Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f0fb24b6 by Moritz Mühlenhoff at 2021-12-28T11:44:17+01:00
more RPKI updates
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9999,9 +9999,14 @@ CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up
to and including 0.10.1,
CVE-2021-43173 (In NLnet Labs Routinator prior to 0.10.2, a validation run can
be dela ...)
- routinator <itp> (bug #929024)
- cfrpki 1.4.0-1
+ - fort-validator 1.5.3-1
+ - rpki-client 7.5-1
NOTE:
https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 happily processes a
chain of RRD ...)
- routinator <itp> (bug #929024)
+ - fort-validator <unfixed>
+ - cfrpki <unfixed>
+ - rpki-client 7.5-1
NOTE:
https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
CVE-2021-3917
RESERVED
@@ -10335,6 +10340,7 @@ CVE-2021-43034 (An issue was discovered in Kaseya
Unitrends Backup Appliance bef
CVE-2021-43033 (An issue was discovered in Kaseya Unitrends Backup Appliance
before 10 ...)
NOT-FOR-US: Kaseya
CVE-2021-3912 (OctoRPKI tries to load the entire contents of a repository in
memory, ...)
+ - routinator <itp> (bug #929024)
- cfrpki 1.4.0-1
NOTE:
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g9wh-3vrx-r7hg
CVE-2021-3911 (If the ROA that a repository returns contains too many bits for
the IP ...)
@@ -10344,13 +10350,18 @@ CVE-2021-3910 (OctoRPKI crashes when encountering a
repository that returns an i
- cfrpki 1.4.0-1
NOTE:
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-5mxh-2qfv-4g7j
CVE-2021-3909 (OctoRPKI does not limit the length of a connection, allowing
for a slo ...)
+ - routinator <itp> (bug #929024)
- cfrpki 1.4.0-1
+ - fort-validator 1.5.3-1
+ - rpki-client 7.5-1
NOTE:
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8cvr-4rrf-f244
CVE-2021-3908 (OctoRPKI does not limit the depth of a certificate chain,
allowing for ...)
- cfrpki 1.4.0-1
+ - routinator <itp> (bug #929024)
NOTE:
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq
CVE-2021-3907 (OctoRPKI does not escape a URI with a filename containing "..",
this a ...)
- cfrpki 1.4.0-1
+ - fort-validator 1.5.3-1
NOTE:
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh
CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with
Dangerous ...)
NOT-FOR-US: bookstack
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0fb24b6ed4be001a8d83cb2beeb20ae6c549de3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0fb24b6ed4be001a8d83cb2beeb20ae6c549de3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
