Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4520d8d1 by Sylvain Beucler at 2022-01-12T18:53:35+01:00
CVE-2021-3997/systemd: stretch ignored
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9177,10 +9177,12 @@ CVE-2021-3997 [Uncontrolled recursion in systemd's
systemd-tmpfiles]
- systemd 250.2-1 (bug #1003467)
[bullseye] - systemd <no-dsa> (Minor issue; can be fixed via point
release)
[buster] - systemd <ignored> (Minor issue; not exploitable before
upstream commit e535840)
+ [stretch] - systemd <ignored> (Minor issue; utility segfault; not
exploitable before upstream commit e535840, PoC doesn't segfault on stretch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024639
NOTE: https://github.com/systemd/systemd/pull/22070
NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/2
NOTE: Exploitable after (but present before):
https://github.com/systemd/systemd/commit/e5358401b5df8d395e99815b7a69b8424887472c
(v242-rc1)
+ NOTE: PoC still crashes on jessie/215-17+deb8u14
NOTE: Prerequisite/Preparation:
https://github.com/systemd/systemd/commit/3bac86abfa1b1720180840ffb9d06b3d54841c11
NOTE: Prerequisite/Preparation:
https://github.com/systemd/systemd/commit/84ced330020c0bae57bd4628f1f44eec91304e69
NOTE: Fixed by:
https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4520d8d1a2a1cf48dfb10913f5554fabd2983af4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4520d8d1a2a1cf48dfb10913f5554fabd2983af4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
