Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8f90f5b6 by Moritz Muehlenhoff at 2024-10-30T10:03:05+01:00
update the tracking for libyang to cover libyang 1/2/3 correctly
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -131232,17 +131232,21 @@ CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and
0.2.5 is vulnerable to sandbox
CVE-2023-26918 (Diasoft File Replication Pro 7.5.0 allows attackers to
escalate privil ...)
NOT-FOR-US: Diasoft File Replication Pro
CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a
NULL poin ...)
+ - libyang 3.4.2+dfsg-2 (bug #989060)
- libyang2 2.1.148-0.1 (bug #1034724)
- [bookworm] - libyang2 <no-dsa> (Minor issue)
+ [bookworm] - libyang2 <ignored> (Minor issue)
[bullseye] - libyang2 <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/issues/1987
NOTE:
https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090
(v2.1.55)
+ NOTE: src:libyang was removed and later re-introduced as src:libyang
with version 3
CVE-2023-26916 (libyang from v2.0.164 to v2.1.30 was discovered to contain a
NULL poin ...)
+ - libyang 3.4.2+dfsg-2 (bug #989060)
- libyang2 2.1.148-0.1 (bug #1034154)
- [bookworm] - libyang2 <no-dsa> (Minor issue)
+ [bookworm] - libyang2 <ignored> (Minor issue)
[bullseye] - libyang2 <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/issues/1979
NOTE:
https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096
(v2.1.55)
+ NOTE: src:libyang was removed and later re-introduced as src:libyang
with version 3
CVE-2023-26915
RESERVED
CVE-2023-26914
@@ -276634,30 +276638,45 @@ CVE-2021-28908
CVE-2021-28907
RESERVED
CVE-2021-28906 (In function read_yin_leaf() in libyang <= v1.0.225, it doesn't
check w ...)
- - libyang <removed> (bug #989060)
+ - libyang2 <not-affected> (Fixed before initial upload)
+ - libyang 3.4.2+dfsg-2 (bug #989060)
[bullseye] - libyang <no-dsa> (Minor issue)
[buster] - libyang <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/issues/1455
+ NOTE:
https://github.com/CESNET/libyang/commit/a3917d95d516e3de267d3cfa5d4d3715a90e8777
(v1.0.240)
+ NOTE: src:libyang was removed and later re-introduced as src:libyang
with version 3
CVE-2021-28905 (In function lys_node_free() in libyang <= v1.0.225, it asserts
that th ...)
- - libyang <removed> (bug #989060)
+ - libyang2 <not-affected> (Fixed before initial upload)
+ - libyang 3.4.2+dfsg-2 (bug #989060)
[bullseye] - libyang <no-dsa> (Minor issue)
[buster] - libyang <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/issues/1452
+ NOTE:
https://github.com/CESNET/libyang/commit/5ce30801f9ccc372bbe9b7c98bb5324b15fb010a
(v1.0.253)
+ NOTE: src:libyang was removed and later re-introduced as src:libyang
with version 3
CVE-2021-28904 (In function ext_get_plugin() in libyang <= v1.0.225, it
doesn't check ...)
- - libyang <removed> (bug #989060)
+ - libyang2 <not-affected> (Fixed before initial upload)
+ - libyang 3.4.2+dfsg-2 (bug #989060)
[bullseye] - libyang <no-dsa> (Minor issue)
[buster] - libyang <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/issues/1451
+ NOTE:
https://github.com/CESNET/libyang/commit/59a0bff1a5a2f0a0eac07e4bf94d4aea9dd3708d
(v1.0.253)
+ NOTE: src:libyang was removed and later re-introduced as src:libyang
with version 3
CVE-2021-28903 (A stack overflow in libyang <= v1.0.225 can cause a denial of
service ...)
- - libyang <removed> (bug #989060)
+ - libyang2 <not-affected> (Fixed before initial upload)
+ - libyang 3.4.2+dfsg-2 (bug #989060)
[bullseye] - libyang <no-dsa> (Minor issue)
[buster] - libyang <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/issues/1453
+ NOTE:
https://github.com/CESNET/libyang/commit/298b30ea4ebee137226acf9bb38678bd82704582
(v1.0.240)
+ NOTE: src:libyang was removed and later re-introduced as src:libyang
with version 3
CVE-2021-28902 (In function read_yin_container() in libyang <= v1.0.225, it
doesn't ch ...)
- - libyang <removed> (bug #989060)
+ - libyang2 <not-affected> (Fixed before initial upload)
+ - libyang 3.4.2+dfsg-2 (bug #989060)
[bullseye] - libyang <no-dsa> (Minor issue)
[buster] - libyang <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/issues/1454
+ NOTE:
https://github.com/CESNET/libyang/commit/a3917d95d516e3de267d3cfa5d4d3715a90e8777
(v1.0.240)
+ NOTE: src:libyang was removed and later re-introduced as src:libyang
with version 3
CVE-2021-28901 (Multiple cross-site scripting (XSS) vulnerabilities exist in
SITA Soft ...)
NOT-FOR-US: Sita Software Azur CMS.
CVE-2021-28900
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f90f5b623179ec50ca91ed76a6f07d770c94fb9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f90f5b623179ec50ca91ed76a6f07d770c94fb9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
