diff options
| author | Sylvain Beucler <beuc@beuc.net> | 2021-11-16 12:43:17 +0100 |
|---|---|---|
| committer | Sylvain Beucler <beuc@beuc.net> | 2021-11-16 12:44:33 +0100 |
| commit | 21015967db6959d7fce85c705bd5b4125c51de53 (patch) | |
| tree | 3df999defaec79ce96806162c78041735adac679 | |
| parent | 24f7b40f6958a88e1d6361fa1c70574aa841c576 (diff) | |
busybox: stretch postponed
| -rw-r--r-- | data/CVE/2021.list | 9 | ||||
| -rw-r--r-- | data/dla-needed.txt | 6 |
2 files changed, 9 insertions, 6 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index de744ce723..6b42e62e1c 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -3090,46 +3090,55 @@ CVE-2021-42386 (A use-after-free in Busybox's awk applet leads to denial of serv - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42385 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42384 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42383 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42382 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42381 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42380 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42379 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42378 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox <unfixed> (bug #999567) [bullseye] - busybox <no-dsa> (Minor issue) [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42377 (An attacker-controlled pointer free in Busybox's hush applet leads to ...) - busybox <unfixed> (bug #999567) diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 2147a6b286..7f3abc9441 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -18,12 +18,6 @@ ansible NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- -busybox (Sylvain Beucler) - NOTE: 20211111: dos issues are low impact and could be ignored, awk issues seem - NOTE: 20211111: only serious if executing untrusted code, so perhaps postpone, - NOTE: 20211111: but double-check (pochu) - NOTE: 20211113: waiting for further maintainer feedback & commit info (Beuc) --- debian-archive-keyring NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html NOTE: 20210920: Raphael answered. will backport today. (utkarsh) |