[Git][security-tracker-team/security-tracker][master] cyrus-sasl2 2.1.28 CVE fixes
Paul Wise (@pabs)
pabs at debian.org
Wed Feb 23 01:09:25 GMT 2022
Paul Wise pushed to branch master at Debian Security Tracker / security-tracker
Commits:
49fa97a1 by Paul Wise at 2022-02-23T09:09:02+08:00
cyrus-sasl2 2.1.28 CVE fixes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3491,8 +3491,11 @@ CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an array,
[buster] - atftp <no-dsa> (Minor issue)
[stretch] - atftp <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5 (v0.7.5)
-CVE-2022-24407
+CVE-2022-24407 [SQL injection]
RESERVED
+ - cyrus-sasl2 <unfixed>
+ NOTE: fixed in commit https://github.com/cyrusimap/cyrus-sasl/commit/2d2e97b0eb53fa7f87a3bf1529d8f712dd954480
+ NOTE: fixed in 2.1.28 https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
CVE-2022-24406
RESERVED
CVE-2022-24405
@@ -154025,6 +154028,7 @@ CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write le
NOTE: https://github.com/cyrusimap/cyrus-sasl/issues/587
NOTE: https://github.com/cyrusimap/cyrus-sasl/commit/dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1
NOTE: https://www.openldap.org/its/index.cgi/Incoming?id=9123
+ NOTE: fixed in 2.1.28 https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
CVE-2019-16787
REJECTED
CVE-2019-19905 (NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49fa97a130a4c39355e4950034723596713b3e04
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49fa97a130a4c39355e4950034723596713b3e04
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220223/3cadf5a8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list