Add ATS commit references (one still missing)

author: Moritz Muehlenhoff <jmm@debian.org> 2021-11-03 11:22:52 +0100
committer: Moritz Muehlenhoff <jmm@debian.org> 2021-11-03 11:22:52 +0100
commit: cce5c0125759612419c47ed33b739055bf63bd40 (patch)
tree: 041bcfb396d561c509febad512857beb9f88d690
parent: ab575cdbea19e68de61473bc794c24edaeb2517a (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 3fd119aed4..73d75fc728 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -449,6 +449,9 @@ CVE-2021-43082 [heap-buffer-overflow with stats-over-http plugin]
 	RESERVED
 	- trafficserver <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+	NOTE: https://github.com/apache/trafficserver/pull/8475
+	NOTE: https://github.com/apache/trafficserver/commit/02b17dbe3cff71ffd31577d872e077531124d207 (master)
+	NOTE: commit was missed in 8.1
 CVE-2021-3915
 	RESERVED
 CVE-2021-43081
@@ -3804,6 +3807,9 @@ CVE-2021-41585 [ATS stops accepting connections on FreeBSD]
 	RESERVED
 	- trafficserver <not-affected> (Only affects FreeBSD)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+	NOTE: https://github.com/apache/trafficserver/pull/8456/
+	NOTE: https://github.com/apache/trafficserver/commit/268b540edae0b3e51d033795a4dd7404a5756a93 (master)
+	NOTE: https://github.com/apache/trafficserver/commit/2b078741ecf14cbc7f5773b3e14ef0c1d3cf4cfb (8.1.x)
 CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a  ...)
 	NOT-FOR-US: Gradle Enterprise
 CVE-2021-41583 (vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packa ...)
@@ -14260,14 +14266,23 @@ CVE-2021-37149 [Request Smuggling - multiple attacks]
 	RESERVED
 	- trafficserver <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+	NOTE: https://github.com/apache/trafficserver/pull/8458/
+	NOTE: https://github.com/apache/trafficserver/commit/2addc8ca71449ceac0d5b80172460ee09c938f5e (8.1.x)
+	NOTE: https://github.com/apache/trafficserver/commit/83c89f3d217d473ecb000b68c910c0f183c3a355 (master)
 CVE-2021-37148 [Request Smuggling - transfer encoding validation]
 	RESERVED
 	- trafficserver <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+	NOTE: https://github.com/apache/trafficserver/pull/8457/
+	NOTE: https://github.com/apache/trafficserver/commit/6e5070118a20772a30c3fccee2cf1c44f0a21fc0 (master)
+	NOTE: https://github.com/apache/trafficserver/commit/e2c9ac217f24dc3e91ff2c9f52b52093e8fb32d5 (8.1.x)
 CVE-2021-37147 [Request Smuggling - LF line ending]
 	RESERVED
 	- trafficserver <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+	NOTE: https://github.com/apache/trafficserver/commit/64f25678bfbbd1433cce703e3c43bcc49a53de56 (master)
+	NOTE: https://github.com/apache/trafficserver/commit/5cad961c87cb07fbb8fa6890685d9878a169378d (8.1.x)
+	NOTE: https://github.com/apache/trafficserver/pull/8460
 CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...)
 	[experimental] - ros-ros-comm 1.15.13+ds1-1
 	- ros-ros-comm 1.15.13+ds1-2
author	Moritz Muehlenhoff <jmm@debian.org>	2021-11-03 11:22:52 +0100
committer	Moritz Muehlenhoff <jmm@debian.org>	2021-11-03 11:22:52 +0100
commit	cce5c0125759612419c47ed33b739055bf63bd40 (patch)
tree	041bcfb396d561c509febad512857beb9f88d690
parent	ab575cdbea19e68de61473bc794c24edaeb2517a (diff)