[Git][security-tracker-team/security-tracker][master] new lwip issues

Thu, 29 Jul 2021 01:42:36 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
86e974c6 by Moritz Muehlenhoff at 2021-07-29T10:42:04+02:00
new lwip issues
fetchmail unimportant
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2638,9 +2638,10 @@ CVE-2021-36387
        RESERVED
 CVE-2021-36386 [denial of service or information disclosure when logging long 
messages]
        RESERVED
-       - fetchmail 6.4.16-4
+       - fetchmail 6.4.16-4 (unimportant)
        NOTE: https://www.fetchmail.info/fetchmail-SA-2021-01.txt
        NOTE: 
https://gitlab.com/fetchmail/fetchmail/-/commit/c546c8299243a10a7b85c638e0e61396ecd5d8b5
+       NOTE: Negligible security impact
 CVE-2021-36385
        RESERVED
 CVE-2021-36384
@@ -12851,9 +12852,9 @@ CVE-2021-32003
 CVE-2021-32002
        RESERVED
 CVE-2021-32001 (A Missing Encryption of Sensitive Data vulnerability in k3s, 
kde2 of S ...)
-       TODO: check
+       NOT-FOR-US: Rancher
 CVE-2021-32000 (A UNIX Symbolic Link (Symlink) Following vulnerability in the 
clone-ma ...)
-       TODO: check
+       NOT-FOR-US: clone-master-clean-up in SUSE Linux Enterprise Server
 CVE-2021-31999 (A Reliance on Untrusted Inputs in a Security Decision 
vulnerability in ...)
        NOT-FOR-US: Rancher
 CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging 
of inn  ...)
@@ -66954,9 +66955,15 @@ CVE-2020-22286
 CVE-2020-22285
        RESERVED
 CVE-2020-22284 (A buffer overflow vulnerability in the zepif_linkoutput() 
function of  ...)
-       TODO: check
+       - lwip <unfixed>
+       [buster] - lwip <no-dsa> (Minor issue)
+       NOTE: https://savannah.nongnu.org/bugs/index.php?58554
+       NOTE: 
https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=8363c24e45a32728e385cfc2c3c36d88a8a9e70b
 CVE-2020-22283 (A buffer overflow vulnerability in the 
icmp6_send_response_with_addrs_ ...)
-       TODO: check
+       - lwip <unfixed>
+       [buster] - lwip <no-dsa> (Minor issue)
+       NOTE: https://savannah.nongnu.org/bugs/index.php?58553
+       NOTE: 
https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=488d4ad2460c3b41bef69724cad89c28a905eda9
 CVE-2020-22282
        RESERVED
 CVE-2020-22281



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86e974c68f074c2fe7f9f7c204773c426fa8127d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86e974c68f074c2fe7f9f7c204773c426fa8127d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to