Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f7b35090 by Salvatore Bonaccorso at 2021-05-22T14:47:54+02:00 Revert "mark CVE-2021-21419 as not-affected for Buster" This reverts commit dc893f404583c840bf069f9f02c4a67e369ed524. The issue is/might still present in the no compression support case (but in this case less likely to be possible to exploited). Details in https://github.com/eventlet/eventlet/commit/1412f5e4125b4313f815778a1acb4d3336efcd07#commitcomment-51161227 GHSA-9p9m-jm8w-94p2 as well mentions affected versions to include those which have not compression or per message deflate extension support. - - - - - 753324dd by Salvatore Bonaccorso at 2021-05-22T14:50:48+02:00 Mark CVE-2021-21419/python-eventlet as no-dsa for buster - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -29314,10 +29314,12 @@ CVE-2021-21420 (vscode-stripe is an extension for Visual Studio Code. A vulnerab NOT-FOR-US: vscode-stripe Visual Studio Code extension CVE-2021-21419 (Eventlet is a concurrent networking library for Python. A websocket pe ...) - python-eventlet 0.26.1-7 (bug #988342) - [buster] - python-eventlet <not-affected> (Vulnerable code (compression extension) introduced later) + [buster] - python-eventlet <no-dsa> (Minor issue) [stretch] - python-eventlet <not-affected> (Vulnerable code (compression extension) introduced later) NOTE: https://github.com/eventlet/eventlet/security/advisories/GHSA-9p9m-jm8w-94p2 NOTE: Fixed by: https://github.com/eventlet/eventlet/commit/1412f5e4125b4313f815778a1acb4d3336efcd07 + NOTE: Issue present as well in versions before introduction of per-message-defalte extension + NOTE: or compression extension support. CVE-2021-21418 (ps_emailsubscription is a newsletter subscription module for the Prest ...) NOT-FOR-US: PrestaShop CVE-2021-21417 (fluidsynth is a software synthesizer based on the SoundFont 2 specific ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dc893f404583c840bf069f9f02c4a67e369ed524...753324dd72823297064f02b83d5976a746df0d9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dc893f404583c840bf069f9f02c4a67e369ed524...753324dd72823297064f02b83d5976a746df0d9d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
