus denial of service via HTTP request with custom method</p>
	  <p>Unauthorized user is able to access private repository information under specific conditions</p>
	  <p>Regular expression denial of service in NuGet API</p>
	  <p>Regular expression denial of service in package uploads</p>
	  <p>Update curl dependency</p>
	  <p>CVE-2019-3881 mitigation</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/</url>
      <cvename>CVE-2021-22166</cvename>
      <cvename>CVE-2020-26414</cvename>
      <cvename>CVE-2019-3881</cvename>
    </references>
    <dates>
      <discovery>2021-01-07</discovery>
      <entry>2021-01-09</entry>
    </dates>
  </vuln>

  <vuln vid="d153c4d2-50f8-11eb-8046-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>87.0.4280.141</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html">
	  <p>This release includes 16 security fixes, including:</p>
	  <ul>
	    <li>[1148749] High CVE-2021-21106: Use after free in autofill.
	      Reported by Weipeng Jiang (@Krace) from Codesafe Team of
	      Legendsec at Qi'anxin Group on 2020-11-13</li>
	    <li>[1153595] High CVE-2021-21107: Use after free in drag and
	      drop. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2020-11-30</li>
	    <li>[1155426] High CVE-2021-21108: Use after free in media.
	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2020-12-04</li>
	    <li>[1152334] High CVE-2021-21109: Use after free in payments.
	      Reported by Rong Jian and Guang Gong of 360 Alpha Lab on
	      2020-11-24</li>
	    <li>[1152451] High CVE-2021-21110: Use after free in safe
	      browsing. Reported by Anonymous on 2020-11-24</li>
	    <li>[1149125] High CVE-2021-21111: Insufficient policy enforcement
	      in WebUI. Reported by Alesandro Ortiz on 2020-11-15</li>
	    <li>[1151298] High CVE-2021-21112: Use after free in Blink.
	     Reported by YoungJoo Lee(@ashuu_lee) of Raon Whitehat on
	      2020-11-20</li>
	    <li>[1155178] High CVE-2021-21113: Heap buffer overflow in Skia.
	      Reported by tsubmunu on 2020-12-03</li>
	    <li>[1148309] High CVE-2020-16043: Insufficient data validation in
	      networking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory
	      Vishnepolsky at Armis on 2020-11-12</li>
	    <li>[1150065] High CVE-2021-21114: Use after free in audio.
	      Reported by Man Yue Mo of GitHub Security Lab on 2020-11-17</li>
	    <li>[1157790] High CVE-2020-15995: Out of bounds write in V8.
	      Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu
	      Lab on 2020-12-11</li>
	    <li>[1157814] High CVE-2021-21115: Use after free in safe browsing.
	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2020-12-11</li>
	    <li>[1151069] Medium CVE-2021-21116: Heap buffer overflow in audio.
	      Reported by Alison Huffman, Microsoft Browser Vulnerability
	      Research on 2020-11-19</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-15995</cvename>
      <cvename>CVE-2020-16043</cvename>
      <cvename>CVE-2021-21106</cvename>
      <cvename>CVE-2021-21107</cvename>
      <cvename>CVE-2021-21108</cvename>
      <cvename>CVE-2021-21109</cvename>
      <cvename>CVE-2021-21110</cvename>
      <cvename>CVE-2021-21111</cvename>
      <cvename>CVE-2021-21112</cvename>
      <cvename>CVE-2021-21113</cvename>
      <cvename>CVE-2021-21114</cvename>
      <cvename>CVE-2021-21115</cvename>
      <cvename>CVE-2021-21116</cvename>
      <url>https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2021-01-06</discovery>
      <entry>2021-01-07</entry>
    </dates>
  </vuln>

  <vuln vid="bd98066d-4ea4-11eb-b412-e86a64caca56">
    <topic>mail/dovecot -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>dovecot</name>
	<range><lt>2.3.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Aki Tuomi reports:</p>
	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-January/000450.html">
	  <p>When imap hibernation is active, an attacker can cause Dovecot to
	    discover file system directory structure and access other users'
	    emails using specially crafted command.
	    The attacker must have valid credentials to access the
	    mail server.</p>
	</blockquote>
	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html">
	  <p>Mail delivery / parsing crashed when the 10 000th MIME part was
	    message/rfc822 (or if parent was multipart/digest). This happened
	    due to earlier MIME parsing changes for CVE-2020-12100.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html</url>
      <cvename>CVE-2020-24386</cvename>
      <cvename>CVE-2020-25275</cvename>
    </references>
    <dates>
      <discovery>2020-08-17</discovery>
      <entry>2021-01-04</entry>
    </dates>
  </vuln>

&vuln-2020;
&vuln-2019;
&vuln-2018;
&vuln-2017;
&vuln-2016;
&vuln-2015;
&vuln-2014;
&vuln-2013;
&vuln-2012;
&vuln-2011;
&vuln-2010;
&vuln-2009;
&vuln-2008;
&vuln-2007;
&vuln-2006;
&vuln-2005;
&vuln-2004;
&vuln-2003;</vuxml>
<!-- EOF -->
<!-- Note:  Please add new entries to the beginning of this file. -->
<!-- ex: set ts=8 tw=80 sw=2: -->
<!-- vim: set softtabstop=2 noexpandtab: -->