[Debian-med-packaging] Bug#1009900: fis-gtm: Multiple CVEs in fis-gtm

Shah, Amul Amul.Shah at fisglobal.com
Thu Apr 21 14:55:20 BST 2022


Thanks for the input Neil and Andreas. I spoke with my team and we plan on upgrading the debmad project to V7.0-002 as soon as possible.

Thanks,
Amul

-----Original Message-----
From: Neil Williams <codehelp at debian.org>
Sent: Thursday, April 21, 2022 2:51 AM
To: Shah, Amul <Amul.Shah at fisglobal.com>
Cc: Andreas Tille <andreas at an3as.eu>; 1009900 at bugs.debian.org
Subject: Re: Bug#1009900: fis-gtm: Multiple CVEs in fis-gtm

On Wed, 20 Apr 2022 19:55:02 +0000
"Shah, Amul" <Amul.Shah at fisglobal.com> wrote:

> Hi Andreas,
> In FIS's opinion, the CVE references are not actionable.

(The usual term would be "exploitable".) I understand that, the CVEs
arose from fuzz testing, so represent weaknesses, not active attacks.

> One must
> have host access and the ability to modify application source files.
> Those users are typically database/systems administrators or a MUMPS
> application developer. We expect that only privileged users have
> direct access to the host with the application gating access to
> external users. By itself, GT.M does not confer any extra privileges.
>
> How long we have to address these CVEs?

I did not set an RC severity, I chose 'important' on the basis of the
description in the upstream issue. There is no specific time limit for
these CVEs - the vulnerabilities are already public, not embargoed
until a set date. The highest severities are reserved for remotely
exploitable CVEs.

For unstable, the best fix would seem to be a new upstream release.
There are multiple CVEs, some CVEs reference multiple commits.

> If immediate, I can
> back-patch the specific fixes that address the CVEs. I say back patch
> because V6.3-014 was the last V6 version with a V6 block format
> database. The current V7 GT.M versions do not have an upgrade path to
> the V7 block format. We do not want to release a GT.M version to
> debmed without such an upgrade feature. If there is time, then we are
> working a V7 version with the V6 to V7 block upgrade capability and
> would like to release that.

Seems sensible.


>
> Thanks,
> Amul
>
> -----Original Message-----
> From: Andreas Tille <andreas at an3as.eu>
> Sent: Wednesday, April 20, 2022 3:00 PM
> To: Neil Williams <codehelp at debian.org>; 1009900 at bugs.debian.org;
> Shah, Amul <Amul.Shah at fisglobal.com> Subject: Re: Bug#1009900:
> fis-gtm: Multiple CVEs in fis-gtm
>
> Hi Amul,
>
> I guess a new upstream version will fix this.  Are you able to prepare
> the latest version?
>
> Kind regards
>
>        Andreas.
>
> Am Wed, Apr 20, 2022 at 11:13:31AM +0100 schrieb Neil Williams:
> > Source: fis-gtm
> > Version: 6.3-014-3
> > Severity: important
> > Tags: security
> > X-Debbugs-Cc: codehelp at debian.org, Debian Security Team
> > <team at security.debian.org>
> >
> > Hi,
> >
> > The following vulnerabilities were published for fis-gtm.
> >
> > CVE-2021-44492[0]:
> > | An issue was discovered in YottaDB through r1.32 and V7.0-000 and
> > FIS | GT.M through V7.0-000. Using crafted input, attackers can
> > cause a type | to be incorrectly initialized in the function f_incr
> > in | sr_port/f_incr.c and cause a crash due to a NULL pointer
> > dereference.
> >
> >
> > CVE-2021-44493[1]:
> > | An issue was discovered in YottaDB through r1.32 and V7.0-000 and
> > FIS | GT.M through V7.0-000. Using crafted input, an attacker can
> > cause a | call to $Extract to force an signed integer holding the
> > size of a | buffer to take on a large negative number, which is
> > then used as the | length of a memcpy call that occurs on the
> > stack, causing a buffer | overflow.
> >
> >
> > CVE-2021-44494[2]:
> > | An issue was discovered in YottaDB through r1.32 and V7.0-000 and
> > FIS | GT.M through V7.0-000. Using crafted input, an attacker can
> > cause | calls to ZRead to crash due to a NULL pointer dereference.
> >
> >
> > CVE-2021-44495[3]:
> > | An issue was discovered in YottaDB through r1.32 and V7.0-000 and
> > FIS | GT.M through V7.0-000. Using crafted input, an attacker can
> > cause a | NULL pointer dereference after calls to ZPrint.
> >
> >
> > CVE-2021-44496[4]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, an attacker can
> > control the | size variable and buffer that is passed to a call to
> > memcpy. An | attacker can use this to overwrite key data structures
> > and gain | control of the flow of execution.
> >
> >
> > CVE-2021-44497[5]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, can cause the bounds
> > of a for | loop to be miscalculated, which leads to a use after
> > free condition a | pointer is pushed into previously free memory by
> > the loop.
> >
> >
> > CVE-2021-44498[6]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, attackers can cause
> > a type to | be incorrectly initialized in the function f_incr in
> > sr_port/f_incr.c | and cause a crash due to a NULL pointer
> > dereference.
> >
> >
> > CVE-2021-44499[7]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, an attacker can
> > cause a call | to $Extract to force an signed integer holding the
> > size of a buffer to | take on a large negative number, which is
> > then used as the length of a | memcpy call that occurs on the
> > stack, causing a buffer overflow.
> >
> >
> > CVE-2021-44500[8]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). A lack of input validation in calls to
> > eb_div in | sr_port/eb_muldiv.c allows attackers to crash the
> > application by | performing a divide by zero.
> >
> >
> > CVE-2021-44501[9]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, an attacker can
> > cause calls | to ZRead to crash due to a NULL pointer dereference.
> >
> >
> > CVE-2021-44502[10]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, an attacker can
> > control the | size of a memset that occurs in calls to util_format
> > in | sr_unix/util_output.c.
> >
> >
> > CVE-2021-44503[11]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, an attacker can
> > cause a call | to va_arg on an empty variadic parameter list, most
> > likely causing a | memory segmentation fault.
> >
> >
> > CVE-2021-44504[12]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, an attacker can
> > cause a size | variable, stored as an signed int, to equal an
> > extremely large value, | which is interpreted as a negative value
> > during a check. This value is | then used in a memcpy call on the
> > stack, causing a memory segmentation | fault.
> >
> >
> > CVE-2021-44505[13]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, an attacker can
> > cause a NULL | pointer dereference after calls to ZPrint.
> >
> >
> > CVE-2021-44506[14]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). A lack of input validation in calls to
> > do_verify | in sr_unix/do_verify.c allows attackers to attempt to
> > jump to a NULL | pointer by corrupting a function pointer.
> >
> >
> > CVE-2021-44507[15]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). A lack of parameter validation in calls
> > to memcpy | in str_tok in sr_unix/ztimeoutroutines.c allows
> > attackers to attempt | to read from a NULL pointer.
> >
> >
> > CVE-2021-44508[16]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). A lack of NULL checks in calls to
> > ious_open in | sr_unix/ious_open.c allows attackers to crash the
> > application by | dereferencing a NULL pointer.
> >
> >
> > CVE-2021-44509[17]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, attackers can cause
> > an | integer underflow of the size of calls to memset in op_fnj3 in
> > | sr_port/op_fnj3.c in order to cause a segmentation fault and
> > crash the | application.
> >
> >
> > CVE-2021-44510[18]:
> > | An issue was discovered in FIS GT.M through V7.0-000 (related to
> > the | YottaDB code base). Using crafted input, attackers can cause a
> > | calculation of the size of calls to memset in op_fnj3 in
> > | sr_port/op_fnj3.c to result in an extremely large value in order
> > to | cause a segmentation fault and crash the application.
> >
> >
> > If you fix the vulnerabilities please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) ids in your changelog
> > entry.
> >
> > For further information see:
> >
> > [0]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44492&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MO%2F53JL2tTtrAuD1fYD9c0uvc2UQil3qNB9EjOaW55Y%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44492&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=J5qCClgGPMjcYM%2BVTbg7LG7jst%2FTzHpdJ4vCEYawHXk%3D&reserved=0
> > [1]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44493&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0IBF8UOZNjuWhXu5hZAHX3cz9tH3oxg4lFwG%2F7P2UOk%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44493&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=T%2BFjkJrHwQpwEQII6Y1Ix8uLRpVgTpIPgaq8sOnwZ9o%3D&reserved=0
> > [2]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44494&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=v0NPvJmOpuMd1lCODQzT4Gct0hK41aZfzN%2BxI%2BIvy9w%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44494&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=HQB7pbnX28KQ51TSvxvMhQodtDbhn7cADciEz0vPSqI%3D&reserved=0
> > [3]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44495&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MlNv%2BC1BKBY1%2Fovq3SEODaa1kt13yPM4pRHVPOP3nhI%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44495&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fAs6VSzxQQOaHbKW6rsHP2I8bkzW4MYdVIDDjofgWFY%3D&reserved=0
> > [4]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44496&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CjOAXDfFIjoNJskWE2EPPQf4db%2F%2Ftj5BmaoC2RTsCpE%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44496&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=uYtSpQsVgfMrDlqI4r36GH5zjk7YkKXKbEQcGcsWGjE%3D&reserved=0
> > [5]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44497&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=j9bZhcc1B9562NViWrzhwfomNU25ctMZiybJWHiIagg%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44497&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=bwP9jV9Nbj8FZiac02sMHPILX14ZE4NMd%2FFpoA%2FIIsg%3D&reserved=0
> > [6]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44498&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=rPUtCCHfpacM1AZMH9ZIeuFDS%2BewyZnY%2FAkHdjRC7kY%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44498&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=kLE2j3VltsCLtkCVdMa1x%2Besr9b1j09EbXmTtzejXrA%3D&reserved=0
> > [7]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44499&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=l2Au5YJzBavKF6V1u%2Fx4y22mVPh7X7NAlzG0tPlAEGY%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44499&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hAj3rdwL9gQNMQerX6EUnHHPGCj8Ue%2BY3xjLJQmyXxU%3D&reserved=0
> > [8]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44500&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2Flkp5cGfZwySQP2ZO9Z40prwUaPj0zzj%2FBI5TYYCdx0%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44500&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Zxvw1oB2s4VhKzvnJB00AIxPtzw4Ieh2I%2FF7lkB%2BMPI%3D&reserved=0
> > [9]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44501&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YSlq8k814QlBC2C6H%2FvGvey5gSJp979vgQde4geAlb8%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44501&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=oZzB6nScUwkWrMSpX4iHPtYUjgIUdaBW5JYGP4YAdCI%3D&reserved=0
> > [10]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44502&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hlr%2FACHA2FIc8W2JN4OJ9%2Be1c7lRRDE5L9IskMJL%2B3U%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44502&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=orFOLCB7Q5j0ves%2FGYwTJ2ut6DaIG25VjHRyuQoo8Pc%3D&reserved=0
> > [11]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44503&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=LjVxIT2VcJ9sWsbdCWroFYf1Dtv%2FymXlk%2FZJsUKtTuA%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44503&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=QLM7K68pr0ZjaWmape%2BbR7FvCSAk5DWoTrThkwtRKwM%3D&reserved=0
> > [12]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44504&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iEqFm2ybDEU4HhClXDg83pSGKzAkHcVCbgM6cvs3XY4%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44504&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ByfXEl3MFBxsQkzHSwL89Ou4pKVIGH7POLx3KaN7w2Y%3D&reserved=0
> > [13]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44505&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8xQwUvyUZ3PLuLh2wHRtYfrUuaqQMv%2F0E7dPYXl%2FbH4%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44505&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FyrXvGyR5QGiqexsVfp2z3upgz4JzdyKDVdmZ%2FE8Ehc%3D&reserved=0
> > [14]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44506&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=uqPUvfMEsIaX9WarYb6%2FfkKtJU83HqD5Mrag2uaDaTo%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44506&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TOg87Kc%2BX5MrHV2v2GLTgsXvKAaiQM3tMNLJoyRNQJw%3D&reserved=0
> > [15]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44507&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mwDGF3mtrmBsVZ03YTZ9x74znia%2FZSPk11dKFx2vSk0%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44507&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7J2gBb0ZjFFzJx7%2Fzz55tnuoagFsdMp3UqGAB41O6Gg%3D&reserved=0
> > [16]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44508&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4euCi1OTLfxYLrzvGR5yRdZWyr9kjFYipFgPmOVsr50%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44508&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Z3Lc5LdhcNdIn9OjKGEAEDJjJAFN7ZQX%2Fwvs%2F0Iz5MI%3D&reserved=0
> > [17]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44509&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=N2RTyxLZDOY9U6Ku6iCjzwLnjIBo%2Fno0Vk4QrWFqIi4%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44509&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fJFyy5kSl5JB0lfTz3ooEijUXpxnZoOwx81vyMRHtVY%3D&reserved=0
> > [18]
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2021-44510&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TY4tqmweo4KOWU0krEWBnTtogrEWT6WgiQTJFF5v340%3D&reserved=0
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-44510&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=tkBoneKMJu3Dt71FONn903OEE9bUibeCxyPYAhXZ9ao%3D&reserved=0
> >
> > Please adjust the affected versions in the BTS as needed.
> >
> >
> > -- System Information:
> > Debian Release: bookworm/sid
> >   APT prefers unstable
> >   APT policy: (500, 'unstable'), (1, 'experimental')
> > Architecture: amd64 (x86_64)
> > Foreign Architectures: i386
> >
> > Kernel: Linux 5.16.0-6-amd64 (SMP w/16 CPU threads; PREEMPT)
> > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
> > LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash
> > Init: systemd (via /run/systemd/system)
> > LSM: AppArmor: enabled
> >
> > _______________________________________________
> > Debian-med-packaging mailing list
> > Debian-med-packaging at alioth-lists.debian.net
> > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Falioth-lists.debian.net%2Fcgi-bin%2Fmailman%2Flistinfo%2Fdebian-med-packaging&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=QgHS24JhUHT8ElG7Er6wIyCpty4cJcOHS5pRFNAywCo%3D&reserved=0
> >
>
> --
> https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Ffam-tille.de%2F&data=05%7C01%7Camul.shah%40fisglobal.com%7C1509d39d89b743009bdf08da22fff96f%7Ce3ff91d834c84b15a0b418910a6ac575%7C0%7C0%7C637860780493602060%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xJCli9HyoSvyRs8b1yUjnu0OxsGUzm4OGI7r2rHTPW8%3D&reserved=0
> The information contained in this message is proprietary and/or
> confidential. If you are not the intended recipient, please: (i)
> delete the message and all copies; (ii) do not disclose, distribute
> or use the message in any manner; and (iii) notify the sender
> immediately. In addition, please be aware that any message addressed
> to our domain is subject to archiving and review by persons other
> than the intended recipient. Thank you.


--
Neil Williams
=============
https://linux.codehelp.co.uk/
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.



More information about the Debian-med-packaging mailing list