Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c2eef733 by Moritz Muehlenhoff at 2021-11-03T11:22:52+01:00
Add ATS commit references (one still missing)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1451,6 +1451,9 @@ CVE-2021-43082 [heap-buffer-overflow with stats-over-http
plugin]
RESERVED
- trafficserver <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: https://github.com/apache/trafficserver/pull/8475
+ NOTE:
https://github.com/apache/trafficserver/commit/02b17dbe3cff71ffd31577d872e077531124d207
(master)
+ NOTE: commit was missed in 8.1
CVE-2021-3915
RESERVED
CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is
lacking ...)
@@ -6118,6 +6121,9 @@ CVE-2021-41585 [ATS stops accepting connections on
FreeBSD]
RESERVED
- trafficserver <not-affected> (Only affects FreeBSD)
NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: https://github.com/apache/trafficserver/pull/8456/
+ NOTE:
https://github.com/apache/trafficserver/commit/268b540edae0b3e51d033795a4dd7404a5756a93
(master)
+ NOTE:
https://github.com/apache/trafficserver/commit/2b078741ecf14cbc7f5773b3e14ef0c1d3cf4cfb
(8.1.x)
CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized
viewing of a ...)
NOT-FOR-US: Gradle Enterprise
CVE-2021-41583 (vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14,
as packa ...)
@@ -16679,14 +16685,23 @@ CVE-2021-37149 [Request Smuggling - multiple attacks]
RESERVED
- trafficserver <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: https://github.com/apache/trafficserver/pull/8458/
+ NOTE:
https://github.com/apache/trafficserver/commit/2addc8ca71449ceac0d5b80172460ee09c938f5e
(8.1.x)
+ NOTE:
https://github.com/apache/trafficserver/commit/83c89f3d217d473ecb000b68c910c0f183c3a355
(master)
CVE-2021-37148 [Request Smuggling - transfer encoding validation]
RESERVED
- trafficserver <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: https://github.com/apache/trafficserver/pull/8457/
+ NOTE:
https://github.com/apache/trafficserver/commit/6e5070118a20772a30c3fccee2cf1c44f0a21fc0
(master)
+ NOTE:
https://github.com/apache/trafficserver/commit/e2c9ac217f24dc3e91ff2c9f52b52093e8fb32d5
(8.1.x)
CVE-2021-37147 [Request Smuggling - LF line ending]
RESERVED
- trafficserver <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE:
https://github.com/apache/trafficserver/commit/64f25678bfbbd1433cce703e3c43bcc49a53de56
(master)
+ NOTE:
https://github.com/apache/trafficserver/commit/5cad961c87cb07fbb8fa6890685d9878a169378d
(8.1.x)
+ NOTE: https://github.com/apache/trafficserver/pull/8460
CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in
ROS Melodi ...)
[experimental] - ros-ros-comm 1.15.13+ds1-1
- ros-ros-comm 1.15.13+ds1-2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2eef7333d7046b65b43bc1cca522bd1ba13e47d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2eef7333d7046b65b43bc1cca522bd1ba13e47d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
