[Git][security-tracker-team/security-tracker][master] new lwip issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jul 29 09:42:26 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
86e974c6 by Moritz Muehlenhoff at 2021-07-29T10:42:04+02:00
new lwip issues
fetchmail unimportant
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2638,9 +2638,10 @@ CVE-2021-36387
RESERVED
CVE-2021-36386 [denial of service or information disclosure when logging long messages]
RESERVED
- - fetchmail 6.4.16-4
+ - fetchmail 6.4.16-4 (unimportant)
NOTE: https://www.fetchmail.info/fetchmail-SA-2021-01.txt
NOTE: https://gitlab.com/fetchmail/fetchmail/-/commit/c546c8299243a10a7b85c638e0e61396ecd5d8b5
+ NOTE: Negligible security impact
CVE-2021-36385
RESERVED
CVE-2021-36384
@@ -12851,9 +12852,9 @@ CVE-2021-32003
CVE-2021-32002
RESERVED
CVE-2021-32001 (A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of S ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2021-32000 (A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-ma ...)
- TODO: check
+ NOT-FOR-US: clone-master-clean-up in SUSE Linux Enterprise Server
CVE-2021-31999 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
NOT-FOR-US: Rancher
CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging of inn ...)
@@ -66954,9 +66955,15 @@ CVE-2020-22286
CVE-2020-22285
RESERVED
CVE-2020-22284 (A buffer overflow vulnerability in the zepif_linkoutput() function of ...)
- TODO: check
+ - lwip <unfixed>
+ [buster] - lwip <no-dsa> (Minor issue)
+ NOTE: https://savannah.nongnu.org/bugs/index.php?58554
+ NOTE: https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=8363c24e45a32728e385cfc2c3c36d88a8a9e70b
CVE-2020-22283 (A buffer overflow vulnerability in the icmp6_send_response_with_addrs_ ...)
- TODO: check
+ - lwip <unfixed>
+ [buster] - lwip <no-dsa> (Minor issue)
+ NOTE: https://savannah.nongnu.org/bugs/index.php?58553
+ NOTE: https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=488d4ad2460c3b41bef69724cad89c28a905eda9
CVE-2020-22282
RESERVED
CVE-2020-22281
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86e974c68f074c2fe7f9f7c204773c426fa8127d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86e974c68f074c2fe7f9f7c204773c426fa8127d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210729/cc0ed471/attachment.htm>
More information about the debian-security-tracker-commits
mailing list