[Git][security-tracker-team/security-tracker][master] CVE-2021-36160: affects uwsgi

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e06f7133 by Sylvain Beucler at 2021-09-24T19:59:44+02:00
CVE-2021-36160: affects uwsgi
(prior merging mod_proxy_uwsgi into Apache 2.4.30)
only binary:libapache2-mod-proxy-uwsgi/stretch should be affected

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -12461,6 +12461,7 @@ CVE-2021-36161 (Some component in Dubbo will try to print the formated string of
 	NOT-FOR-US: Apache Dubbo
 CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi to read ...)
 	- apache2 2.4.49-1
+	- uwsgi <unfixed>
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-36160
 	NOTE: https://github.com/apache/httpd/commit/b364cad72b48dd40fbc2850e525b845406520f0b
 CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and other prod ...)


=====================================
data/dla-needed.txt
=====================================
@@ -112,3 +112,5 @@ squashfs-tools (Thorsten Alteholz)
 --
 tiff (Utkarsh)
 --
+uwsgi (Sylvain Beucler)
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e06f71333e8f6d278a1905374cbbcc4ff0bfe6fd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e06f71333e8f6d278a1905374cbbcc4ff0bfe6fd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210924/7e487368/attachment.htm>