[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2021-22890/curl as not-affected for stretch

Mon Apr 5 01:22:50 BST 2021


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc93b4c8 by Utkarsh Gupta at 2021-04-05T05:51:07+05:30
Mark CVE-2021-22890/curl as not-affected for stretch

- - - - -
0d426f85 by Utkarsh Gupta at 2021-04-05T05:52:32+05:30
Triage curl for stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -16445,6 +16445,7 @@ CVE-2021-22891
 CVE-2021-22890 (curl 7.63.0 to and including 7.75.0 includes vulnerability that allows ...)
 	{DSA-4881-1}
 	- curl <unfixed> (bug #986270)
+	[stretch] - curl <not-affected> (Vunerable code introduced later)
 	NOTE: https://curl.se/docs/CVE-2021-22890.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844
 CVE-2021-22889 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnera ...)


=====================================
data/dla-needed.txt
=====================================
@@ -44,6 +44,11 @@ courier-authlib
   NOTE: 20210329: and getting prepared. The nature of conversation is
   NOTE: 20210329: internal and Utkarsh is working on it already. (utkarsh)
 --
+curl
+  NOTE: 20210405: the patch applies but is missing a lot of elements;
+  NOTE: 20210405: namely CURLU, CURLUPART_{URL,FRAGMENT,USER,PASSWORD}. (utkarsh)
+  NOTE: 20210405: see https://lists.debian.org/debian-lts/2021/04/msg00002.html. (utkarsh)
+--
 edk2
 --
 firmware-nonfree



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/050815f038924983c0ff501fc15fae104bcd408f...0d426f85caaad5728761ad3fc1d65f965cccba26

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/050815f038924983c0ff501fc15fae104bcd408f...0d426f85caaad5728761ad3fc1d65f965cccba26
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210405/d572cdd8/attachment-0001.htm>
