[Git][security-tracker-team/security-tracker][master] Add CVE-2021-28650/gnome-autoar

Salvatore Bonaccorso carnil at debian.org
Wed Mar 17 08:29:14 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
301df573 by Salvatore Bonaccorso at 2021-03-17T09:28:47+01:00
Add CVE-2021-28650/gnome-autoar

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,11 @@ CVE-2021-3447
 CVE-2021-3446
 	RESERVED
 CVE-2021-28650 (autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOM ...)
-	TODO: check
+	- gnome-autoar <unfixed>
+	[buster] - gnome-autoar <not-affected> (Incomplete fix for CVE-2020-36241 not applied)
+	[stretch] - gnome-autoar <not-affected> (Incomplete fix for CVE-2020-36241 not applied)
+	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/8109c368c6cfdb593faaf698c2bf5da32bb1ace4
+	NOTE: Issue exists because of an incomplete fix for CVE-2020-36241.
 CVE-2021-28649
 	RESERVED
 CVE-2021-28648
@@ -4404,6 +4408,9 @@ CVE-2020-36241 (autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7
 	NOTE: Regression fix: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/cc4e8b7ccc973ac69d75a7423fbe1bcdc51e2cb3
+	NOTE: When fixing the issue make sure to apply as well the followup fix:
+	NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/8109c368c6cfdb593faaf698c2bf5da32bb1ace4
+	NOTE: to not open CVE-2021-28650.
 CVE-2021-26706
 	RESERVED
 CVE-2021-26705 (An issue was discovered in SquareBox CatDV Server through 9.2. An atta ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/301df573014a488b4a57546e4038f46f6b1fbbc0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/301df573014a488b4a57546e4038f46f6b1fbbc0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210317/f1dfdfec/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list