[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2021-4091 as not-affected for Stretch

Thu Feb 10 22:44:23 GMT 2022


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f0714c8 by Thorsten Alteholz at 2022-02-10T23:43:59+01:00
mark CVE-2021-4091 as not-affected for Stretch

- - - - -
b88de0f6 by Thorsten Alteholz at 2022-02-10T23:44:00+01:00
mark CVE-2021-4213 as postponed for Stretch

- - - - -
3469d96b by Thorsten Alteholz at 2022-02-10T23:44:02+01:00
mark CVE-2021-46020 as postponed for Stretch

- - - - -
5b1af52e by Thorsten Alteholz at 2022-02-10T23:44:03+01:00
mark CVE-2021-45429 as no-dsa for Stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2948,6 +2948,7 @@ CVE-2021-4214
 CVE-2021-4213
 	RESERVED
 	- jss <unfixed>
+	[stretch] - jss <postponed> (revisit when/if fix is complete)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2042900
 CVE-2022-23941
 	RESERVED
@@ -8811,6 +8812,7 @@ CVE-2021-46021 (An Use-After-Free vulnerability in rec_record_destroy() at rec-r
 	NOTE: Negligible security impact
 CVE-2021-46020 (An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can  ...)
 	- mruby <unfixed>
+	[stretch] - mruby <postponed> (revisit when/if fix is complete)
 	NOTE: https://github.com/mruby/mruby/issues/5613
 	TODO: check details
 CVE-2021-46019 (An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GN ...)
@@ -11079,6 +11081,7 @@ CVE-2021-45430
 	RESERVED
 CVE-2021-45429 (A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 6 ...)
 	- yara <unfixed>
+	[stretch] - yara <no-dsa> (Minor issue)
 	NOTE: https://github.com/VirusTotal/yara/issues/1616
 	NOTE: https://github.com/VirusTotal/yara/commit/a36b497926b141624ea673111a101e9ddd7ac2eb (v4.2.0-rc1)
 CVE-2021-45428 (TLR-2005KSH is affected by an incorrect access control vulnerability.  ...)
@@ -13299,6 +13302,7 @@ CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) .
 CVE-2021-4091 [double-free of the virtual attribute context in persistent search]
 	RESERVED
 	- 389-ds-base <unfixed>
+	[stretch] - 389-ds-base <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030307
 	NOTE: Introduced by: https://github.com/389ds/389-ds-base/commit/74c666b83e3e1789c2ef3f7935c327bd7555193e (389-ds-base-1.3.6.4)
 CVE-2021-4090 [Overflow of bmval[bmlen-1] in nfsd4_decode_bitmap function]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2a66b000c58c5cec6965d871dc0816d55238d8c9...5b1af52e9d515640677defac13a37f09a3e834b4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2a66b000c58c5cec6965d871dc0816d55238d8c9...5b1af52e9d515640677defac13a37f09a3e834b4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220210/f47bacee/attachment.htm>
