[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2021-32919 as not-affected for Stretch

Thorsten Alteholz (@alteholz) alteholz at debian.org
Wed May 19 14:42:56 BST 2021 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2af78a97 by Thorsten Alteholz at 2021-05-19T15:31:29+02:00
mark CVE-2021-32919 as not-affected for Stretch

- - - - -
645a8886 by Thorsten Alteholz at 2021-05-19T15:42:31+02:00
add prosody

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -577,6 +577,7 @@ CVE-2021-32920 (Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a
 CVE-2021-32919 (An issue was discovered in Prosody before 0.11.9. The undocumented dia ...)
 	{DSA-4916-1}
 	- prosody 0.11.9-1 (bug #988668)
+	[stretch] - prosody <not-affected> (Vulnerable code (=dwd) introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
 	NOTE: https://prosody.im/security/advisory_20210512.txt
 	NOTE: https://hg.prosody.im/trunk/rev/6be890ca492e


=====================================
data/dla-needed.txt
=====================================
@@ -71,6 +71,9 @@ php-phpseclib (Abhijith PA)
 phpseclib (Abhijith PA)
   NOTE: 20210503: apparently 1.x is not affected, but double check (pochu)
 --
+prosody
+  NOTE: 20210519: at least the 10MB limit mentioned in CVE-2021-32918 is present 
+--
 ring (Thorsten Alteholz)
   NOTE: 20210510: WIP (need to update other releases first)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/db50828c813d99ebbaf5885fc49c35ffd543373d...645a8886f0255863de221f53debf666178e03d11

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/db50828c813d99ebbaf5885fc49c35ffd543373d...645a8886f0255863de221f53debf666178e03d11
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210519/186c9898/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list