[Git][security-tracker-team/security-tracker][master] Drop not-affected status for CVE-2021-2292{2,3}
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 28 06:15:09 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
60fcd0b7 by Salvatore Bonaccorso at 2022-12-28T07:13:49+01:00
Drop not-affected status for CVE-2021-2292{2,3}
Source is affected as the issues are present since 7.27.0. But as we do
not built with metalink support up to in all suites the issues are
already marked as unimportant.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -142739,8 +142739,6 @@ CVE-2021-22924 (libcurl keeps previously used connections in a connection pool f
NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/3
CVE-2021-22923 (When curl is instructed to get content using the metalink feature, and ...)
- curl 7.79.1-1 (unimportant)
- [buster] - curl <not-affected> (curl is not built with metalink support)
- [bullseye] - curl <not-affected> (curl is not built with metalink support)
NOTE: https://curl.se/docs/CVE-2021-22923.html
NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/2
NOTE: The fix for earlier versions is to rebuild curl with the metalink support
@@ -142748,8 +142746,6 @@ CVE-2021-22923 (When curl is instructed to get content using the metalink featur
NOTE: Metalink support not enabled in Debian builds.
CVE-2021-22922 (When curl is instructed to download content using the metalink feature ...)
- curl 7.79.1-1 (unimportant)
- [buster] - curl <not-affected> (curl is not built with metalink support)
- [bullseye] - curl <not-affected> (curl is not built with metalink support)
NOTE: https://curl.se/docs/CVE-2021-22922.html
NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/1
NOTE: The fix for earlier versions is to rebuild curl with the metalink support
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60fcd0b78852da81345b8949c7cd8206597983d4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60fcd0b78852da81345b8949c7cd8206597983d4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221228/0b821118/attachment.htm>
More information about the debian-security-tracker-commits
mailing list