[Git][security-tracker-team/security-tracker][master] Update severity for CVE-2021-36160/uwsgi and mark unimportant
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 24 21:23:39 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5712cd2c by Salvatore Bonaccorso at 2021-09-24T22:21:50+02:00
Update severity for CVE-2021-36160/uwsgi and mark unimportant
Unfortunately this would cover the severity for uwsgi where it still
builds libapache2-mod-proxy-uwsgi, but this is already tracked by the
LTS team for an update.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12509,9 +12509,11 @@ CVE-2021-36161 (Some component in Dubbo will try to print the formated string of
CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi to read ...)
- apache2 2.4.49-1
[stretch] - apache2 <not-affected> (Vulnerable module not present)
- - uwsgi <unfixed>
+ - uwsgi <unfixed> (unimportant)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-36160
NOTE: https://github.com/apache/httpd/commit/b364cad72b48dd40fbc2850e525b845406520f0b
+ NOTE: uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg}
+ NOTE: packages which are provided by src:apache2 itself.
CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and other prod ...)
NOT-FOR-US: libfetch
CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine Linux, RDP s ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5712cd2caf3ae85afb53cb0bf458fba64984c7e9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5712cd2caf3ae85afb53cb0bf458fba64984c7e9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210924/2b716044/attachment.htm>
More information about the debian-security-tracker-commits
mailing list