[Git][security-tracker-team/security-tracker][master] Do not track CVE-2021-24032 for DLA-2573-1

Salvatore Bonaccorso carnil at debian.org
Fri Mar 5 08:16:49 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2200a14e by Salvatore Bonaccorso at 2021-03-05T09:15:22+01:00
Do not track CVE-2021-24032 for DLA-2573-1

The CVE was assigned for an incomplete fix (which affected indeed
unstable and buster, but for stretch the issue in CVE-2021-24031 was in
one go fixed with the correct fix without opening CVE-2021-24032).

Adjust tracking to reflect the situation in the supported suites.

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2443,8 +2443,9 @@ CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended acc
 	NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
 	NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
 CVE-2021-24032 (Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for  ...)
-	{DSA-4859-1 DLA-2573-1}
+	{DSA-4859-1}
 	- libzstd 1.4.8+dfsg-2 (bug #982519)
+	[stretch] - libzstd <not-affected> (Incomplete fix for CVE-2021-24031 not applied)
 	NOTE: https://github.com/facebook/zstd/issues/2491
 CVE-2021-24031 (In the Zstandard command-line utility prior to v1.4.1, output files we ...)
 	{DSA-4850-1 DLA-2573-1}


=====================================
data/DLA/list
=====================================
@@ -22,7 +22,7 @@
 	{CVE-2021-27212}
 	[stretch] - openldap 2.4.44+dfsg-5+deb9u8
 [20 Feb 2021] DLA-2573-1 libzstd - security update
-	{CVE-2021-24031 CVE-2021-24032}
+	{CVE-2021-24031}
 	[stretch] - libzstd 1.1.2-1+deb9u1
 [20 Feb 2021] DLA-2572-1 wpa - security update
 	{CVE-2021-0326}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2200a14ebd99c43ccaa4957e0ff607d07b691966

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2200a14ebd99c43ccaa4957e0ff607d07b691966
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210305/7407a0eb/attachment.htm>

More information about the debian-security-tracker-commits mailing list