From ced3d65efa84287a9bf36a4f0d21312c1a623b68 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 27 Aug 2021 00:00:57 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/39xxx/CVE-2021-39167.json | 12 ++++++------ 2021/39xxx/CVE-2021-39168.json | 2 +- 2021/39xxx/CVE-2021-39240.json | 10 ++++++++++ 2021/39xxx/CVE-2021-39241.json | 10 ++++++++++ 2021/39xxx/CVE-2021-39242.json | 10 ++++++++++ 5 files changed, 37 insertions(+), 7 deletions(-) diff --git a/2021/39xxx/CVE-2021-39167.json b/2021/39xxx/CVE-2021-39167.json index 5a862f2ac10..f06553fb140 100644 --- a/2021/39xxx/CVE-2021-39167.json +++ b/2021/39xxx/CVE-2021-39167.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.\n" + "value": "OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining." } ] }, @@ -75,11 +75,6 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-fg47-3c2x-m2wr", - "refsource": "CONFIRM", - "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-fg47-3c2x-m2wr" - }, { "name": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5", "refsource": "MISC", @@ -89,6 +84,11 @@ "name": "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431", "refsource": "MISC", "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431" + }, + { + "name": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-fg47-3c2x-m2wr", + "refsource": "CONFIRM", + "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-fg47-3c2x-m2wr" } ] }, diff --git a/2021/39xxx/CVE-2021-39168.json b/2021/39xxx/CVE-2021-39168.json index fa1cedbfb78..77778d57f43 100644 --- a/2021/39xxx/CVE-2021-39168.json +++ b/2021/39xxx/CVE-2021-39168.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.\n" + "value": "OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining." } ] }, diff --git a/2021/39xxx/CVE-2021-39240.json b/2021/39xxx/CVE-2021-39240.json index baa32cb71ce..d3f463d868a 100644 --- a/2021/39xxx/CVE-2021-39240.json +++ b/2021/39xxx/CVE-2021-39240.json @@ -71,6 +71,16 @@ "refsource": "DEBIAN", "name": "DSA-4960", "url": "https://www.debian.org/security/2021/dsa-4960" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-e6557245e8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPNY4WZIQUAUOCLIMUPC37AQWNXTWIQM/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-3ab4512c98", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ALECUZDIMT5FYGP6V6PVSI4BKVZTZWN/" } ] } diff --git a/2021/39xxx/CVE-2021-39241.json b/2021/39xxx/CVE-2021-39241.json index dacf4f61a9a..61f43c650d0 100644 --- a/2021/39xxx/CVE-2021-39241.json +++ b/2021/39xxx/CVE-2021-39241.json @@ -66,6 +66,16 @@ "refsource": "DEBIAN", "name": "DSA-4960", "url": "https://www.debian.org/security/2021/dsa-4960" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-e6557245e8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPNY4WZIQUAUOCLIMUPC37AQWNXTWIQM/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-3ab4512c98", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ALECUZDIMT5FYGP6V6PVSI4BKVZTZWN/" } ] } diff --git a/2021/39xxx/CVE-2021-39242.json b/2021/39xxx/CVE-2021-39242.json index 75fce0d7ed2..4cc8d8b59f2 100644 --- a/2021/39xxx/CVE-2021-39242.json +++ b/2021/39xxx/CVE-2021-39242.json @@ -66,6 +66,16 @@ "refsource": "DEBIAN", "name": "DSA-4960", "url": "https://www.debian.org/security/2021/dsa-4960" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-e6557245e8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPNY4WZIQUAUOCLIMUPC37AQWNXTWIQM/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-3ab4512c98", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ALECUZDIMT5FYGP6V6PVSI4BKVZTZWN/" } ] }