Add CVE-2021-3671/{heimdal,samba}

author: Salvatore Bonaccorso <carnil@debian.org> 2021-10-12 22:53:38 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-10-12 22:56:34 +0200
commit: db6d1aa987e274db47ae21d8e3e672fece99f18b (patch)
tree: d2eaf4ead8234d54259db586e35fd5c52a599c1b /data
parent: 474197547ec91e1c4d7f8ee380fd88abd651a055 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 3f58889ada..0e1ad22dd2 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11068,7 +11068,17 @@ CVE-2021-37716 (A remote buffer overflow vulnerability was discovered in Aruba S
 CVE-2021-37715 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
 	NOT-FOR-US: Aruba
 CVE-2021-3671 (A null pointer de-reference was found in the way samba kerberos server ...)
-	TODO: check
+	- heimdal <unfixed>
+	[bullseye] - heimdal <no-dsa> (Minor issue)
+	[buster] - heimdal <no-dsa> (Minor issue)
+	- samba <unfixed>
+	[bullseye] - samba <no-dsa> (Minor issue)
+	[buster] - samba <no-dsa> (Minor issue)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2013080
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14770
+	NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
+	NOTE: Followup: https://github.com/heimdal/heimdal/commit/773802aecfb4b6a73817fa522faeb55b2a7cdb2a
+	NOTE: "Equivalent" issue for CVE-2021-37750 for the MIT krb5 vulnerability.
 CVE-2021-3670
 	RESERVED
 CVE-2021-37714 (jsoup is a Java library for working with HTML. Those using jsoup versi ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2021-10-12 22:53:38 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-10-12 22:56:34 +0200
commit	db6d1aa987e274db47ae21d8e3e672fece99f18b (patch)
tree	d2eaf4ead8234d54259db586e35fd5c52a599c1b /data
parent	474197547ec91e1c4d7f8ee380fd88abd651a055 (diff)