Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5bbac6f0 by Salvatore Bonaccorso at 2021-08-23T15:32:34+02:00
Add CVE-2021-35940/apr
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8305,8 +8305,17 @@ CVE-2021-3628
RESERVED
CVE-2021-3627
RESERVED
-CVE-2021-35940
- RESERVED
+CVE-2021-35940 [Regression of CVE-2017-12613]
+ RESERVED
+ - apr <unfixed>
+ [buster] - apr <not-affected> (Vulnerable code re-introduced in 1.7.0)
+ [stretch] - apr <not-affected> (Vulnerable code re-introduced in 1.7.0)
+ NOTE: The issue exists because the CVE-2017-12613 fix was not carried
forward
+ NOTE: in the APR 1.7.x branch and hence version 1.7.0 regressed from
1.6.3
+ NOTE: and so vulnerable to the same issue.
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/23/1
+ NOTE: http://svn.apache.org/viewvc?view=revision&revision=1891198
+ NOTE:
https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch
CVE-2021-35939 [checks for unsafe symlinks are not performed for intermediary
directories]
RESERVED
- rpm <unfixed> (bug #990543)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bbac6f0c6d84ee1cf752e149112c2a0047073cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bbac6f0c6d84ee1cf752e149112c2a0047073cf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
