[Git][security-tracker-team/security-tracker][master] RPKI updates

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c53e3aa1 by Moritz Mühlenhoff at 2021-12-27T23:27:03+01:00
RPKI updates

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -9926,9 +9926,11 @@ CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification o
 	NOTE: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 (v0.4.0)
 CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, suppo ...)
 	- routinator <itp> (bug #929024)
+	- cfrpki 1.4.0-1
 	NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
 CVE-2021-43173 (In NLnet Labs Routinator prior to 0.10.2, a validation run can be dela ...)
 	- routinator <itp> (bug #929024)
+	- cfrpki 1.4.0-1
 	NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
 CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRD ...)
 	- routinator <itp> (bug #929024)
@@ -10267,27 +10269,21 @@ CVE-2021-43033 (An issue was discovered in Kaseya Unitrends Backup Appliance bef
 CVE-2021-3912 (OctoRPKI tries to load the entire contents of a repository in memory,  ...)
 	- cfrpki 1.4.0-1
 	NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g9wh-3vrx-r7hg
-	TODO: check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki
 CVE-2021-3911 (If the ROA that a repository returns contains too many bits for the IP ...)
 	- cfrpki 1.4.0-1
 	NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-w6ww-fmfx-2x22
-	TODO: check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki
 CVE-2021-3910 (OctoRPKI crashes when encountering a repository that returns an invali ...)
 	- cfrpki 1.4.0-1
 	NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-5mxh-2qfv-4g7j
-	TODO: check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki
 CVE-2021-3909 (OctoRPKI does not limit the length of a connection, allowing for a slo ...)
 	- cfrpki 1.4.0-1
 	NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8cvr-4rrf-f244
-	TODO: check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki
 CVE-2021-3908 (OctoRPKI does not limit the depth of a certificate chain, allowing for ...)
 	- cfrpki 1.4.0-1
 	NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq
-	TODO: check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki
 CVE-2021-3907 (OctoRPKI does not escape a URI with a filename containing "..", this a ...)
 	- cfrpki 1.4.0-1
 	NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh
-	TODO: check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki
 CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous  ...)
 	NOT-FOR-US: bookstack
 CVE-2018-25020 (The BPF subsystem in the Linux kernel before 4.17 mishandles situation ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -17,7 +17,7 @@ apache2 (jmm)
 --
 asterisk/oldstable
 --
-cfrpki
+cfrpki (jmm)
   Maintainer prepared update
 --
 chromium
@@ -29,7 +29,7 @@ djvulibre
 --
 faad2/oldstable (jmm)
 --
-fort-validator
+fort-validator (jmm)
   Maintainer prepared updates
 --
 linux (carnil)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c53e3aa14b05e9a6d0d0de313e8080d55d95da08

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c53e3aa14b05e9a6d0d0de313e8080d55d95da08
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211227/4c83c834/attachment.htm>