Sebastien Delafond pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
341c1f44 by Sébastien Delafond at 2021-02-18T17:12:16+01:00
Add temporary entry for latest zstd issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1133,6 +1133,9 @@ CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers
to bypass intended acc
NOTE: Fix (disabled overlayfs):
https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
NOTE:
https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
NOTE:
https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
+CVE-2021-XXXX [zstd allows for race-opening files being compressed or
uncompressed]
+ - libzstd 1.4.8+dfsg-2 (bug #982519)
+ NOTE: https://github.com/facebook/zstd/issues/2491
CVE-2019-XXXX [zstd adds read permissions to files while being compressed or
uncompressed]
- libzstd 1.4.8+dfsg-1 (bug #981404)
[buster] - libzstd 1.3.8+dfsg-3+deb10u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/341c1f446b537244d2c86614b053e81eca9f266d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/341c1f446b537244d2c86614b053e81eca9f266d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
