Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 20a7383c by Thorsten Alteholz at 2021-11-17T01:25:05+01:00 CVEs of atftp postponed until now - - - - - f130652d by Thorsten Alteholz at 2021-11-17T01:25:46+01:00 Reserve DLA-2820-1 for atftp - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: ===================================== data/CVE/list ===================================== @@ -8031,7 +8031,7 @@ CVE-2021-41655 CVE-2021-41654 RESERVED CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with firmware ...) - NOT-FOR-US: TP-Link + NOT-FOR-US: TP-Link CVE-2021-41652 RESERVED CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG / Ahmed H ...) @@ -9844,7 +9844,6 @@ CVE-2021-41054 (tftpd_file.c in atftp through 0.7.4 has a buffer overflow becaus - atftp 0.7.git20210915-1 (bug #994895) [bullseye] - atftp 0.7.git20120829-3.3+deb11u1 [buster] - atftp 0.7.git20120829-3.2~deb10u2 - [stretch] - atftp <postponed> (Minor issue) NOTE: https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/ CVE-2021-3798 [Soft token does not check if an EC key is valid] RESERVED @@ -127472,7 +127471,6 @@ CVE-2020-6098 (An exploitable denial of service vulnerability exists in the free CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atftpd da ...) - atftp 0.7.git20120829-3.2 (bug #970066) [buster] - atftp 0.7.git20120829-3.2~deb10u1 - [stretch] - atftp <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029 NOTE: https://sourceforge.net/u/peterkaestle/atftp/ci/96409ef3b9ca061f9527cfaafa778105cf15d994/ CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...) ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[17 Nov 2021] DLA-2820-1 atftp - security update + {CVE-2020-6097 CVE-2021-41054} + [stretch] - atftp 0.7.git20120829-3.1~deb9u2 [16 Nov 2021] DLA-2819-1 ntfs-3g - security update {CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253 CVE-2021-39254 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262 CVE-2021-39263} [stretch] - ntfs-3g 1:2016.2.22AR.1+dfsg-1+deb9u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e3ed57c00486c8b681e0765b423c617030b10636...f130652dae0d98b9c640725afa90f47f57a9fab9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e3ed57c00486c8b681e0765b423c617030b10636...f130652dae0d98b9c640725afa90f47f57a9fab9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits