Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aea46268 by Salvatore Bonaccorso at 2022-01-01T09:25:57+01:00
Add CVE-2021-45958/ujson
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,7 +9,12 @@ CVE-2021-45959 ({fmt} 7.1.0 through 8.0.1 has a stack-based
buffer overflow in f
NOTE: Introduced by:
https://github.com/fmtlib/fmt/commit/bd3c792507e1a1003f7532088e976665dcbe4628
(7.1.0)
NOTE: Fixed by:
https://github.com/fmtlib/fmt/commit/2038bf61831eb8faede0883965364a974d1350fe
CVE-2021-45958 (UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based
buffer ove ...)
- TODO: check
+ - ujson <unfixed>
+ [buster] - ujson <not-affected> (Vulnerable code introduced later)
+ [stretch] - ujson <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
+ NOTE: Introduced by:
https://github.com/ultrajson/ultrajson/commit/a920bfa9d85bcd78836b866d1be80c1e3dcca1da
(4.0.2)
+ TODO: claimed to be fixed, but 5525f8c9ef8bb879dadd0eb942d524827d1b0362
is not part of the repository
CVE-2021-45957 (Dnsmasq 2.86 has a heap-based buffer overflow in
answer_request (calle ...)
TODO: check
CVE-2021-45956 (Dnsmasq 2.86 has a heap-based buffer overflow in print_mac
(called fro ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aea46268732be502b0541e9c487bd83bc6f9f0a0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aea46268732be502b0541e9c487bd83bc6f9f0a0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
