[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2021-4104 as no-dsa
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Tue Dec 14 23:26:44 GMT 2021
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
10ac00f8 by Thorsten Alteholz at 2021-12-15T00:20:13+01:00
mark CVE-2021-4104 as no-dsa
- - - - -
a55eb8ba by Thorsten Alteholz at 2021-12-15T00:23:06+01:00
add xorg-server
- - - - -
fd7d100b by Thorsten Alteholz at 2021-12-15T00:23:49+01:00
mark CVE-2021-33178 as no-dsa
- - - - -
197f3608 by Thorsten Alteholz at 2021-12-15T00:24:42+01:00
mark CVE-2021-43797 as no-dsa
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -700,6 +700,7 @@ CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untr
- apache-log4j1.2 <unfixed>
[bullseye] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
[buster] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
+ [stretch] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/1
NOTE: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
NOTE: Issue for Log4j 1.2 when specifically configured to use JMSAppender (not the default)
@@ -3747,6 +3748,7 @@ CVE-2021-43797 (Netty is an asynchronous event-driven network application framew
- netty <unfixed> (bug #1001437)
[bullseye] - netty <no-dsa> (Minor issue)
[buster] - netty <no-dsa> (Minor issue)
+ [stretch] - netty <no-dsa> (Minor issue)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq
NOTE: https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 (netty-4.1.71.Final)
CVE-2021-43796
@@ -32409,6 +32411,7 @@ CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prio
- nagvis 1:1.9.29-1
[bullseye] - nagvis <no-dsa> (Minor issue)
[buster] - nagvis <no-dsa> (Minor issue)
+ [stretch] - nagvis <no-dsa> (Minor issue)
TODO: check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/
CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...)
NOT-FOR-US: Nagios XI
=====================================
data/dla-needed.txt
=====================================
@@ -88,3 +88,5 @@ wireshark (Adrian Bunk)
NOTE: 20211119: Check https://salsa.debian.org/security-tracker-team/security-tracker/commit/d55b7eff90db8487e20106c2c09e61293a477e89 (lamby)
NOTE: 20211206: DLA coming soon (bunk)
--
+xorg-server (Thorsten Alteholz)
+--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3891c020dc0d9fae8d2dcd6ffb6d455724119206...197f3608557e24549839b676cc07591a06dae546
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3891c020dc0d9fae8d2dcd6ffb6d455724119206...197f3608557e24549839b676cc07591a06dae546
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211214/f2089f3b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list