Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5712cd2c by Salvatore Bonaccorso at 2021-09-24T22:21:50+02:00
Update severity for CVE-2021-36160/uwsgi and mark unimportant
Unfortunately this would cover the severity for uwsgi where it still
builds libapache2-mod-proxy-uwsgi, but this is already tracked by the
LTS team for an update.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12509,9 +12509,11 @@ CVE-2021-36161 (Some component in Dubbo will try to
print the formated string of
CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi
to read ...)
- apache2 2.4.49-1
[stretch] - apache2 <not-affected> (Vulnerable module not present)
- - uwsgi <unfixed>
+ - uwsgi <unfixed> (unimportant)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-36160
NOTE:
https://github.com/apache/httpd/commit/b364cad72b48dd40fbc2850e525b845406520f0b
+ NOTE: uwsgi since 2.0.15-11 drops building the
libapache2-mod-proxy-uwsgi{,-dbg}
+ NOTE: packages which are provided by src:apache2 itself.
CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and
other prod ...)
NOT-FOR-US: libfetch
CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine
Linux, RDP s ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5712cd2caf3ae85afb53cb0bf458fba64984c7e9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5712cd2caf3ae85afb53cb0bf458fba64984c7e9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
