diff options
| author | Sylvain Beucler <beuc@beuc.net> | 2021-09-24 19:51:59 +0200 |
|---|---|---|
| committer | Sylvain Beucler <beuc@beuc.net> | 2021-09-24 19:59:44 +0200 |
| commit | e06f71333e8f6d278a1905374cbbcc4ff0bfe6fd (patch) | |
| tree | 9c158c694e70da825fc56004f609026d143562c8 /data | |
| parent | b8ec462722ed500d14e216cc37e46e179a4fa169 (diff) | |
CVE-2021-36160: affects uwsgi
(prior merging mod_proxy_uwsgi into Apache 2.4.30)
only binary:libapache2-mod-proxy-uwsgi/stretch should be affected
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 1 | ||||
| -rw-r--r-- | data/dla-needed.txt | 2 |
2 files changed, 3 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index affd57cbe1..dab664e4ac 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -12461,6 +12461,7 @@ CVE-2021-36161 (Some component in Dubbo will try to print the formated string of NOT-FOR-US: Apache Dubbo CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi to read ...) - apache2 2.4.49-1 + - uwsgi <unfixed> NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-36160 NOTE: https://github.com/apache/httpd/commit/b364cad72b48dd40fbc2850e525b845406520f0b CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and other prod ...) diff --git a/data/dla-needed.txt b/data/dla-needed.txt index f0000f7274..8bd48260d3 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -112,3 +112,5 @@ squashfs-tools (Thorsten Alteholz) -- tiff (Utkarsh) -- +uwsgi (Sylvain Beucler) +-- |