[Git][security-tracker-team/security-tracker][master] Add upstream commits from 1.1.1 branch for CVE-2021-34{49,50}

Salvatore Bonaccorso carnil at debian.org
Thu Mar 25 14:39:59 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f790ed3a by Salvatore Bonaccorso at 2021-03-25T15:36:34+01:00
Add upstream commits from 1.1.1 branch for CVE-2021-34{49,50}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -457,6 +457,7 @@ CVE-2021-3450 [CA certificate check bypass with X509_V_FLAG_X509_STRICT]
 	[stretch] - openssl <not-affected> (Vulnerable code introduced in 1.1.1h)
 	- openssl1.0 <not-affected> (Vulnerable code introduced in 1.1.1h)
 	NOTE: https://www.openssl.org/news/secadv/20210325.txt
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b
 CVE-2021-28957 (lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.l ...)
 	{DLA-2606-1}
 	- lxml 4.6.3-1 (bug #985643)
@@ -1067,6 +1068,10 @@ CVE-2021-3449 [NULL pointer deref in signature_algorithms processing]
 	- openssl <unfixed>
 	- openssl1.0 <not-affected> (Vulnerability does not impact 1.0.2 series)
 	NOTE: https://www.openssl.org/news/secadv/20210325.txt
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=46d81bcabe2d36055bdd37079ed6acf976d967a7
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3ff38629a2df6635f36bfb79513cc6440db8cd70
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb9fa6b51defd48157eeb207f52181f735d96148
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d33c2a3d8453a75509bcc8d2cf7d2dc2a3a518d0
 CVE-2021-28687 [HVM soft-reset crashes toolstack]
 	RESERVED
 	- xen <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f790ed3a5915f7af265364f87789d36e654cbe21

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f790ed3a5915f7af265364f87789d36e654cbe21
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210325/b0817037/attachment.htm>

More information about the debian-security-tracker-commits mailing list