Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c31d6a99 by Neil Williams at 2022-03-24T12:46:27+00:00
CVE-2021-42387/8, CVE-2021-43304/5 - clickhouse unfixed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26982,9 +26982,15 @@ CVE-2021-43307
CVE-2021-43306
RESERVED
CVE-2021-43305 (Heap buffer overflow in Clickhouse's LZ4 compression codec
when parsin ...)
- TODO: check
+ - clickhouse <unfixed> (bug #1008216)
+ NOTE:
https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9
(v22.3.2.2-lts)
+ NOTE:
https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d
(v22.3.2.2-lts)
+ NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec
when parsin ...)
- TODO: check
+ - clickhouse <unfixed> (bug #1008216)
+ NOTE:
https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9
(v22.3.2.2-lts)
+ NOTE:
https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d
(v22.3.2.2-lts)
+ NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An
attacker ...)
- asterisk <unfixed>
- pjproject <removed>
@@ -31163,15 +31169,21 @@ CVE-2021-42392 (The
org.h2.util.JdbcUtils.getConnection method of the H2 databas
NOTE: Fixed by
https://github.com/h2database/h2database/commit/41dd2a4cf89da9dd18239debbf73f88da6184ec7
NOTE:
https://github.com/h2database/h2database/commit/956c6241868332c5b440f5d55ea8fdc1e51ae4fd
CVE-2021-42391 (Divide-by-zero in Clickhouse's Gorilla compression codec when
parsing ...)
- TODO: check
+ - clickhouse <not-affected> (Vulnerable code introduced later)
CVE-2021-42390 (Divide-by-zero in Clickhouse's DeltaDouble compression codec
when pars ...)
- TODO: check
+ - clickhouse <not-affected> (Vulnerable code introduced later)
CVE-2021-42389 (Divide-by-zero in Clickhouse's Delta compression codec when
parsing a ...)
- TODO: check
+ - clickhouse <not-affected> (Vulnerable code introduced later)
CVE-2021-42388 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec
when par ...)
- TODO: check
+ - clickhouse <unfixed> (bug #1008216)
+ NOTE:
https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9
(v22.3.2.2-lts)
+ NOTE:
https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d
(v22.3.2.2-lts)
+ NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
CVE-2021-42387 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec
when par ...)
- TODO: check
+ - clickhouse <unfixed> (bug #1008216)
+ NOTE:
https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9
(v22.3.2.2-lts)
+ NOTE:
https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d
(v22.3.2.2-lts)
+ NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
CVE-2021-42386 (A use-after-free in Busybox's awk applet leads to denial of
service an ...)
- busybox <unfixed> (bug #999567)
[bullseye] - busybox <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c31d6a995b0e75799ffbec9dc71eb7d153f7c732
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c31d6a995b0e75799ffbec9dc71eb7d153f7c732
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
