[Git][security-tracker-team/security-tracker][master] Track new exim4 issues from Qualys report

Salvatore Bonaccorso carnil at debian.org
Tue May 4 14:40:39 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c577ab46 by Salvatore Bonaccorso at 2021-05-04T15:40:27+02:00
Track new exim4 issues from Qualys report

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11035,7 +11035,10 @@ CVE-2021-27220 (An issue was discovered in PRTG Network Monitor before 21.1.66.1
 CVE-2021-27217 (An issue was discovered in the _send_secure_msg() function of Yubico y ...)
 	NOT-FOR-US: YubiHSM 2 SDK
 CVE-2021-27216
-	RESERVED
+	- exim4 <unfixed>
+	[buster] - exim4 <not-affected> (Vulnerable code introduced later)
+	[stretch] - exim4 <not-affected> (Vulnerable code introduced later)
+	NOTE: Introduced by: https://git.exim.org/exim.git/commit/01446a56c76aa5ac3213a86f8992a2371a8301f3 (exim-4_94_RC0)
 CVE-2021-27215 (An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x thro ...)
 	NOT-FOR-US: genua genugate
 CVE-2021-27214 (A Server-side request forgery (SSRF) vulnerability in the ProductConfi ...)
@@ -38829,45 +38832,58 @@ CVE-2020-28028
 CVE-2020-28027
 	RESERVED
 CVE-2020-28026
-	RESERVED
+	- exim4 <unfixed>
 CVE-2020-28025
-	RESERVED
+	- exim4 <unfixed>
+	NOTE: Introduced by: https://git.exim.org/exim.git/commit/80a47a2c9633437d4ceebd214cd44abfbd4f4543 (exim-4_70_RC3)
 CVE-2020-28024
-	RESERVED
+	- exim4 <unfixed>
 CVE-2020-28023
-	RESERVED
+	- exim4 <unfixed>
+	NOTE: Introduced by: https://git.exim.org/exim.git/commit/18481de384caecff421f23f715be916403f5d0ee (exim-4_88_RC1)
 CVE-2020-28022
-	RESERVED
+	- exim4 <unfixed>
+	NOTE: Introduced by: https://git.exim.org/exim.git/commit/d7a2c8337f7b615763d4429ab27653862756b6fb (exim-4_89_RC1)
 CVE-2020-28021
-	RESERVED
+	- exim4 <unfixed>
 CVE-2020-28020
-	RESERVED
+	- exim4 4.92~RC5-1
+	NOTE: Fixed by: https://git.exim.org/exim.git/commit/56ac062a3ff94fc4e1bbfc2293119c079a4e980b (exim-4.92-RC5)
 CVE-2020-28019
-	RESERVED
+	- exim4 <unfixed>
+	NOTE: Introduced by: https://git.exim.org/exim.git/commit/7e3ce68e68ab9b8906a637d352993abf361554e2 (exim-4_88_RC1)
 CVE-2020-28018
-	RESERVED
+	- exim4 <unfixed> (unimportant)
+	[stretch] - exim4 <not-affected> (Vulnerable code introduced later)
+	NOTE: Introduced by: https://git.exim.org/exim.git/commit/a5ffa9b475a426bc73366db01f7cc92a3811bc3a (exim-4_90_RC1)
+	NOTE: Debian Exim is built with GnuTLS, not OpenSSL.
 CVE-2020-28017
-	RESERVED
+	- exim4 <unfixed>
 CVE-2020-28016
-	RESERVED
+	- exim4 <unfixed>
+	[buster] - exim4 <not-affected> (Vulnerable code introduced later)
+	[stretch] - exim4 <not-affected> (Vulnerable code introduced later)
+	NOTE: Introduced by: https://git.exim.org/exim.git/commit/3c90bbcdc7cf73298156f7bcd5f5e750e7814e72
 CVE-2020-28015
-	RESERVED
+	- exim4 <unfixed>
 CVE-2020-28014
-	RESERVED
+	- exim4 <unfixed>
 CVE-2020-28013
-	RESERVED
+	- exim4 <unfixed>
 CVE-2020-28012
-	RESERVED
+	- exim4 <unfixed>
 CVE-2020-28011
-	RESERVED
+	- exim4 <unfixed>
 CVE-2020-28010
-	RESERVED
+	- exim4 <unfixed>
+	[stretch] - exim4 <not-affected> (Vulnerable code introduced later)
+	NOTE: Introduced by: https://git.exim.org/exim.git/commit/805fd869d551c36d1d77ab2b292a7008d643ca79 (exim-4.92-RC1)
 CVE-2020-28009
-	RESERVED
+	- exim4 <unfixed>
 CVE-2020-28008
-	RESERVED
+	- exim4 <unfixed>
 CVE-2020-28007
-	RESERVED
+	- exim4 <unfixed>
 CVE-2020-25692 (A NULL pointer dereference was found in OpenLDAP server and was fixed  ...)
 	{DSA-4782-1 DLA-2425-1}
 	- openldap 2.4.55+dfsg-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c577ab46f602153dd4fd02140e5910a2639b2b32

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c577ab46f602153dd4fd02140e5910a2639b2b32
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210504/015d7c06/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list