[Git][security-tracker-team/security-tracker][master] Update CVE-2021-45958/ujson
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 1 08:41:10 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0091d5bf by Salvatore Bonaccorso at 2022-01-01T09:40:40+01:00
Update CVE-2021-45958/ujson
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,11 +9,8 @@ CVE-2021-45959 ({fmt} 7.1.0 through 8.0.1 has a stack-based buffer overflow in f
TODO: check correctness, introducing commit in oss-fuzz report is related when fuzzing started
CVE-2021-45958 (UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based buffer ove ...)
- ujson <unfixed>
- [buster] - ujson <not-affected> (Vulnerable code introduced later)
- [stretch] - ujson <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
- NOTE: Introduced by: https://github.com/ultrajson/ultrajson/commit/a920bfa9d85bcd78836b866d1be80c1e3dcca1da (4.0.2)
- TODO: claimed to be fixed, but 5525f8c9ef8bb879dadd0eb942d524827d1b0362 is not part of the repository
+ TODO: claimed to be fixed, but 5525f8c9ef8bb879dadd0eb942d524827d1b0362 is not part of the repository, check correctness of introducing details
CVE-2021-45957 (Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (calle ...)
- dnsmasq <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35920
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0091d5bf3c64d9f97c0529d43977359454ae4139
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0091d5bf3c64d9f97c0529d43977359454ae4139
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220101/72d7b4e6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list