[Git][security-tracker-team/security-tracker][master] Track fixed version for busybox issues via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 6 19:55:54 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
76131ca0 by Salvatore Bonaccorso at 2022-06-06T20:54:55+02:00
Track fixed version for busybox issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45583,83 +45583,83 @@ CVE-2021-42387 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec wh
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-42386 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
- - busybox <unfixed> (bug #999567)
+ - busybox 1:1.35.0-1 (bug #999567)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
[stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
CVE-2021-42385 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
- - busybox <unfixed> (bug #999567)
+ - busybox 1:1.35.0-1 (bug #999567)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
[stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
CVE-2021-42384 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
- - busybox <unfixed> (bug #999567)
+ - busybox 1:1.35.0-1 (bug #999567)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
[stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
CVE-2021-42383 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
- - busybox <unfixed> (bug #999567)
+ - busybox 1:1.35.0-1 (bug #999567)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
[stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
CVE-2021-42382 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
- - busybox <unfixed> (bug #999567)
+ - busybox 1:1.35.0-1 (bug #999567)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
[stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
CVE-2021-42381 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
- - busybox <unfixed> (bug #999567)
+ - busybox 1:1.35.0-1 (bug #999567)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
[stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
CVE-2021-42380 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
- - busybox <unfixed> (bug #999567)
+ - busybox 1:1.35.0-1 (bug #999567)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
[stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
CVE-2021-42379 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
- - busybox <unfixed> (bug #999567)
+ - busybox 1:1.35.0-1 (bug #999567)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
[stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
CVE-2021-42378 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
- - busybox <unfixed> (bug #999567)
+ - busybox 1:1.35.0-1 (bug #999567)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
[stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
CVE-2021-42377 (An attacker-controlled pointer free in Busybox's hush applet leads to ...)
- - busybox <unfixed> (bug #999567)
+ - busybox 1:1.35.0-1 (bug #999567)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
[stretch] - busybox <not-affected> (CONFIG_HUSH is not set)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
CVE-2021-42376 (A NULL pointer dereference in Busybox's hush applet leads to denial of ...)
- - busybox <unfixed> (unimportant; bug #999567)
+ - busybox 1:1.35.0-1 (unimportant; bug #999567)
[stretch] - busybox <not-affected> (CONFIG_HUSH is not set)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
NOTE: Crash in CLI tool, no security impact
CVE-2021-42375 (An incorrect handling of a special element in Busybox's ash applet lea ...)
- - busybox <unfixed> (unimportant; bug #999567)
+ - busybox 1:1.35.0-1 (unimportant; bug #999567)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
NOTE: Crash in CLI tool, no security impact
CVE-2021-42374 (An out-of-bounds heap read in Busybox's unlzma applet leads to informa ...)
- - busybox <unfixed> (unimportant; bug #999567)
+ - busybox 1:1.35.0-1 (unimportant; bug #999567)
[stretch] - busybox <not-affected> (Vulnerable code introduced later)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
NOTE: Crash in CLI tool with information leak
NOTE: Introduced by https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0 (1_27_0)
NOTE: https://git.busybox.net/busybox/commit/?id=04f052c56ded5ab6a904e3a264a73dc0412b2e78
CVE-2021-42373 (A NULL pointer dereference in Busybox's man applet leads to denial of ...)
- - busybox <unfixed> (unimportant; bug #999567)
+ - busybox 1:1.35.0-1 (unimportant; bug #999567)
NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
NOTE: Crash in CLI tool, no security impact
CVE-2021-42372 (A shell command injection in the HW Events SNMP community in XoruX LPA ...)
@@ -80256,7 +80256,7 @@ CVE-2021-28832 (VSCodeVim before 1.19.0 allows attackers to execute arbitrary co
NOT-FOR-US: VSCodeVim
CVE-2021-28831 (decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit ...)
{DLA-2614-1}
- - busybox <unfixed> (bug #985674)
+ - busybox 1:1.35.0-1 (bug #985674)
[bullseye] - busybox <no-dsa> (Minor issue)
[buster] - busybox <no-dsa> (Minor issue)
NOTE: https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76131ca07178d3392882c100ebe56050641fc856
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76131ca07178d3392882c100ebe56050641fc856
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220606/2fb83407/attachment.htm>
More information about the debian-security-tracker-commits
mailing list