[Git][security-tracker-team/security-tracker][master] lrzip: document CVE-2021-27345/CVE-2021-27347/CVE-2022-26291 relationship
Sylvain Beucler (@beuc)
beuc at debian.org
Sat Apr 9 17:54:51 BST 2022
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f5664051 by Sylvain Beucler at 2022-04-09T18:53:42+02:00
lrzip: document CVE-2021-27345/CVE-2021-27347/CVE-2022-26291 relationship
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6964,6 +6964,7 @@ CVE-2022-26291 (lrzip v0.641 was discovered to contain a multiple concurrency us
[stretch] - lrzip <postponed> (Minor issue, use-after-free with no known impact)
NOTE: https://github.com/ckolivas/lrzip/issues/206
NOTE: https://github.com/ckolivas/lrzip/commit/4b3942103b57c639c8e0f31d6d5fd7bac53bbdf4 (v0.650)
+ NOTE: clear_rulist() introduced by CVE-2021-27345+CVE-2021-27347 fix
CVE-2022-26290 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...)
NOT-FOR-US: Tenda
CVE-2022-26289 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...)
@@ -72487,6 +72488,7 @@ CVE-2021-27347 (Use after free in lzma_decompress_buf function in stream.c in Ir
NOTE: https://github.com/ckolivas/lrzip/issues/165
NOTE: https://github.com/ckolivas/lrzip/commit/be884d09e09b00fbddd31b75dc1f4736d72006a8 (v0.640)
NOTE: Crash in CLI tool, no security impact
+ NOTE: See CVE-2022-26291 follow-up related to clear_rulist()
CVE-2021-27346
RESERVED
CVE-2021-27345 (A null pointer dereference was discovered in ucompthread in stream.c i ...)
@@ -72494,6 +72496,7 @@ CVE-2021-27345 (A null pointer dereference was discovered in ucompthread in stre
NOTE: https://github.com/ckolivas/lrzip/issues/164
NOTE: https://github.com/ckolivas/lrzip/commit/be884d09e09b00fbddd31b75dc1f4736d72006a8 (v0.640)
NOTE: Crash in CLI tool, no security impact
+ NOTE: See CVE-2022-26291 follow-up related to clear_rulist()
CVE-2021-27344
RESERVED
CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f566405135d8f9ba1ee4627d46ddf38fa41350c6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f566405135d8f9ba1ee4627d46ddf38fa41350c6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220409/56d3446f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list