[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2021-32919 as not-affected for Stretch
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Wed May 19 14:42:56 BST 2021
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2af78a97 by Thorsten Alteholz at 2021-05-19T15:31:29+02:00
mark CVE-2021-32919 as not-affected for Stretch
- - - - -
645a8886 by Thorsten Alteholz at 2021-05-19T15:42:31+02:00
add prosody
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -577,6 +577,7 @@ CVE-2021-32920 (Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a
CVE-2021-32919 (An issue was discovered in Prosody before 0.11.9. The undocumented dia ...)
{DSA-4916-1}
- prosody 0.11.9-1 (bug #988668)
+ [stretch] - prosody <not-affected> (Vulnerable code (=dwd) introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
NOTE: https://prosody.im/security/advisory_20210512.txt
NOTE: https://hg.prosody.im/trunk/rev/6be890ca492e
=====================================
data/dla-needed.txt
=====================================
@@ -71,6 +71,9 @@ php-phpseclib (Abhijith PA)
phpseclib (Abhijith PA)
NOTE: 20210503: apparently 1.x is not affected, but double check (pochu)
--
+prosody
+ NOTE: 20210519: at least the 10MB limit mentioned in CVE-2021-32918 is present
+--
ring (Thorsten Alteholz)
NOTE: 20210510: WIP (need to update other releases first)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/db50828c813d99ebbaf5885fc49c35ffd543373d...645a8886f0255863de221f53debf666178e03d11
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/db50828c813d99ebbaf5885fc49c35ffd543373d...645a8886f0255863de221f53debf666178e03d11
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210519/186c9898/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list