Add CVE-2021-41617/openssh

author: Salvatore Bonaccorso <carnil@debian.org> 2021-09-26 20:54:11 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-09-26 20:54:11 +0200
commit: 8b0a801aa4ad4d912fbae843e6f0a2dd721db3c8 (patch)
tree: d9515b04d44effedfd705509bb8352006d3a987a
parent: 67bc0df3a5f7d6ceaacddd0d52571a12b9cc715f (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list
index cf203e933d..398fe4052b 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,10 @@
+CVE-2021-41617 [does not correctly initialize supplementary groups when executing AuthorizedKeysCommand or AuthorizedPrincipalsCommand]
+	- openssh <unfixed>
+	[bullseye] - openssh <no-dsa> (Minor issue)
+	[buster] - openssh <no-dsa> (Minor issue)
+	NOTE: https://www.openwall.com/lists/oss-security/2021/09/26/1
+	NOTE: https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455
+	NOTE: https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde
 CVE-2021-41615
 	RESERVED
 CVE-2021-41614
author	Salvatore Bonaccorso <carnil@debian.org>	2021-09-26 20:54:11 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-09-26 20:54:11 +0200
commit	8b0a801aa4ad4d912fbae843e6f0a2dd721db3c8 (patch)
tree	d9515b04d44effedfd705509bb8352006d3a987a
parent	67bc0df3a5f7d6ceaacddd0d52571a12b9cc715f (diff)