[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3716/nbdkit

Thu Aug 19 07:40:28 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
036768e1 by Salvatore Bonaccorso at 2021-08-19T08:40:00+02:00
Add CVE-2021-3716/nbdkit

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -100,8 +100,13 @@ CVE-2021-39247 (Zint Barcode Generator before 2.10.0 has a one-byte buffer over-
 	TODO: check, supsect the issue has only been introduced upstream with 6274140c73aa39c42271644ef8c9b4551ca06fc2 (but need confirmation)
 CVE-2021-39246
 	RESERVED
-CVE-2021-3716
+CVE-2021-3716 [NBD_OPT_STRUCTURED_REPLY injection on STARTTLS]
 	RESERVED
+	- nbdkit <unfixed>
+	[buster] - nbdkit <not-affected> (Vulnerable code introduced later)
+	[stretch] - nbdkit <not-affected> (Vulnerable code introduced later)
+	NOTE: Introduced by: https://github.com/libguestfs/nbdkit/commit/eaa4c6e9a2c4bdb71aefdd4b1d865e7a9af606a8 (v1.11.8)
+	NOTE: https://listman.redhat.com/archives/libguestfs/2021-August/msg00077.html
 CVE-2021-3715
 	RESERVED
 CVE-2021-3714



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/036768e127a9101d33aa657f2b7c9000eeee1b23

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/036768e127a9101d33aa657f2b7c9000eeee1b23
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210819/6119be11/attachment-0001.htm>
