[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2021-33054/sogo

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 1 20:11:33 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd21877a by Salvatore Bonaccorso at 2021-06-01T21:11:16+02:00
Add CVE-2021-33054/sogo

- - - - -
b4745b66 by Salvatore Bonaccorso at 2021-06-01T21:11:18+02:00
Add references for CVE-2021-28091/lasso

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1646,6 +1646,11 @@ CVE-2021-33055
 	RESERVED
 CVE-2021-33054
 	RESERVED
+	- sogo <unfixed>
+	NOTE: https://www.sogo.nu/news/2021/saml-vulnerability.html
+	NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
+	NOTE: https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html
+	NOTE: CVE is assigned for the SOGo vulnerability regarding the lasso usage.
 CVE-2021-33053
 	RESERVED
 CVE-2021-33052
@@ -13552,6 +13557,8 @@ CVE-2021-28091 [XML signature wrapping vulnerability when parsing SAML responses
 	RESERVED
 	- lasso 2.6.1-3
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1940089
+	NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
+	NOTE: https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html
 	NOTE: https://git.entrouvert.org/lasso.git/commit/?id=ea7e5efe9741e1b1787a58af16cb15b40c23be5a
 CVE-2021-28090 (Tor before 0.4.5.7 allows a remote attacker to cause Tor directory aut ...)
 	{DSA-4871-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1b6a435b0fe645885622512dffeb6f6f46edebd9...b4745b66c1ef41f7df722b2a464b7c603110e358

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1b6a435b0fe645885622512dffeb6f6f46edebd9...b4745b66c1ef41f7df722b2a464b7c603110e358
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210601/142b3764/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list