[Git][security-tracker-team/security-tracker][master] 2 commits: Add fixed version for CVE-2021-41253/zydis via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 15 18:22:53 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4f75c9dd by Salvatore Bonaccorso at 2021-11-15T19:19:09+01:00
Add fixed version for CVE-2021-41253/zydis via unstable
- - - - -
5885e004 by Salvatore Bonaccorso at 2021-11-15T19:22:18+01:00
CVE-2021-43608: Add explanation after <not-affected> tag
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -284,8 +284,9 @@ CVE-2021-43609
RESERVED
CVE-2021-43608 [SQL Injection Security Vulnerability]
RESERVED
- - php-doctrine-dbal <not-affected>
- NOTE: Bug was introduced in 3.0, and fixed in experimental in 3.1.4+dfsg-1
+ - php-doctrine-dbal <not-affected> (Vulnerable code introduced in 3.0.0)
+ NOTE: Bug was introduced in 3.0.0, and fixed in experimental in 3.1.4+dfsg-1 and
+ NOTE: only present in experimental suite.
NOTE: https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622
CVE-2021-43607
RESERVED
@@ -8058,7 +8059,7 @@ CVE-2021-41255
CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in running ...)
NOT-FOR-US: kustomize-controller
CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v ...)
- - zydis <unfixed> (bug #999431)
+ - zydis 3.2.1-1 (bug #999431)
NOTE: https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g
NOTE: Fixed by: https://github.com/zyantific/zydis/commit/55dd08c210722aed81b38132f5fd4a04ec1943b5 (master)
NOTE: Fixed by: https://github.com/zyantific/zydis/commit/330b259583ade789886ce11af2ebcd030097dcbf (v3.2.1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/520ced525c9c0d9a7b6d90ba7269ffbc2cc44ff4...5885e00417f48b214c17774a524fef2debb88e44
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/520ced525c9c0d9a7b6d90ba7269ffbc2cc44ff4...5885e00417f48b214c17774a524fef2debb88e44
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211115/dac9a925/attachment.htm>
More information about the debian-security-tracker-commits
mailing list