[Git][security-tracker-team/security-tracker][master] Add CVE-2021-45958/ujson
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 1 08:26:29 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aea46268 by Salvatore Bonaccorso at 2022-01-01T09:25:57+01:00
Add CVE-2021-45958/ujson
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,7 +9,12 @@ CVE-2021-45959 ({fmt} 7.1.0 through 8.0.1 has a stack-based buffer overflow in f
NOTE: Introduced by: https://github.com/fmtlib/fmt/commit/bd3c792507e1a1003f7532088e976665dcbe4628 (7.1.0)
NOTE: Fixed by: https://github.com/fmtlib/fmt/commit/2038bf61831eb8faede0883965364a974d1350fe
CVE-2021-45958 (UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based buffer ove ...)
- TODO: check
+ - ujson <unfixed>
+ [buster] - ujson <not-affected> (Vulnerable code introduced later)
+ [stretch] - ujson <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
+ NOTE: Introduced by: https://github.com/ultrajson/ultrajson/commit/a920bfa9d85bcd78836b866d1be80c1e3dcca1da (4.0.2)
+ TODO: claimed to be fixed, but 5525f8c9ef8bb879dadd0eb942d524827d1b0362 is not part of the repository
CVE-2021-45957 (Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (calle ...)
TODO: check
CVE-2021-45956 (Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called fro ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aea46268732be502b0541e9c487bd83bc6f9f0a0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aea46268732be502b0541e9c487bd83bc6f9f0a0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220101/d95264a3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list