diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2021-11-03 11:22:52 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-11-03 11:22:52 +0100 |
| commit | 3c6762fbe7869b82b86d539c653df9d67d6f5447 (patch) | |
| tree | c88ca6dc3ae2053211786656df41360e4140b42d | |
| parent | 467f46f006d3991e2995518011933c72783d9332 (diff) | |
Add ATS commit references (one still missing)
| -rw-r--r-- | data/CVE/2021.list | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 3fd119aed4..73d75fc728 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -449,6 +449,9 @@ CVE-2021-43082 [heap-buffer-overflow with stats-over-http plugin] RESERVED - trafficserver <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: https://github.com/apache/trafficserver/pull/8475 + NOTE: https://github.com/apache/trafficserver/commit/02b17dbe3cff71ffd31577d872e077531124d207 (master) + NOTE: commit was missed in 8.1 CVE-2021-3915 RESERVED CVE-2021-43081 @@ -3804,6 +3807,9 @@ CVE-2021-41585 [ATS stops accepting connections on FreeBSD] RESERVED - trafficserver <not-affected> (Only affects FreeBSD) NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: https://github.com/apache/trafficserver/pull/8456/ + NOTE: https://github.com/apache/trafficserver/commit/268b540edae0b3e51d033795a4dd7404a5756a93 (master) + NOTE: https://github.com/apache/trafficserver/commit/2b078741ecf14cbc7f5773b3e14ef0c1d3cf4cfb (8.1.x) CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a ...) NOT-FOR-US: Gradle Enterprise CVE-2021-41583 (vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packa ...) @@ -14260,14 +14266,23 @@ CVE-2021-37149 [Request Smuggling - multiple attacks] RESERVED - trafficserver <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: https://github.com/apache/trafficserver/pull/8458/ + NOTE: https://github.com/apache/trafficserver/commit/2addc8ca71449ceac0d5b80172460ee09c938f5e (8.1.x) + NOTE: https://github.com/apache/trafficserver/commit/83c89f3d217d473ecb000b68c910c0f183c3a355 (master) CVE-2021-37148 [Request Smuggling - transfer encoding validation] RESERVED - trafficserver <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: https://github.com/apache/trafficserver/pull/8457/ + NOTE: https://github.com/apache/trafficserver/commit/6e5070118a20772a30c3fccee2cf1c44f0a21fc0 (master) + NOTE: https://github.com/apache/trafficserver/commit/e2c9ac217f24dc3e91ff2c9f52b52093e8fb32d5 (8.1.x) CVE-2021-37147 [Request Smuggling - LF line ending] RESERVED - trafficserver <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: https://github.com/apache/trafficserver/commit/64f25678bfbbd1433cce703e3c43bcc49a53de56 (master) + NOTE: https://github.com/apache/trafficserver/commit/5cad961c87cb07fbb8fa6890685d9878a169378d (8.1.x) + NOTE: https://github.com/apache/trafficserver/pull/8460 CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...) [experimental] - ros-ros-comm 1.15.13+ds1-1 - ros-ros-comm 1.15.13+ds1-2 |