[Git][security-tracker-team/security-tracker][master] fill in details for older undertow issue

Tue, 06 Jul 2021 12:34:00 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0eadeab5 by Moritz Muehlenhoff at 2021-07-06T21:33:00+02:00
fill in details for older undertow issue
remove old TODO, if this were an issue with docker, it would have ended up
  in docker CVE assignments ultimately

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39213,9 +39213,9 @@ CVE-2021-20221 (An out-of-bounds heap buffer access 
issue was found in the ARM G
        NOTE: https://www.openwall.com/lists/oss-security/2021/02/05/1
        NOTE: 
https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a
 CVE-2021-20220 (A flaw was found in Undertow. A regression in the fix for 
CVE-2020-106 ...)
-       - undertow <undetermined>
+       - undertow 2.2.0-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1923133
-       TODO: CVE for incomplete fix for CVE-2020-10687 but not clear if 
affected any Debian released version
+       NOTE: 
https://github.com/undertow-io/undertow/commit/a18574a4da09449d855c0a7e58dfca3e9e2e488e
 CVE-2021-20219 (A denial of service vulnerability was found in 
n_tty_receive_char_spec ...)
        - linux <not-affected> (Red Hat specific issue)
        NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/10
@@ -39293,7 +39293,6 @@ CVE-2021-20206 (An improper limitation of path name 
flaw was found in containern
        [stretch] - golang-github-appc-cni <no-dsa> (Minor issue)
        NOTE: https://github.com/containernetworking/cni/pull/808
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919391
-       TODO: check details, impact on docker.io?
 CVE-2021-20205 (Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a 
denial of  ...)
        - libjpeg-turbo <not-affected> (Vulnerable code introduced later)
        NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/493



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0eadeab5a1966d957a7a55dafdf6bf8b1c1e4e1d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0eadeab5a1966d957a7a55dafdf6bf8b1c1e4e1d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to