[Git][security-tracker-team/security-tracker][master] 2 commits: CVEs of atftp postponed until now

Thorsten Alteholz (@alteholz) Tue, 16 Nov 2021 16:26:14 -0800


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
20a7383c by Thorsten Alteholz at 2021-11-17T01:25:05+01:00
CVEs of atftp postponed until now

- - - - -
f130652d by Thorsten Alteholz at 2021-11-17T01:25:46+01:00
Reserve DLA-2820-1 for atftp

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8031,7 +8031,7 @@ CVE-2021-41655
 CVE-2021-41654
        RESERVED
 CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with 
firmware  ...)
-       NOT-FOR-US:  TP-Link
+       NOT-FOR-US: TP-Link
 CVE-2021-41652
        RESERVED
 CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG / 
Ahmed H ...)
@@ -9844,7 +9844,6 @@ CVE-2021-41054 (tftpd_file.c in atftp through 0.7.4 has a 
buffer overflow becaus
        - atftp 0.7.git20210915-1 (bug #994895)
        [bullseye] - atftp 0.7.git20120829-3.3+deb11u1
        [buster] - atftp 0.7.git20120829-3.2~deb10u2
-       [stretch] - atftp <postponed> (Minor issue)
        NOTE: 
https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/
 CVE-2021-3798 [Soft token does not check if an EC key is valid]
        RESERVED
@@ -127472,7 +127471,6 @@ CVE-2020-6098 (An exploitable denial of service 
vulnerability exists in the free
 CVE-2020-6097 (An exploitable denial of service vulnerability exists in the 
atftpd da ...)
        - atftp 0.7.git20120829-3.2 (bug #970066)
        [buster] - atftp 0.7.git20120829-3.2~deb10u1
-       [stretch] - atftp <no-dsa> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
        NOTE: 
https://sourceforge.net/u/peterkaestle/atftp/ci/96409ef3b9ca061f9527cfaafa778105cf15d994/
 CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the 
ARMv7 mem ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Nov 2021] DLA-2820-1 atftp - security update
+       {CVE-2020-6097 CVE-2021-41054}
+       [stretch] - atftp 0.7.git20120829-3.1~deb9u2
 [16 Nov 2021] DLA-2819-1 ntfs-3g - security update
        {CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 
CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 
CVE-2021-39252 CVE-2021-39253 CVE-2021-39254 CVE-2021-39255 CVE-2021-39256 
CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 
CVE-2021-39262 CVE-2021-39263}
        [stretch] - ntfs-3g 1:2016.2.22AR.1+dfsg-1+deb9u2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e3ed57c00486c8b681e0765b423c617030b10636...f130652dae0d98b9c640725afa90f47f57a9fab9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e3ed57c00486c8b681e0765b423c617030b10636...f130652dae0d98b9c640725afa90f47f57a9fab9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: CVEs of atftp postponed until now

Reply via email to