Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2af78a97 by Thorsten Alteholz at 2021-05-19T15:31:29+02:00
mark CVE-2021-32919 as not-affected for Stretch
- - - - -
645a8886 by Thorsten Alteholz at 2021-05-19T15:42:31+02:00
add prosody
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -577,6 +577,7 @@ CVE-2021-32920 (Prosody before 0.11.9 allows Uncontrolled
CPU Consumption via a
CVE-2021-32919 (An issue was discovered in Prosody before 0.11.9. The
undocumented dia ...)
{DSA-4916-1}
- prosody 0.11.9-1 (bug #988668)
+ [stretch] - prosody <not-affected> (Vulnerable code (=dwd) introduced
later)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
NOTE: https://prosody.im/security/advisory_20210512.txt
NOTE: https://hg.prosody.im/trunk/rev/6be890ca492e
=====================================
data/dla-needed.txt
=====================================
@@ -71,6 +71,9 @@ php-phpseclib (Abhijith PA)
phpseclib (Abhijith PA)
NOTE: 20210503: apparently 1.x is not affected, but double check (pochu)
--
+prosody
+ NOTE: 20210519: at least the 10MB limit mentioned in CVE-2021-32918 is
present
+--
ring (Thorsten Alteholz)
NOTE: 20210510: WIP (need to update other releases first)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/db50828c813d99ebbaf5885fc49c35ffd543373d...645a8886f0255863de221f53debf666178e03d11
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/db50828c813d99ebbaf5885fc49c35ffd543373d...645a8886f0255863de221f53debf666178e03d11
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
