[Git][security-tracker-team/security-tracker][master] Add CVE-2021-28650/gnome-autoar
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 17 08:29:14 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
301df573 by Salvatore Bonaccorso at 2021-03-17T09:28:47+01:00
Add CVE-2021-28650/gnome-autoar
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,11 @@ CVE-2021-3447
CVE-2021-3446
RESERVED
CVE-2021-28650 (autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOM ...)
- TODO: check
+ - gnome-autoar <unfixed>
+ [buster] - gnome-autoar <not-affected> (Incomplete fix for CVE-2020-36241 not applied)
+ [stretch] - gnome-autoar <not-affected> (Incomplete fix for CVE-2020-36241 not applied)
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/8109c368c6cfdb593faaf698c2bf5da32bb1ace4
+ NOTE: Issue exists because of an incomplete fix for CVE-2020-36241.
CVE-2021-28649
RESERVED
CVE-2021-28648
@@ -4404,6 +4408,9 @@ CVE-2020-36241 (autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429
NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7
NOTE: Regression fix: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/cc4e8b7ccc973ac69d75a7423fbe1bcdc51e2cb3
+ NOTE: When fixing the issue make sure to apply as well the followup fix:
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/8109c368c6cfdb593faaf698c2bf5da32bb1ace4
+ NOTE: to not open CVE-2021-28650.
CVE-2021-26706
RESERVED
CVE-2021-26705 (An issue was discovered in SquareBox CatDV Server through 9.2. An atta ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/301df573014a488b4a57546e4038f46f6b1fbbc0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/301df573014a488b4a57546e4038f46f6b1fbbc0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210317/f1dfdfec/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list