Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9f0714c8 by Thorsten Alteholz at 2022-02-10T23:43:59+01:00
mark CVE-2021-4091 as not-affected for Stretch
- - - - -
b88de0f6 by Thorsten Alteholz at 2022-02-10T23:44:00+01:00
mark CVE-2021-4213 as postponed for Stretch
- - - - -
3469d96b by Thorsten Alteholz at 2022-02-10T23:44:02+01:00
mark CVE-2021-46020 as postponed for Stretch
- - - - -
5b1af52e by Thorsten Alteholz at 2022-02-10T23:44:03+01:00
mark CVE-2021-45429 as no-dsa for Stretch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2948,6 +2948,7 @@ CVE-2021-4214
CVE-2021-4213
RESERVED
- jss <unfixed>
+ [stretch] - jss <postponed> (revisit when/if fix is complete)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2042900
CVE-2022-23941
RESERVED
@@ -8811,6 +8812,7 @@ CVE-2021-46021 (An Use-After-Free vulnerability in
rec_record_destroy() at rec-r
NOTE: Negligible security impact
CVE-2021-46020 (An untrusted pointer dereference in mrb_vm_exec() of mruby
v3.0.0 can ...)
- mruby <unfixed>
+ [stretch] - mruby <postponed> (revisit when/if fix is complete)
NOTE: https://github.com/mruby/mruby/issues/5613
TODO: check details
CVE-2021-46019 (An untrusted pointer dereference in rec_db_destroy() at
rec-db.c of GN ...)
@@ -11079,6 +11081,7 @@ CVE-2021-45430
RESERVED
CVE-2021-45429 (A Buffer Overflow vulnerablity exists in VirusTotal YARA git
commit: 6 ...)
- yara <unfixed>
+ [stretch] - yara <no-dsa> (Minor issue)
NOTE: https://github.com/VirusTotal/yara/issues/1616
NOTE:
https://github.com/VirusTotal/yara/commit/a36b497926b141624ea673111a101e9ddd7ac2eb
(v4.2.0-rc1)
CVE-2021-45428 (TLR-2005KSH is affected by an incorrect access control
vulnerability. ...)
@@ -13299,6 +13302,7 @@ CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site
Request Forgery (CSRF) .
CVE-2021-4091 [double-free of the virtual attribute context in persistent
search]
RESERVED
- 389-ds-base <unfixed>
+ [stretch] - 389-ds-base <not-affected> (Vulnerable code introduced
later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030307
NOTE: Introduced by:
https://github.com/389ds/389-ds-base/commit/74c666b83e3e1789c2ef3f7935c327bd7555193e
(389-ds-base-1.3.6.4)
CVE-2021-4090 [Overflow of bmval[bmlen-1] in nfsd4_decode_bitmap function]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2a66b000c58c5cec6965d871dc0816d55238d8c9...5b1af52e9d515640677defac13a37f09a3e834b4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2a66b000c58c5cec6965d871dc0816d55238d8c9...5b1af52e9d515640677defac13a37f09a3e834b4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
