[Git][security-tracker-team/security-tracker][master] Update status for CVE-2021-31523

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 15 06:18:48 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0ab99bf1 by Salvatore Bonaccorso at 2021-06-15T07:12:11+02:00
Update status for CVE-2021-31523

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7393,11 +7393,13 @@ CVE-2021-34557 (XScreenSaver 5.45 can be bypassed if the machine has more than t
 	NOTE: https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch
 CVE-2021-31523 (The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_ ...)
 	- xscreensaver 5.45+dfsg1-2 (bug #987149)
-	[buster] - xscreensaver <no-dsa> (Minor issue)
-	[stretch] - xscreensaver <no-dsa> (Minor issue)
+	[buster] - xscreensaver <not-affected> (Vulnerability introduced later)
+	[stretch] - xscreensaver <not-affected> (Vulnerability introduced later)
 	NOTE: Fixed upstream in 6.00 (no public version control): https://twitter.com/jwz/status/1383503845217554444
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/17/1
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2174
+	NOTE: Only in 5.44+dfsg1-1 net_raw capability was added to sonar executable via postinst
+	NOTE: and so exposing the vulnerability.
 CVE-2021-3505 (A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implem ...)
 	- libtpms 0.8.0~dev1-1
 	NOTE: https://github.com/stefanberger/libtpms/issues/183



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ab99bf1658f34a727f10865fec78b8abe58cf43

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ab99bf1658f34a727f10865fec78b8abe58cf43
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210615/a2eb680e/attachment.htm>

More information about the debian-security-tracker-commits mailing list