[Git][security-tracker-team/security-tracker][master] busybox triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Nov 12 18:25:16 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59a30ab6 by Moritz Muehlenhoff at 2021-11-12T19:24:52+01:00
busybox triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4757,62 +4757,85 @@ CVE-2021-42387
 CVE-2021-42386
 	RESERVED
 	- busybox <unfixed> (bug #999567)
+	[bullseye] - busybox <no-dsa> (Minor issue)
+	[buster] - busybox <no-dsa> (Minor issue)
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
 CVE-2021-42385
 	RESERVED
 	- busybox <unfixed> (bug #999567)
+	[bullseye] - busybox <no-dsa> (Minor issue)
+	[buster] - busybox <no-dsa> (Minor issue)
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
 CVE-2021-42384
 	RESERVED
 	- busybox <unfixed> (bug #999567)
+	[bullseye] - busybox <no-dsa> (Minor issue)
+	[buster] - busybox <no-dsa> (Minor issue)
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
 CVE-2021-42383
 	RESERVED
 	- busybox <unfixed> (bug #999567)
+	[bullseye] - busybox <no-dsa> (Minor issue)
+	[buster] - busybox <no-dsa> (Minor issue)
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
 CVE-2021-42382
 	RESERVED
 	- busybox <unfixed> (bug #999567)
+	[bullseye] - busybox <no-dsa> (Minor issue)
+	[buster] - busybox <no-dsa> (Minor issue)
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
 CVE-2021-42381
 	RESERVED
 	- busybox <unfixed> (bug #999567)
+	[bullseye] - busybox <no-dsa> (Minor issue)
+	[buster] - busybox <no-dsa> (Minor issue)
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
 CVE-2021-42380
 	RESERVED
 	- busybox <unfixed> (bug #999567)
+	[bullseye] - busybox <no-dsa> (Minor issue)
+	[buster] - busybox <no-dsa> (Minor issue)
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
 CVE-2021-42379
 	RESERVED
 	- busybox <unfixed> (bug #999567)
+	[bullseye] - busybox <no-dsa> (Minor issue)
+	[buster] - busybox <no-dsa> (Minor issue)
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
 CVE-2021-42378
 	RESERVED
 	- busybox <unfixed> (bug #999567)
+	[bullseye] - busybox <no-dsa> (Minor issue)
+	[buster] - busybox <no-dsa> (Minor issue)
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
 CVE-2021-42377
 	RESERVED
 	- busybox <unfixed> (bug #999567)
+	[bullseye] - busybox <no-dsa> (Minor issue)
+	[buster] - busybox <no-dsa> (Minor issue)
 	[stretch] - busybox <not-affected> (CONFIG_HUSH is not set)
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
 CVE-2021-42376
 	RESERVED
-	- busybox <unfixed> (bug #999567)
+	- busybox <unfixed> (unimportant; bug #999567)
 	[stretch] - busybox <not-affected> (CONFIG_HUSH is not set)
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-42375
 	RESERVED
-	- busybox <unfixed> (bug #999567)
+	- busybox <unfixed> (unimportant; bug #999567)
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-42374
 	RESERVED
-	- busybox <unfixed> (bug #999567)
+	- busybox <unfixed> (unimportant; bug #999567)
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-42373
 	RESERVED
-	- busybox <unfixed> (bug #999567)
-	[stretch] - busybox <not-affected> (CONFIG_MAN is not set)
+	- busybox <unfixed> (unimportant; bug #999567)
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-42372 (A shell command injection in the HW Events SNMP community in XoruX LPA ...)
 	NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD
 CVE-2021-42371 (lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a30ab662b6c881a9f910f42664dedd828454d3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a30ab662b6c881a9f910f42664dedd828454d3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211112/e636b9c7/attachment.htm>

More information about the debian-security-tracker-commits mailing list