diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2022-01-17 17:26:32 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-01-17 17:26:32 +0100 |
| commit | eee6bce83d6ac018496f94b953d49e73fa764471 (patch) | |
| tree | 6bdef4cb7916e9de18f0095ec0e11d4e76be886b /data/CVE/list.2021 | |
| parent | 2c37fde13e99678ab04ca243dc12012e378b4b53 (diff) | |
buster/bullseye triage
Diffstat (limited to 'data/CVE/list.2021')
| -rw-r--r-- | data/CVE/list.2021 | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 1198b1def0..c9130d37be 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -3021,12 +3021,16 @@ CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12 CVE-2021-31566 [symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive] RESERVED - libarchive 3.5.2-1 (bug #1001990) + [bullseye] - libarchive <no-dsa> (Minor issue) + [buster] - libarchive <no-dsa> (Minor issue) NOTE: https://github.com/libarchive/libarchive/issues/1566 NOTE: https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 (v3.5.2) NOTE: https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b (v3.5.2) CVE-2021-23177 [extracting a symlink with ACLs modifies ACLs of target] RESERVED - libarchive 3.5.2-1 (bug #1001986) + [bullseye] - libarchive <no-dsa> (Minor issue) + [buster] - libarchive <no-dsa> (Minor issue) NOTE: https://github.com/libarchive/libarchive/issues/1565 NOTE: https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad (v3.5.2) CVE-2021-45104 @@ -4101,6 +4105,7 @@ CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write - golang-1.15 1.15.15-5 [bullseye] - golang-1.15 1.15.15-1~deb11u2 - golang-1.11 <removed> + [buster] - golang-1.11 <no-dsa> (Minor issue) - golang-1.8 <removed> - golang-1.7 <removed> NOTE: https://github.com/golang/go/issues/50057 @@ -5804,10 +5809,14 @@ CVE-2021-4000 (showdoc is vulnerable to URL Redirection to Untrusted Site ...) CVE-2021-3999 [Off-by-one buffer overflow/underflow in getcwd()] RESERVED - glibc <unfixed> + [bullseye] - glibc <no-dsa> (Minor issue) + [buster] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28769 CVE-2021-3998 [Unexpected return value from realpath() for too long results] RESERVED - glibc <unfixed> + [bullseye] - glibc <no-dsa> (Minor issue) + [buster] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28770 NOTE: https://patchwork.sourceware.org/project/glibc/patch/20220113055920.3155918-1-siddhesh@sourceware.org/ CVE-2021-3997 [Uncontrolled recursion in systemd's systemd-tmpfiles] @@ -5940,6 +5949,7 @@ CVE-2021-44039 RESERVED CVE-2021-44038 (An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod op ...) - quagga <removed> + [buster] - quagga <no-dsa> (Minor issue) [stretch] - quagga <postponed> (revisit when/if fixed upstream) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1191890 NOTE: Debian installed systemd unit files install the problematic redhat/*.service @@ -31315,6 +31325,7 @@ CVE-2021-33431 RESERVED CVE-2021-33430 (A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_N ...) - numpy 1:1.21.4-2 + [bullseye] - numpy <no-dsa> (Minor issue) NOTE: https://github.com/numpy/numpy/issues/18939 NOTE: https://github.com/numpy/numpy/pull/18989 NOTE: https://github.com/numpy/numpy/commit/16f7824b4d935b6aee98298ca4123d57174a6f2e (v1.22.0.dev0) |