[Git][security-tracker-team/security-tracker][master] Add upstream commits from 1.1.1 branch for CVE-2021-34{49,50}

Thu, 25 Mar 2021 07:40:09 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f790ed3a by Salvatore Bonaccorso at 2021-03-25T15:36:34+01:00
Add upstream commits from 1.1.1 branch for CVE-2021-34{49,50}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -457,6 +457,7 @@ CVE-2021-3450 [CA certificate check bypass with 
X509_V_FLAG_X509_STRICT]
        [stretch] - openssl <not-affected> (Vulnerable code introduced in 
1.1.1h)
        - openssl1.0 <not-affected> (Vulnerable code introduced in 1.1.1h)
        NOTE: https://www.openssl.org/news/secadv/20210325.txt
+       NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b
 CVE-2021-28957 (lxml 4.6.2 allows XSS. It places the HTML action attribute 
into defs.l ...)
        {DLA-2606-1}
        - lxml 4.6.3-1 (bug #985643)
@@ -1067,6 +1068,10 @@ CVE-2021-3449 [NULL pointer deref in 
signature_algorithms processing]
        - openssl <unfixed>
        - openssl1.0 <not-affected> (Vulnerability does not impact 1.0.2 series)
        NOTE: https://www.openssl.org/news/secadv/20210325.txt
+       NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=46d81bcabe2d36055bdd37079ed6acf976d967a7
+       NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3ff38629a2df6635f36bfb79513cc6440db8cd70
+       NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb9fa6b51defd48157eeb207f52181f735d96148
+       NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d33c2a3d8453a75509bcc8d2cf7d2dc2a3a518d0
 CVE-2021-28687 [HVM soft-reset crashes toolstack]
        RESERVED
        - xen <unfixed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f790ed3a5915f7af265364f87789d36e654cbe21

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f790ed3a5915f7af265364f87789d36e654cbe21
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to