diff options
author | Sylvain Beucler <beuc@beuc.net> | 2021-11-16 12:43:17 +0100 |
---|---|---|
committer | Sylvain Beucler <beuc@beuc.net> | 2021-11-16 12:44:33 +0100 |
commit | d5c9371f7d473d55f212761a2d2ad2e3b108cc47 (patch) | |
tree | 5bd125fa38d6e1521da3869995efe42e96ea87ce | |
parent | e8f8d131d167ccda387702a481b4b5635e37c1d3 (diff) |
busybox: stretch postponed
-rw-r--r-- | data/CVE/list.2021 | 9 | ||||
-rw-r--r-- | data/dla-needed.txt | 6 |
2 files changed, 9 insertions, 6 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index de744ce723..6b42e62e1c 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -3090,46 +3090,55 @@ CVE-2021-42386 (A use-after-free in Busybox's awk applet leads to denial of serv - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42385 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42384 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42383 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42382 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42381 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42380 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42379 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42378 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42377 (An attacker-controlled pointer free in Busybox's hush applet leads to ...) - busybox <unfixed> (bug #999567) diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 2147a6b286..7f3abc9441 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -18,12 +18,6 @@ ansible NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- -busybox (Sylvain Beucler) - NOTE: 20211111: dos issues are low impact and could be ignored, awk issues seem - NOTE: 20211111: only serious if executing untrusted code, so perhaps postpone, - NOTE: 20211111: but double-check (pochu) - NOTE: 20211113: waiting for further maintainer feedback & commit info (Beuc) --- debian-archive-keyring NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html NOTE: 20210920: Raphael answered. will backport today. (utkarsh) |