[Git][security-tracker-team/security-tracker][master] Add temporary entry for latest zstd issue

Thu Feb 18 16:12:27 GMT 2021


Sebastien Delafond pushed to branch master at Debian Security Tracker / security-tracker


Commits:
341c1f44 by SÃ©bastien Delafond at 2021-02-18T17:12:16+01:00
Add temporary entry for latest zstd issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1133,6 +1133,9 @@ CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended acc
 	NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
 	NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
 	NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
+CVE-2021-XXXX [zstd allows for race-opening files being compressed or uncompressed]
+	- libzstd 1.4.8+dfsg-2 (bug #982519)
+	NOTE: https://github.com/facebook/zstd/issues/2491
 CVE-2019-XXXX [zstd adds read permissions to files while being compressed or uncompressed]
 	- libzstd 1.4.8+dfsg-1 (bug #981404)
 	[buster] - libzstd 1.3.8+dfsg-3+deb10u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/341c1f446b537244d2c86614b053e81eca9f266d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/341c1f446b537244d2c86614b053e81eca9f266d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210218/315e0564/attachment.html>
