[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3391{2,3}/libspf2

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 19 20:47:23 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
729d1bec by Salvatore Bonaccorso at 2022-01-19T21:46:50+01:00
Add CVE-2021-3391{2,3}/libspf2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38449,9 +38449,19 @@ CVE-2021-33915
 CVE-2021-33914
 	RESERVED
 CVE-2021-33913 (libspf2 before 1.2.11 has a heap-based buffer overflow that might allo ...)
-	TODO: check
+	- libspf2 1.2.10-7.1
+	[bullseye] - libspf2 1.2.10-7.1~deb11u1
+	[buster] - libspf2 1.2.10-7.1~deb10u1
+	NOTE: https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure
+	NOTE: https://github.com/shevek/libspf2/pull/35
+	NOTE: https://github.com/shevek/libspf2/commit/f06fef6cede4c4cb42f2c617496e6041782d7070
 CVE-2021-33912 (libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that  ...)
-	TODO: check
+	- libspf2 1.2.10-7.1
+	[bullseye] - libspf2 1.2.10-7.1~deb11u1
+	[buster] - libspf2 1.2.10-7.1~deb10u1
+	NOTE: https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure
+	NOTE: https://github.com/shevek/libspf2/pull/35
+	NOTE: https://github.com/shevek/libspf2/commit/28faf4624a6a371b11afdb9820078d3b0ee3803d
 CVE-2021-33911 (Zoho ManageEngine ADManager Plus before 7110 allows remote code execut ...)
 	NOT-FOR-US: Zoho
 CVE-2021-33910 (basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/729d1bec07c617061562765761420edd20d32740

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/729d1bec07c617061562765761420edd20d32740
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220119/9b7d5a7a/attachment.htm>

More information about the debian-security-tracker-commits mailing list