[Git][security-tracker-team/security-tracker][master] 2 commits: CVEs of atftp postponed until now

Wed Nov 17 00:26:05 GMT 2021


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
20a7383c by Thorsten Alteholz at 2021-11-17T01:25:05+01:00
CVEs of atftp postponed until now

- - - - -
f130652d by Thorsten Alteholz at 2021-11-17T01:25:46+01:00
Reserve DLA-2820-1 for atftp

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8031,7 +8031,7 @@ CVE-2021-41655
 CVE-2021-41654
 	RESERVED
 CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with firmware  ...)
-	NOT-FOR-US:  TP-Link
+	NOT-FOR-US: TP-Link
 CVE-2021-41652
 	RESERVED
 CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG / Ahmed H ...)
@@ -9844,7 +9844,6 @@ CVE-2021-41054 (tftpd_file.c in atftp through 0.7.4 has a buffer overflow becaus
 	- atftp 0.7.git20210915-1 (bug #994895)
 	[bullseye] - atftp 0.7.git20120829-3.3+deb11u1
 	[buster] - atftp 0.7.git20120829-3.2~deb10u2
-	[stretch] - atftp <postponed> (Minor issue)
 	NOTE: https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/
 CVE-2021-3798 [Soft token does not check if an EC key is valid]
 	RESERVED
@@ -127472,7 +127471,6 @@ CVE-2020-6098 (An exploitable denial of service vulnerability exists in the free
 CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atftpd da ...)
 	- atftp 0.7.git20120829-3.2 (bug #970066)
 	[buster] - atftp 0.7.git20120829-3.2~deb10u1
-	[stretch] - atftp <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
 	NOTE: https://sourceforge.net/u/peterkaestle/atftp/ci/96409ef3b9ca061f9527cfaafa778105cf15d994/
 CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Nov 2021] DLA-2820-1 atftp - security update
+	{CVE-2020-6097 CVE-2021-41054}
+	[stretch] - atftp 0.7.git20120829-3.1~deb9u2
 [16 Nov 2021] DLA-2819-1 ntfs-3g - security update
 	{CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253 CVE-2021-39254 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262 CVE-2021-39263}
 	[stretch] - ntfs-3g 1:2016.2.22AR.1+dfsg-1+deb9u2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e3ed57c00486c8b681e0765b423c617030b10636...f130652dae0d98b9c640725afa90f47f57a9fab9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e3ed57c00486c8b681e0765b423c617030b10636...f130652dae0d98b9c640725afa90f47f57a9fab9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211117/affd406e/attachment-0001.htm>
