[Git][security-tracker-team/security-tracker][master] 2 commits: Track fix via experimental for CVE-2022-24407/cyrus-sasl2

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 23 22:08:47 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc25b5f5 by Salvatore Bonaccorso at 2022-02-23T23:08:18+01:00
Track fix via experimental for CVE-2022-24407/cyrus-sasl2

- - - - -
739b2ef7 by Salvatore Bonaccorso at 2022-02-23T23:08:18+01:00
Add Debian bug reference for CVE-2021-0561/flac

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3649,6 +3649,7 @@ CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an array,
 	[stretch] - atftp <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5 (v0.7.5)
 CVE-2022-24407 (In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does  ...)
+	[experimental] - cyrus-sasl2 2.1.28+dfsg-1
 	- cyrus-sasl2 <unfixed>
 	NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc (cyrus-sasl-2.1.28)
 	NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/2d2e97b0eb53fa7f87a3bf1529d8f712dd954480 (master)
@@ -91447,7 +91448,7 @@ CVE-2021-0563 (In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a
 CVE-2021-0562 (In RasterIntraUpdate of motion_est.cpp, there is a possible out of bou ...)
 	NOT-FOR-US: Android media framework
 CVE-2021-0561 (In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a  ...)
-	- flac <unfixed>
+	- flac <unfixed> (bug #1006339)
 	NOTE: https://github.com/xiph/flac/commit/e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be (1.3.4)
 	NOTE: https://xiph.org/flac/changelog.html#flac_1.3.4
 	NOTE: https://android.googlesource.com/platform/external/flac/+/368eb3f5bec249a197c95a95583ff8153aa6a87f



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2d2d79efa1311062060b824c23f827b07c37270c...739b2ef77f97af97df4253b86ea838f5868bbfe9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2d2d79efa1311062060b824c23f827b07c37270c...739b2ef77f97af97df4253b86ea838f5868bbfe9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220223/205d8b7b/attachment.htm>

More information about the debian-security-tracker-commits mailing list