[Git][security-tracker-team/security-tracker][master] new opensysuser issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Aug 10 11:01:58 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
49d63601 by Moritz Mühlenhoff at 2021-08-10T12:00:39+02:00
new opensysuser issue
clarify some older entries after reintroduction of Thrift Java bindings

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2021-XXXX [opensysuser evals the content of sysuser definitions]
+	- opensysuser <unfixed> (bug #992058)
 CVE-2021-38364
 	RESERVED
 CVE-2021-38363
@@ -148480,7 +148482,7 @@ CVE-2019-11939 (Golang Facebook Thrift servers would not error upon receiving me
 	[buster] - thrift <no-dsa> (Minor issue)
 	NOTE: https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757
 CVE-2019-11938 (Java Facebook Thrift servers would not error upon receiving messages d ...)
-	NOT-FOR-US: Java Facebook Thrift
+	NOT-FOR-US: Facebook Java Thrift (Debian packages Apache Thrift)
 CVE-2019-11937 (In Mcrouter prior to v0.41.0, a large struct input provided to the Car ...)
 	NOT-FOR-US: mcrouter
 	NOTE: https://github.com/facebook/mcrouter/releases
@@ -171634,7 +171636,7 @@ CVE-2019-3561 (Insufficient boundary checks for the strrpos and strripos functio
 CVE-2019-3560 (An improperly performed length calculation on a buffer in PlaintextRec ...)
 	NOT-FOR-US: Fizz
 CVE-2019-3559 (Java Facebook Thrift servers would not error upon receiving messages w ...)
-	NOT-FOR-US: Thrift servers
+	NOT-FOR-US: Facebook Java Thrift (Debian packages Apache Thrift)
 CVE-2019-3558 (Python Facebook Thrift servers would not error upon receiving messages ...)
 	NOT-FOR-US: Thrift servers
 CVE-2019-3557 (The implementations of streams for bz2 and php://output improperly imp ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49d63601a2b227b9cf68c1c765b788553d8015df

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49d63601a2b227b9cf68c1c765b788553d8015df
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210810/0806f82d/attachment.htm>

More information about the debian-security-tracker-commits mailing list