[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2021-37136 & CVE-2021-37137 in netty for stretch LTS.
Chris Lamb (@lamby)
lamby at debian.org
Thu Oct 14 09:33:35 BST 2021
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ec342cc9 by Chris Lamb at 2021-10-14T09:32:47+01:00
Triage CVE-2021-37136 & CVE-2021-37137 in netty for stretch LTS.
- - - - -
2d996116 by Chris Lamb at 2021-10-14T09:33:10+01:00
Triage CVE-2021-41303 in shiro for stretch LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2611,6 +2611,7 @@ CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring B
- shiro <unfixed>
[bullseye] - shiro <no-dsa> (Minor issue)
[buster] - shiro <no-dsa> (Minor issue)
+ [stretch] - shiro <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1
CVE-2021-41302 (ECOA BAS controller stores sensitive data (backup exports) in clear-te ...)
NOT-FOR-US: ECOA BAS controller
@@ -12453,6 +12454,7 @@ CVE-2021-37137
- netty <unfixed>
[bullseye] - netty <no-dsa> (Minor issue)
[buster] - netty <no-dsa> (Minor issue)
+ [stretch] - netty <no-dsa> (Minor issue)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363
NOTE: Fixed by: https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f (netty-4.1.68.Final)
CVE-2021-37136
@@ -12460,6 +12462,7 @@ CVE-2021-37136
- netty <unfixed>
[bullseye] - netty <no-dsa> (Minor issue)
[buster] - netty <no-dsa> (Minor issue)
+ [stretch] - netty <no-dsa> (Minor issue)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv
NOTE: Fixed by: https://github.com/netty/netty/commit/41d3d61a61608f2223bb364955ab2045dd5e4020 (netty-4.1.68.Final)
CVE-2021-37135
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/191b950dd10a077089b53797259c77116f84670b...2d9961164c9d167dc6d60a89cc3a062c0a2b8410
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/191b950dd10a077089b53797259c77116f84670b...2d9961164c9d167dc6d60a89cc3a062c0a2b8410
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211014/eb19dd8c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list