[Debian-med-packaging] Bug#1009900: fis-gtm: Multiple CVEs in fis-gtm

Thu Apr 21 07:50:51 BST 2022

On Wed, 20 Apr 2022 19:55:02 +0000
"Shah, Amul" <Amul.Shah at fisglobal.com> wrote:

> Hi Andreas,
> In FIS's opinion, the CVE references are not actionable.

(The usual term would be "exploitable".) I understand that, the CVEs
arose from fuzz testing, so represent weaknesses, not active attacks.

> One must
> have host access and the ability to modify application source files.
> Those users are typically database/systems administrators or a MUMPS
> application developer. We expect that only privileged users have
> direct access to the host with the application gating access to
> external users. By itself, GT.M does not confer any extra privileges.
> 
> How long we have to address these CVEs? 

I did not set an RC severity, I chose 'important' on the basis of the
description in the upstream issue. There is no specific time limit for
these CVEs - the vulnerabilities are already public, not embargoed
until a set date. The highest severities are reserved for remotely
exploitable CVEs.

For unstable, the best fix would seem to be a new upstream release.
There are multiple CVEs, some CVEs reference multiple commits.

> If immediate, I can
> back-patch the specific fixes that address the CVEs. I say back patch
> because V6.3-014 was the last V6 version with a V6 block format
> database. The current V7 GT.M versions do not have an upgrade path to
> the V7 block format. We do not want to release a GT.M version to
> debmed without such an upgrade feature. If there is time, then we are
> working a V7 version with the V6 to V7 block upgrade capability and
> would like to release that.

Seems sensible.

> 
> Thanks,
> Amul
> 
> -----Original Message-----
> From: Andreas Tille <andreas at an3as.eu>
> Sent: Wednesday, April 20, 2022 3:00 PM
> To: Neil Williams <codehelp at debian.org>; 1009900 at bugs.debian.org;
> Shah, Amul <Amul.Shah at fisglobal.com> Subject: Re: Bug#1009900:
> fis-gtm: Multiple CVEs in fis-gtm
> 
> Hi Amul,
> 
> I guess a new upstream version will fix this.  Are you able to prepare
> the latest version?
> 
> Kind regards
> 
>        Andreas.
> 
> Am Wed, Apr 20, 2022 at 11:13:31AM +0100 schrieb Neil Williams:
> > Source: fis-gtm
> > Version: 6.3-014-3
> > Severity: important
> > Tags: security
> > X-Debbugs-Cc: codehelp at debian.org, Debian Security Team
> > <team at security.debian.org>
> >
> > Hi,
> >
> > The following vulnerabilities were published for fis-gtm.
> >
> > CVE-2021-44492[0]:
> > | An issue was discovered in YottaDB through r1.32 and V7.0-000 and
> > FIS | GT.M through V7.0-000. Using crafted input, attackers can
> > cause a type | to be incorrectly initialized in the function f_incr
> > in | sr_port/f_incr.c and cause a crash due to a NULL pointer
> > dereference.
> >
> >
> > CVE-2021-44493[1]:
> > | An issue was discovered in YottaDB through r1.32 and V7.0-000 and
> > FIS | GT.M through V7.0-000. Using crafted input, an attacker can
> > cause a | call to $Extract to force an signed integer holding the
> > size of a | buffer to take on a large negative number, which is
> > then used as the | length of a memcpy call that occurs on the
> > stack, causing a buffer | overflow.
> >
> >
> > CVE-2021-44494[2]:
> > | An issue was discovered in YottaDB through r1.32 and V7.0-000 and
> > FIS | GT.M through V7.0-000. Using crafted input, an attacker can
> > cause | calls to ZRead to crash due to a NULL pointer dereference.
> >
> >
> > CVE-2021-44495[3]:
> > | An issue was discovered in YottaDB through r1.32 and V7.0-000 and
> > FIS | GT.M through V7.0-000. Using crafted input, an attacker can
> > cause a | NULL pointer dereference after calls to ZPrint.
> >
> >
> > CVE-2021-44496[4]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, an attacker can
> > control the | size variable and buffer that is passed to a call to
> > memcpy. An | attacker can use this to overwrite key data structures
> > and gain | control of the flow of execution.
> >
> >
> > CVE-2021-44497[5]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, can cause the bounds
> > of a for | loop to be miscalculated, which leads to a use after
> > free condition a | pointer is pushed into previously free memory by
> > the loop.
> >
> >
> > CVE-2021-44498[6]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, attackers can cause
> > a type to | be incorrectly initialized in the function f_incr in
> > sr_port/f_incr.c | and cause a crash due to a NULL pointer
> > dereference.
> >
> >
> > CVE-2021-44499[7]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, an attacker can
> > cause a call | to $Extract to force an signed integer holding the
> > size of a buffer to | take on a large negative number, which is
> > then used as the length of a | memcpy call that occurs on the
> > stack, causing a buffer overflow.
> >
> >
> > CVE-2021-44500[8]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). A lack of input validation in calls to
> > eb_div in | sr_port/eb_muldiv.c allows attackers to crash the
> > application by | performing a divide by zero.
> >
> >
> > CVE-2021-44501[9]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, an attacker can
> > cause calls | to ZRead to crash due to a NULL pointer dereference.
> >
> >
> > CVE-2021-44502[10]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, an attacker can
> > control the | size of a memset that occurs in calls to util_format
> > in | sr_unix/util_output.c.
> >
> >
> > CVE-2021-44503[11]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, an attacker can
> > cause a call | to va_arg on an empty variadic parameter list, most
> > likely causing a | memory segmentation fault.
> >
> >
> > CVE-2021-44504[12]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, an attacker can
> > cause a size | variable, stored as an signed int, to equal an
> > extremely large value, | which is interpreted as a negative value
> > during a check. This value is | then used in a memcpy call on the
> > stack, causing a memory segmentation | fault.
> >
> >
> > CVE-2021-44505[13]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, an attacker can
> > cause a NULL | pointer dereference after calls to ZPrint.
> >
> >
> > CVE-2021-44506[14]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). A lack of input validation in calls to
> > do_verify | in sr_unix/do_verify.c allows attackers to attempt to
> > jump to a NULL | pointer by corrupting a function pointer.
> >
> >
> > CVE-2021-44507[15]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). A lack of parameter validation in calls
> > to memcpy | in str_tok in sr_unix/ztimeoutroutines.c allows
> > attackers to attempt | to read from a NULL pointer.
> >
> >
> > CVE-2021-44508[16]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). A lack of NULL checks in calls to
> > ious_open in | sr_unix/ious_open.c allows attackers to crash the
> > application by | dereferencing a NULL pointer.
> >
> >
> > CVE-2021-44509[17]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, attackers can cause
> > an | integer underflow of the size of calls to memset in op_fnj3 in
> > | sr_port/op_fnj3.c in order to cause a segmentation fault and
> > crash the | application.
> >
> >
> > CVE-2021-44510[18]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, attackers can cause a
> > | calculation of the size of calls to memset in op_fnj3 in
> > | sr_port/op_fnj3.c to result in an extremely large value in order
> > to | cause a segmentation fault and crash the application.
> >
> >
> > If you fix the vulnerabilities please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) ids in your changelog
> > entry.
> >
> > For further information see:
> >
> > [0]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44492&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MO%2F53JL2tTtrAuD1fYD9c0uvc2UQil3qNB9EjOaW55Y%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44492&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=J5qCClgGPMjcYM%2BVTbg7LG7jst%2FTzHpdJ4vCEYawHXk%3D&reserved=0
> > [1]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44493&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0IBF8UOZNjuWhXu5hZAHX3cz9tH3oxg4lFwG%2F7P2UOk%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44493&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=T%2BFjkJrHwQpwEQII6Y1Ix8uLRpVgTpIPgaq8sOnwZ9o%3D&reserved=0
> > [2]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44494&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=v0NPvJmOpuMd1lCODQzT4Gct0hK41aZfzN%2BxI%2BIvy9w%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44494&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=HQB7pbnX28KQ51TSvxvMhQodtDbhn7cADciEz0vPSqI%3D&reserved=0
> > [3]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44495&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MlNv%2BC1BKBY1%2Fovq3SEODaa1kt13yPM4pRHVPOP3nhI%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44495&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fAs6VSzxQQOaHbKW6rsHP2I8bkzW4MYdVIDDjofgWFY%3D&reserved=0
> > [4]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44496&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CjOAXDfFIjoNJskWE2EPPQf4db%2F%2Ftj5BmaoC2RTsCpE%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44496&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=uYtSpQsVgfMrDlqI4r36GH5zjk7YkKXKbEQcGcsWGjE%3D&reserved=0
> > [5]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44497&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=j9bZhcc1B9562NViWrzhwfomNU25ctMZiybJWHiIagg%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44497&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=bwP9jV9Nbj8FZiac02sMHPILX14ZE4NMd%2FFpoA%2FIIsg%3D&reserved=0
> > [6]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44498&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=rPUtCCHfpacM1AZMH9ZIeuFDS%2BewyZnY%2FAkHdjRC7kY%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44498&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=kLE2j3VltsCLtkCVdMa1x%2Besr9b1j09EbXmTtzejXrA%3D&reserved=0
> > [7]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44499&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=l2Au5YJzBavKF6V1u%2Fx4y22mVPh7X7NAlzG0tPlAEGY%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44499&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hAj3rdwL9gQNMQerX6EUnHHPGCj8Ue%2BY3xjLJQmyXxU%3D&reserved=0
> > [8]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44500&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2Flkp5cGfZwySQP2ZO9Z40prwUaPj0zzj%2FBI5TYYCdx0%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44500&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Zxvw1oB2s4VhKzvnJB00AIxPtzw4Ieh2I%2FF7lkB%2BMPI%3D&reserved=0
> > [9]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44501&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YSlq8k814QlBC2C6H%2FvGvey5gSJp979vgQde4geAlb8%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44501&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=oZzB6nScUwkWrMSpX4iHPtYUjgIUdaBW5JYGP4YAdCI%3D&reserved=0
> > [10]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44502&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hlr%2FACHA2FIc8W2JN4OJ9%2Be1c7lRRDE5L9IskMJL%2B3U%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44502&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=orFOLCB7Q5j0ves%2FGYwTJ2ut6DaIG25VjHRyuQoo8Pc%3D&reserved=0
> > [11]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44503&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=LjVxIT2VcJ9sWsbdCWroFYf1Dtv%2FymXlk%2FZJsUKtTuA%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44503&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=QLM7K68pr0ZjaWmape%2BbR7FvCSAk5DWoTrThkwtRKwM%3D&reserved=0
> > [12]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44504&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iEqFm2ybDEU4HhClXDg83pSGKzAkHcVCbgM6cvs3XY4%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44504&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ByfXEl3MFBxsQkzHSwL89Ou4pKVIGH7POLx3KaN7w2Y%3D&reserved=0
> > [13]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44505&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8xQwUvyUZ3PLuLh2wHRtYfrUuaqQMv%2F0E7dPYXl%2FbH4%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44505&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FyrXvGyR5QGiqexsVfp2z3upgz4JzdyKDVdmZ%2FE8Ehc%3D&reserved=0
> > [14]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44506&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=uqPUvfMEsIaX9WarYb6%2FfkKtJU83HqD5Mrag2uaDaTo%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44506&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TOg87Kc%2BX5MrHV2v2GLTgsXvKAaiQM3tMNLJoyRNQJw%3D&reserved=0
> > [15]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44507&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mwDGF3mtrmBsVZ03YTZ9x74znia%2FZSPk11dKFx2vSk0%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44507&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7J2gBb0ZjFFzJx7%2Fzz55tnuoagFsdMp3UqGAB41O6Gg%3D&reserved=0
> > [16]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44508&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4euCi1OTLfxYLrzvGR5yRdZWyr9kjFYipFgPmOVsr50%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44508&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Z3Lc5LdhcNdIn9OjKGEAEDJjJAFN7ZQX%2Fwvs%2F0Iz5MI%3D&reserved=0
> > [17]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44509&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=N2RTyxLZDOY9U6Ku6iCjzwLnjIBo%2Fno0Vk4QrWFqIi4%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44509&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fJFyy5kSl5JB0lfTz3ooEijUXpxnZoOwx81vyMRHtVY%3D&reserved=0
> > [18]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44510&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TY4tqmweo4KOWU0krEWBnTtogrEWT6WgiQTJFF5v340%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44510&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=tkBoneKMJu3Dt71FONn903OEE9bUibeCxyPYAhXZ9ao%3D&reserved=0
> >
> > Please adjust the affected versions in the BTS as needed.
> >
> >
> > -- System Information:
> > Debian Release: bookworm/sid
> >   APT prefers unstable
> >   APT policy: (500, 'unstable'), (1, 'experimental')
> > Architecture: amd64 (x86_64)
> > Foreign Architectures: i386
> >
> > Kernel: Linux 5.16.0-6-amd64 (SMP w/16 CPU threads; PREEMPT)
> > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
> > LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash
> > Init: systemd (via /run/systemd/system)
> > LSM: AppArmor: enabled
> >
> > _______________________________________________
> > Debian-med-packaging mailing list
> > Debian-med-packaging at alioth-lists.debian.net
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Falioth-lists.debian.net%2Fcgi-bin%2Fmailman%2Flistinfo%2Fdebian-med-packaging&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=QgHS24JhUHT8ElG7Er6wIyCpty4cJcOHS5pRFNAywCo%3D&reserved=0
> >  
> 
> --
> https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Ffam-tille.de%2F&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xJCli9HyoSvyRs8b1yUjnu0OxsGUzm4OGI7r2rHTPW8%3D&reserved=0
> The information contained in this message is proprietary and/or
> confidential. If you are not the intended recipient, please: (i)
> delete the message and all copies; (ii) do not disclose, distribute
> or use the message in any manner; and (iii) notify the sender
> immediately. In addition, please be aware that any message addressed
> to our domain is subject to archiving and review by persons other
> than the intended recipient. Thank you.

-- 
Neil Williams
=============
https://linux.codehelp.co.uk/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20220421/577fe120/attachment-0001.sig>