[Git][security-tracker-team/security-tracker][master] Update severity for CVE-2021-36160/uwsgi and mark unimportant

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 24 21:23:39 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5712cd2c by Salvatore Bonaccorso at 2021-09-24T22:21:50+02:00
Update severity for CVE-2021-36160/uwsgi and mark unimportant

Unfortunately this would cover the severity for uwsgi where it still
builds libapache2-mod-proxy-uwsgi, but this is already tracked by the
LTS team for an update.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12509,9 +12509,11 @@ CVE-2021-36161 (Some component in Dubbo will try to print the formated string of
 CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi to read ...)
 	- apache2 2.4.49-1
 	[stretch] - apache2 <not-affected> (Vulnerable module not present)
-	- uwsgi <unfixed>
+	- uwsgi <unfixed> (unimportant)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-36160
 	NOTE: https://github.com/apache/httpd/commit/b364cad72b48dd40fbc2850e525b845406520f0b
+	NOTE: uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg}
+	NOTE: packages which are provided by src:apache2 itself.
 CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and other prod ...)
 	NOT-FOR-US: libfetch
 CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine Linux, RDP s ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5712cd2caf3ae85afb53cb0bf458fba64984c7e9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5712cd2caf3ae85afb53cb0bf458fba64984c7e9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210924/2b716044/attachment.htm>

More information about the debian-security-tracker-commits mailing list