[Git][security-tracker-team/security-tracker][master] Update two glibc CVEs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 13 14:59:45 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
70980565 by Salvatore Bonaccorso at 2021-08-13T15:54:36+02:00
Update two glibc CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,7 +21,10 @@ CVE-2021-38606 (reNgine through 0.5 relies on a predictable directory name. ...)
CVE-2021-38605
RESERVED
CVE-2021-38604 (In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/s ...)
- TODO: check
+ - glibc <not-affected> (Vulnerability introduced as side effect of the CVE-2021-33574 fix)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28213
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8
CVE-2021-38603 (PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Informati ...)
- pluxml <unfixed>
CVE-2021-38602 (PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content ...)
@@ -11484,6 +11487,13 @@ CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions
[buster] - glibc <no-dsa> (Minor issue)
[stretch] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27896
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=42d359350510506b87101cf77202fefcbfc790cb
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091
+ NOTE: When fixing this issue the fix needs to be applied such that CVE-2021-38604
+ NOTE: is not opened, CVE-2021-38604 information:
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28213
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8
CVE-2021-33573
RESERVED
CVE-2021-33572 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Lin ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/709805657e3091227cc044428bfdac5e0538c3c8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/709805657e3091227cc044428bfdac5e0538c3c8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210813/44739f20/attachment.htm>
More information about the debian-security-tracker-commits
mailing list