diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-20 10:20:37 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-20 10:20:37 +0100 |
commit | d56d88cc5c785d969a508f0628331a10384de55d (patch) | |
tree | a3db2b6628f50954f59d541a1b165adce2bcda82 /data | |
parent | 3b261c578f4cff666b1c38918ebb34ac701b9e1b (diff) |
Update notes on CVE-2021-41190
This is bit cumbersome to track. My understanding is that the CVE is
specifically for the specification issue. Several container projects
have mitigated the issue by releasing updates. Such as the mentioned
containerd and golang-github-opencontainers-image-spec.
As such keep it for now as NFU, tough making a note on the mitigations
in software.
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index 9579106413..d18b838834 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -9993,7 +9993,12 @@ CVE-2021-41192 CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. ...) NOT-FOR-US: Roblox-Purchasing-Hub CVE-2021-41190 (The OCI Distribution Spec project defines an API protocol to facilitat ...) - NOT-FOR-US: OCI Distribution Spec + NOT-FOR-US: OCI Distribution Specification + NOTE: Issue in the OCI Distribution Specification. Software mitigations are applied to + NOTE: containerd/1.5.8~ds1-1 and golang-github-opencontainers-image-spec/1.0.2-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/11/19/10 + NOTE: https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m + NOTE: https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh CVE-2021-41189 (DSpace is an open source turnkey repository application. In version 7. ...) NOT-FOR-US: DSpace CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...) |