[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2021-4104 as no-dsa

Thorsten Alteholz (@alteholz) alteholz at debian.org
Tue Dec 14 23:26:44 GMT 2021



Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
10ac00f8 by Thorsten Alteholz at 2021-12-15T00:20:13+01:00
mark CVE-2021-4104 as no-dsa

- - - - -
a55eb8ba by Thorsten Alteholz at 2021-12-15T00:23:06+01:00
add xorg-server

- - - - -
fd7d100b by Thorsten Alteholz at 2021-12-15T00:23:49+01:00
mark CVE-2021-33178 as no-dsa

- - - - -
197f3608 by Thorsten Alteholz at 2021-12-15T00:24:42+01:00
mark CVE-2021-43797 as no-dsa

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -700,6 +700,7 @@ CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untr
 	- apache-log4j1.2 <unfixed>
 	[bullseye] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
 	[buster] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
+	[stretch] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/1
 	NOTE: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
 	NOTE: Issue for Log4j 1.2 when specifically configured to use JMSAppender (not the default)
@@ -3747,6 +3748,7 @@ CVE-2021-43797 (Netty is an asynchronous event-driven network application framew
 	- netty <unfixed> (bug #1001437)
 	[bullseye] - netty <no-dsa> (Minor issue)
 	[buster] - netty <no-dsa> (Minor issue)
+	[stretch] - netty <no-dsa> (Minor issue)
 	NOTE: https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq
 	NOTE: https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 (netty-4.1.71.Final)
 CVE-2021-43796
@@ -32409,6 +32411,7 @@ CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prio
 	- nagvis 1:1.9.29-1
 	[bullseye] - nagvis <no-dsa> (Minor issue)
 	[buster] - nagvis <no-dsa> (Minor issue)
+	[stretch] - nagvis <no-dsa> (Minor issue)
 	TODO: check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/
 CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...)
 	NOT-FOR-US: Nagios XI


=====================================
data/dla-needed.txt
=====================================
@@ -88,3 +88,5 @@ wireshark (Adrian Bunk)
   NOTE: 20211119: Check https://salsa.debian.org/security-tracker-team/security-tracker/commit/d55b7eff90db8487e20106c2c09e61293a477e89 (lamby)
   NOTE: 20211206: DLA coming soon (bunk)
 --
+xorg-server (Thorsten Alteholz)
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3891c020dc0d9fae8d2dcd6ffb6d455724119206...197f3608557e24549839b676cc07591a06dae546

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3891c020dc0d9fae8d2dcd6ffb6d455724119206...197f3608557e24549839b676cc07591a06dae546
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211214/f2089f3b/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list