[Git][security-tracker-team/security-tracker][master] Add upstream commits from 1.1.1 branch for CVE-2021-34{49,50}
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 25 14:39:59 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f790ed3a by Salvatore Bonaccorso at 2021-03-25T15:36:34+01:00
Add upstream commits from 1.1.1 branch for CVE-2021-34{49,50}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -457,6 +457,7 @@ CVE-2021-3450 [CA certificate check bypass with X509_V_FLAG_X509_STRICT]
[stretch] - openssl <not-affected> (Vulnerable code introduced in 1.1.1h)
- openssl1.0 <not-affected> (Vulnerable code introduced in 1.1.1h)
NOTE: https://www.openssl.org/news/secadv/20210325.txt
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b
CVE-2021-28957 (lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.l ...)
{DLA-2606-1}
- lxml 4.6.3-1 (bug #985643)
@@ -1067,6 +1068,10 @@ CVE-2021-3449 [NULL pointer deref in signature_algorithms processing]
- openssl <unfixed>
- openssl1.0 <not-affected> (Vulnerability does not impact 1.0.2 series)
NOTE: https://www.openssl.org/news/secadv/20210325.txt
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=46d81bcabe2d36055bdd37079ed6acf976d967a7
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3ff38629a2df6635f36bfb79513cc6440db8cd70
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb9fa6b51defd48157eeb207f52181f735d96148
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d33c2a3d8453a75509bcc8d2cf7d2dc2a3a518d0
CVE-2021-28687 [HVM soft-reset crashes toolstack]
RESERVED
- xen <unfixed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f790ed3a5915f7af265364f87789d36e654cbe21
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f790ed3a5915f7af265364f87789d36e654cbe21
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210325/b0817037/attachment.htm>
More information about the debian-security-tracker-commits
mailing list