Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a98b4826 by Salvatore Bonaccorso at 2021-12-07T09:27:04+01:00 Add CVE-2021-44686/calibre Note that the CVE description is wrong, but the upstream commit 235b7e38c197 ("Fix inefficient regex that slows down a lot with certain input. Fixes #1951979 [Private bug](https://bugs.launchpad.net/calibre/+bug/1951979)") references the right launchpad bug and is about the described issue. Additionally matches the information from LP: 1951979. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -11,7 +11,9 @@ CVE-2021-44688 CVE-2021-44687 RESERVED CVE-2021-44686 (calibre before 5.32.0 contains a regular expression that is vulnerable ...) - TODO: check + - calibre 5.33.0+dfsg-1 + NOTE: https://bugs.launchpad.net/calibre/+bug/1951979 + NOTE: https://github.com/kovidgoyal/calibre/commit/235b7e38c197ba4a3c17531e516610af8795e348 (v5.33.0) CVE-2021-44685 (Git-it through 4.4.0 allows OS command injection at the Branches Aren' ...) TODO: check CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection. The ran ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a98b48261e319048e8cd7b88f7b3ec8973dd9cd5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a98b48261e319048e8cd7b88f7b3ec8973dd9cd5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
