[Git][security-tracker-team/security-tracker][master] Update notes on CVE-2021-41190

Sat, 20 Nov 2021 01:22:28 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d56d88cc by Salvatore Bonaccorso at 2021-11-20T10:20:37+01:00
Update notes on CVE-2021-41190

This is bit cumbersome to track. My understanding is that the CVE is
specifically for the specification issue. Several container projects
have mitigated the issue by releasing updates. Such as the mentioned
containerd and golang-github-opencontainers-image-spec.

As such keep it for now as NFU, tough making a note on the mitigations
in software.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9993,7 +9993,12 @@ CVE-2021-41192
 CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product 
purchasing hub. ...)
        NOT-FOR-US: Roblox-Purchasing-Hub
 CVE-2021-41190 (The OCI Distribution Spec project defines an API protocol to 
facilitat ...)
-       NOT-FOR-US: OCI Distribution Spec
+       NOT-FOR-US: OCI Distribution Specification
+       NOTE: Issue in the OCI Distribution Specification. Software mitigations 
are applied to
+       NOTE: containerd/1.5.8~ds1-1 and 
golang-github-opencontainers-image-spec/1.0.2-1
+       NOTE: https://www.openwall.com/lists/oss-security/2021/11/19/10
+       NOTE: 
https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
+       NOTE: 
https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh
 CVE-2021-41189 (DSpace is an open source turnkey repository application. In 
version 7. ...)
        NOT-FOR-US: DSpace
 CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 
5.7.6 c ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d56d88cc5c785d969a508f0628331a10384de55d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d56d88cc5c785d969a508f0628331a10384de55d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to