[Git][security-tracker-team/security-tracker][master] 2 commits: Track fixed version for CVE-2021-3698/cockpit

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8300ae2e by Martin Pitt at 2022-01-25T08:36:53+01:00
Track fixed version for CVE-2021-3698/cockpit

The fix also needs sssd 2.6.1, which is also in bookworm now.

- - - - -
89a5fad7 by Salvatore Bonaccorso at 2022-01-25T09:39:06+00:00
Merge branch 'CVE-2021-3698' into 'master'

Track fixed version for CVE-2021-3698/cockpit

See merge request security-tracker-team/security-tracker!99
- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29515,10 +29515,12 @@ CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 allo
 	NOT-FOR-US: Winner (aka ToneWinner) desktop speakers
 CVE-2021-3698 [authenticates with revoked certificates]
 	RESERVED
-	- cockpit <unfixed>
+	- cockpit 260-1
 	[bullseye] - cockpit <no-dsa> (Minor issue)
 	[buster] - cockpit <not-affected> (Vulnerable code not present, introduced in 208)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1992149
+	NOTE: Needs sssd 2.6.1
+	NOTE: https://cockpit-project.org/blog/cockpit-260.html
 CVE-2021-3697
 	RESERVED
 CVE-2021-3696



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f511be9f26f48738ae73a62946098f70ae0394ca...89a5fad75735f1088b5f4c30cab87b931260dcb2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f511be9f26f48738ae73a62946098f70ae0394ca...89a5fad75735f1088b5f4c30cab87b931260dcb2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220125/c08534d4/attachment.htm>