[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2021-44143 as postponed

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sun Nov 28 23:22:28 GMT 2021 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38eb942b by Thorsten Alteholz at 2021-11-29T00:09:49+01:00
mark CVE-2021-44143 as postponed

- - - - -
b62b2bc3 by Thorsten Alteholz at 2021-11-29T00:12:16+01:00
mark CVE-2021-42717 as postponed

- - - - -
5e2cbecd by Thorsten Alteholz at 2021-11-29T00:17:18+01:00
add puppet

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -363,6 +363,7 @@ CVE-2021-4002 [hugetlbfs: flush TLBs correctly after huge_pmd_unshare]
 	NOTE: https://git.kernel.org/linus/a4a118f2eead1d6c49e00765de89878288d4b890
 CVE-2021-44143 (A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unc ...)
 	- isync <unfixed> (bug #999804)
+	[stretch] - isync <postponed> (revisit when/if fixed upstream)
 CVE-2021-44142
 	RESERVED
 CVE-2021-44141
@@ -5773,6 +5774,7 @@ CVE-2021-42717 [ModSecurity DoS Vulnerability in JSON Parsing]
 	RESERVED
 	- modsecurity 3.0.6-1
 	- modsecurity-apache 2.9.5-1
+	[stretch] - modsecurity-apache <postponed> (revisit when/if fixed upstream)
 	NOTE: https://github.com/SpiderLabs/ModSecurity/issues/2647
 	NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717/
 CVE-2021-42716 (An issue was discovered in stb stb_image.h 2.27. The PNM loader incorr ...)


=====================================
data/dla-needed.txt
=====================================
@@ -79,6 +79,9 @@ opensc (Adrian Bunk)
 pgbouncer (Thorsten Alteholz)
   NOTE: 20211128: also help with other releases
 --
+puppet
+  NOTE: please recheck whether really affected
+--
 roundcube (Markus Koschany)
 --
 rustc (Roberto C. Sánchez)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dd7c1e17bc9aa175d39c2ff155b00640c714deb8...5e2cbecd61f7cad36bc7292a0ff71891bca392e8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dd7c1e17bc9aa175d39c2ff155b00640c714deb8...5e2cbecd61f7cad36bc7292a0ff71891bca392e8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211128/f197fbe9/attachment.htm>

More information about the debian-security-tracker-commits mailing list