diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-07 17:45:51 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-07 17:45:51 +0100 |
| commit | e19311f41a556d8312994ad6739f3f33d9224035 (patch) | |
| tree | 4f6e60bdbff39ddf943b9e66cf5dec1cee00c3e5 | |
| parent | 9c1d4a499c24e071b50a288cda7b55a029da5148 (diff) | |
Update todo item for CVE-2021-45958/ujson
| -rw-r--r-- | data/CVE/list.2021 | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index b8c23de9c0..050908e2bb 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1728,7 +1728,7 @@ CVE-2021-45959 CVE-2021-45958 (UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based buffer ove ...) - ujson <undetermined> NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009 - TODO: claimed to be fixed in range https://github.com/ultrajson/ultrajson/compare/e3ccc5a1ff945275106d9323c00683fafeffc04a...682c6601569980e9a8a05378d3c1478db30384bc which seem to indicate the fuzzing did not really was helpful and CVE is bogus + TODO: wait for clarification in https://github.com/ultrajson/ultrajson/issues/502 CVE-2021-45957 (Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (calle ...) - dnsmasq <unfixed> (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35920 |