[Git][security-tracker-team/security-tracker][master] CVE-2021-42374/busybox: precise impact

Sat Nov 13 11:10:29 GMT 2021


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42249245 by Sylvain Beucler at 2021-11-13T12:10:11+01:00
CVE-2021-42374/busybox: precise impact

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4925,7 +4925,7 @@ CVE-2021-42374
 	- busybox <unfixed> (unimportant; bug #999567)
 	[stretch] - busybox <not-affected> (Vulnerable code introduced later)
 	NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
-	NOTE: Crash in CLI tool, no security impact
+	NOTE: Crash in CLI tool with information leak
 	NOTE: Introduced by https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0 (1_27_0)
 	NOTE: https://git.busybox.net/busybox/commit/?id=04f052c56ded5ab6a904e3a264a73dc0412b2e78
 CVE-2021-42373



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42249245aebf3254147cb2ee45ab00c82e1157f2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42249245aebf3254147cb2ee45ab00c82e1157f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211113/5046b332/attachment.htm>
