[Git][security-tracker-team/security-tracker][master] Add new set of inetutils issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9326e1e9 by Salvatore Bonaccorso at 2022-01-15T10:06:09+01:00
Add new set of inetutils issues

Most of the mwill probably be unimportant with negligible security
impact, but better to do the first initial tracking now adding the
source package and check the impact individually later on on further
triage.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4165,23 +4165,31 @@ CVE-2021-45784
 CVE-2021-45783
 	RESERVED
 CVE-2021-45782 (An untrusted pointer dereference in getcmd() at inetutils/src/tftp.c o ...)
-	TODO: check
+	- inetutils <unfixed>
+	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00018.html
 CVE-2021-45781 (GNU Inetutils 2.2.16-cf091 was discovered to contain a heap-based buff ...)
-	TODO: check
+	- inetutils <unfixed>
+	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00015.html
 CVE-2021-45780 (GNU Inetutils commit cf091 was discovered to contain a memory leak via ...)
-	TODO: check
+	- inetutils <unfixed> (unimportant)
+	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00014.html
+	NOTE: Negligible security impact
 CVE-2021-45779 (A NULL pointer dereference in unsetcmd() at inetutils/telnet/commands. ...)
-	TODO: check
+	- inetutils <unfixed>
+	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00007.html
 CVE-2021-45778 (A NULL pointer dereference in setnmap() at cmds.c of GNU Inetutils v2. ...)
-	TODO: check
+	- inetutils <unfixed>
+	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00004.html
 CVE-2021-45777
 	RESERVED
 CVE-2021-45776
 	RESERVED
 CVE-2021-45775 (GNU Inetutils 2.2.16-cf091 was discovered to contain an infinite loop  ...)
-	TODO: check
+	- inetutils <unfixed>
+	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00005.html
 CVE-2021-45774 (A NULL pointer dereference in help() at inetutils/telnet/commands.c of ...)
-	TODO: check
+	- inetutils <unfixed>
+	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00006.html
 CVE-2021-45773 (A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec ...)
 	NOT-FOR-US: lib60870
 CVE-2021-45772



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9326e1e917018f91d5d09ae6b764c36dcad48bce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9326e1e917018f91d5d09ae6b764c36dcad48bce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220115/152cc528/attachment.htm>