[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2021-31215 as not-affected for Stretch
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Mon May 24 09:45:26 BST 2021
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6aaf896c by Thorsten Alteholz at 2021-05-24T10:44:30+02:00
mark CVE-2021-31215 as not-affected for Stretch
- - - - -
0f830fd2 by Thorsten Alteholz at 2021-05-24T10:45:12+02:00
CVE is marked as not-affected, nothing todo
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -5296,6 +5296,7 @@ CVE-2021-31216
CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...)
- slurm-wlm <unfixed> (bug #988439)
- slurm-llnl <removed>
+ [stretch] - slurm-llnl <not-affected> (env is already SPANKed)
NOTE: https://github.com/SchedMD/slurm/commit/a9e9e2fedbd200ca545ab67dd753bd52c919f236 (2.11.7)
CVE-2021-3499
RESERVED
=====================================
data/dla-needed.txt
=====================================
@@ -131,8 +131,6 @@ shiro (Roberto C. Sánchez)
--
slapi-nis (Thorsten Alteholz)
--
-slurm-llnl (Thosten Alteholz)
---
spotweb
NOTE: 20201220: The affected code uses string concatenation to construct a SQL query.
NOTE: 20201220: Upstream's "fix" is to blacklist all the "bad" SQL commands. (roberto)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0503ca045563ee4ddfb1ee82253393bb25461b9f...0f830fd2efffade60585770200a6a663b9d500e2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0503ca045563ee4ddfb1ee82253393bb25461b9f...0f830fd2efffade60585770200a6a663b9d500e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210524/2fdd65d7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list