[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2021-36160/apache2: stretch not-affected

Sylvain Beucler (@beuc) beuc at debian.org
Fri Sep 24 19:40:32 BST 2021 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ad18ab52 by Sylvain Beucler at 2021-09-24T20:02:08+02:00
CVE-2021-36160/apache2: stretch not-affected

- - - - -
9350b535 by Sylvain Beucler at 2021-09-24T20:33:58+02:00
CVE-2021-39275/apache2: reference patches for 2.4

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5226,9 +5226,11 @@ CVE-2021-39276
 CVE-2021-39275 (ap_escape_quotes() may write beyond the end of a buffer when given mal ...)
 	- apache2 2.4.49-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-39275
-	NOTE: https://github.com/apache/httpd/commit/d8bce6f575abb29997bba358b31842bf757776c6
-	NOTE: https://github.com/apache/httpd/commit/e0fec7d48dab1924c5a6b48819ce1cf420733f62
-	NOTE: https://github.com/apache/httpd/commit/8f09caf9945f3c80563bc4a776b04fbba239ca71
+	NOTE: https://github.com/apache/httpd/commit/d8bce6f575abb29997bba358b31842bf757776c6 (trunk)
+	NOTE: https://github.com/apache/httpd/commit/e0fec7d48dab1924c5a6b48819ce1cf420733f62 (trunk)
+	NOTE: https://github.com/apache/httpd/commit/8f09caf9945f3c80563bc4a776b04fbba239ca71 (trunk)
+	NOTE: https://github.com/apache/httpd/commit/c69d4cc90c0e27703030b3ff09f91bf4dcbcfd51 (2.4.x)
+	NOTE: https://github.com/apache/httpd/commit/ac62c7e7436560cf4f7725ee586364ce95c07804 (2.4.x)
 CVE-2021-3717
 	RESERVED
 	- wildfly <itp> (bug #752018)
@@ -12461,6 +12463,7 @@ CVE-2021-36161 (Some component in Dubbo will try to print the formated string of
 	NOT-FOR-US: Apache Dubbo
 CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi to read ...)
 	- apache2 2.4.49-1
+	[stretch] - apache2 <not-affected> (Vulnerable module not present)
 	- uwsgi <unfixed>
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-36160
 	NOTE: https://github.com/apache/httpd/commit/b364cad72b48dd40fbc2850e525b845406520f0b



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e06f71333e8f6d278a1905374cbbcc4ff0bfe6fd...9350b5351a1bfe5f47fc7704ae04f31ce86b7da7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e06f71333e8f6d278a1905374cbbcc4ff0bfe6fd...9350b5351a1bfe5f47fc7704ae04f31ce86b7da7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210924/20f68306/attachment.htm>

More information about the debian-security-tracker-commits mailing list