[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2021-4189 in python2.7 for stretch LTS.
Chris Lamb (@lamby)
lamby at debian.org
Wed Jan 5 10:14:51 GMT 2022
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e22d902a by Chris Lamb at 2022-01-05T10:10:03+00:00
Triage CVE-2021-4189 in python2.7 for stretch LTS.
- - - - -
d793cb29 by Chris Lamb at 2022-01-05T10:10:39+00:00
Triage CVE-2021-4189 in python3.5 for stretch LTS.
- - - - -
33e10af5 by Chris Lamb at 2022-01-05T10:13:30+00:00
Triage CVE-2022-0080 in mruby for stretch LTS.
- - - - -
ac023da7 by Chris Lamb at 2022-01-05T10:14:02+00:00
Triage CVE-2021-3842 in nltk for stretch LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1252,6 +1252,7 @@ CVE-2022-0080 (mruby is vulnerable to Heap-based Buffer Overflow ...)
- mruby <unfixed>
[bullseye] - mruby <no-dsa> (Minor issue)
[buster] - mruby <no-dsa> (Minor issue)
+ [stretch] - mruby <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e/
NOTE: https://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6
CVE-2021-45960 (In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) pla ...)
@@ -1509,9 +1510,11 @@ CVE-2021-4189 [ftplib should not use the host from the PASV response]
- python3.7 <removed>
[buster] - python3.7 <no-dsa> (Minor issue)
- python3.5 <removed>
+ [stretch] - python3.5 <no-dsa> (Minor issue)
- python2.7 <unfixed>
[bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support)
[buster] - python2.7 <no-dsa> (Minor issue)
+ [stretch] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue43285
NOTE: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master)
NOTE: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3)
@@ -16200,6 +16203,7 @@ CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity .
- nltk <unfixed> (bug #1003142)
[bullseye] - nltk <no-dsa> (Minor issue)
[buster] - nltk <no-dsa> (Minor issue)
+ [stretch] - nltk <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/761a761e-2be2-430a-8d92-6f74ffe9866a/
NOTE: https://github.com/nltk/nltk/commit/2a50a3edc9d35f57ae42a921c621edc160877f4d (3.6.6)
TODO: check
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0cfdb87deb02bd560e8a01256d20de7a76474e8e...ac023da7a5f9143e04b73043ae4519149ec5bd43
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0cfdb87deb02bd560e8a01256d20de7a76474e8e...ac023da7a5f9143e04b73043ae4519149ec5bd43
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220105/7667d752/attachment.htm>
More information about the debian-security-tracker-commits
mailing list