Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
036768e1 by Salvatore Bonaccorso at 2021-08-19T08:40:00+02:00
Add CVE-2021-3716/nbdkit
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -100,8 +100,13 @@ CVE-2021-39247 (Zint Barcode Generator before 2.10.0 has a
one-byte buffer over-
TODO: check, supsect the issue has only been introduced upstream with
6274140c73aa39c42271644ef8c9b4551ca06fc2 (but need confirmation)
CVE-2021-39246
RESERVED
-CVE-2021-3716
+CVE-2021-3716 [NBD_OPT_STRUCTURED_REPLY injection on STARTTLS]
RESERVED
+ - nbdkit <unfixed>
+ [buster] - nbdkit <not-affected> (Vulnerable code introduced later)
+ [stretch] - nbdkit <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by:
https://github.com/libguestfs/nbdkit/commit/eaa4c6e9a2c4bdb71aefdd4b1d865e7a9af606a8
(v1.11.8)
+ NOTE:
https://listman.redhat.com/archives/libguestfs/2021-August/msg00077.html
CVE-2021-3715
RESERVED
CVE-2021-3714
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/036768e127a9101d33aa657f2b7c9000eeee1b23
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/036768e127a9101d33aa657f2b7c9000eeee1b23
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
