[Git][security-tracker-team/security-tracker][master] 3 commits: LTS: ignored -> not-affected for CVE-2021-34432

Tue Oct 26 22:33:20 BST 2021


Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3c76c38 by Anton Gladky at 2021-10-26T23:32:46+02:00
LTS: ignored -> not-affected for CVE-2021-34432

- - - - -
f61b955a by Anton Gladky at 2021-10-26T23:32:46+02:00
Reserve DLA-2793-1 for mosquitto

- - - - -
b5b16186 by Anton Gladky at 2021-10-26T23:33:04+02:00
Reserve DLA-2794-1 for mosquitto

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -21413,8 +21413,8 @@ CVE-2021-34433 (In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.
 	NOT-FOR-US: Eclipse Californium
 CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server will crash  ...)
 	- mosquitto 2.0.8-1
-	[buster] - mosquitto <ignored> (Vulnerable code is not accessible in version 1.x)
-	[stretch] - mosquitto <ignored> (Vulnerable code is not accessible in version 1.x)
+	[buster] - mosquitto <not-affected> (Vulnerable code is not accessible in version 1.x)
+	[stretch] - mosquitto <not-affected> (Vulnerable code is not accessible in version 1.x)
 	NOTE: https://github.com/eclipse/mosquitto/commit/9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141
 CVE-2021-34431 (In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,9 @@
+[26 Oct 2021] DLA-2794-1 mosquitto - security update
+	{CVE-2017-7655}
+	[stretch] - mosquitto 1.4.10-3+deb9u5
+[26 Oct 2021] DLA-2793-1 mosquitto - security update
+	{CVE-2017-7655}
+	[stretch] - mosquitto 1.4.10-3+deb9u5
 [24 Oct 2021] DLA-2792-1 faad2 - security update
 	{CVE-2018-20199 CVE-2018-20360 CVE-2019-6956 CVE-2021-32274 CVE-2021-32276 CVE-2021-32277 CVE-2021-32278}
 	[stretch] - faad2 2.8.0~cvs20161113-1+deb9u3


=====================================
data/dla-needed.txt
=====================================
@@ -55,10 +55,6 @@ linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)
 --
-mosquitto (Anton Gladky)
-  NOTE: 20210805: coordinating upload to buster before DLA for Stretch (codehelp)
-  NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable code not accessible. (codehelp)
---
 ntfs-3g (Anton Gladky)
 --
 nvidia-graphics-drivers



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad7f7810b0440e42060e6a30b108893f248bf468...b5b1618632bb2ba6e106323de5ce2722ef0ef4c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad7f7810b0440e42060e6a30b108893f248bf468...b5b1618632bb2ba6e106323de5ce2722ef0ef4c9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211026/d1e13477/attachment-0001.htm>
