[Git][security-tracker-team/security-tracker][master] CVE-2021-3997/systemd: stretch ignored
Sylvain Beucler (@beuc)
beuc at debian.org
Wed Jan 12 17:53:45 GMT 2022
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4520d8d1 by Sylvain Beucler at 2022-01-12T18:53:35+01:00
CVE-2021-3997/systemd: stretch ignored
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9177,10 +9177,12 @@ CVE-2021-3997 [Uncontrolled recursion in systemd's systemd-tmpfiles]
- systemd 250.2-1 (bug #1003467)
[bullseye] - systemd <no-dsa> (Minor issue; can be fixed via point release)
[buster] - systemd <ignored> (Minor issue; not exploitable before upstream commit e535840)
+ [stretch] - systemd <ignored> (Minor issue; utility segfault; not exploitable before upstream commit e535840, PoC doesn't segfault on stretch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024639
NOTE: https://github.com/systemd/systemd/pull/22070
NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/2
NOTE: Exploitable after (but present before): https://github.com/systemd/systemd/commit/e5358401b5df8d395e99815b7a69b8424887472c (v242-rc1)
+ NOTE: PoC still crashes on jessie/215-17+deb8u14
NOTE: Prerequisite/Preparation: https://github.com/systemd/systemd/commit/3bac86abfa1b1720180840ffb9d06b3d54841c11
NOTE: Prerequisite/Preparation: https://github.com/systemd/systemd/commit/84ced330020c0bae57bd4628f1f44eec91304e69
NOTE: Fixed by: https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4520d8d1a2a1cf48dfb10913f5554fabd2983af4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4520d8d1a2a1cf48dfb10913f5554fabd2983af4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220112/16180cb2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list