Merge branch 'CVE-2021-3698' into 'master'

Track fixed version for CVE-2021-3698/cockpit See merge request security-tracker-team/security-tracker!99
author: Salvatore Bonaccorso <carnil@debian.org> 2022-01-25 09:39:06 +0000
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-01-25 09:39:06 +0000
commit: 40dedd2bb158b4b2f26428ec7fda68665caa5330 (patch)
tree: e88fcface72691b3ad71217e4a08f5d0a41b1f3e
parent: 42190b82ad9c80cbe54aa8973e75046a550a3674 (diff)
parent: 392031c5bf5ff52136ea917b49ae0fcbbd82a672 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 5ec9d18a3d..88104251f6 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -20392,10 +20392,12 @@ CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 allo
 	NOT-FOR-US: Winner (aka ToneWinner) desktop speakers
 CVE-2021-3698 [authenticates with revoked certificates]
 	RESERVED
-	- cockpit <unfixed>
+	- cockpit 260-1
 	[bullseye] - cockpit <no-dsa> (Minor issue)
 	[buster] - cockpit <not-affected> (Vulnerable code not present, introduced in 208)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1992149
+	NOTE: Needs sssd 2.6.1
+	NOTE: https://cockpit-project.org/blog/cockpit-260.html
 CVE-2021-3697
 	RESERVED
 CVE-2021-3696
author	Salvatore Bonaccorso <carnil@debian.org>	2022-01-25 09:39:06 +0000
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-01-25 09:39:06 +0000
commit	40dedd2bb158b4b2f26428ec7fda68665caa5330 (patch)
tree	e88fcface72691b3ad71217e4a08f5d0a41b1f3e
parent	42190b82ad9c80cbe54aa8973e75046a550a3674 (diff)
parent	392031c5bf5ff52136ea917b49ae0fcbbd82a672 (diff)