[Git][security-tracker-team/security-tracker][master] Add reference to blog article for ClickHouse issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 24 20:22:16 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dc260184 by Salvatore Bonaccorso at 2022-03-24T21:22:00+01:00
Add reference to blog article for ClickHouse issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27045,11 +27045,13 @@ CVE-2021-43305 (Heap buffer overflow in Clickhouse's LZ4 compression codec when
NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v22.3.2.2-lts)
NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v22.3.2.2-lts)
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
+ NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...)
- clickhouse <unfixed> (bug #1008216)
NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v22.3.2.2-lts)
NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v22.3.2.2-lts)
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
+ NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...)
- asterisk <unfixed>
- pjproject <removed>
@@ -31229,20 +31231,25 @@ CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 databas
NOTE: https://github.com/h2database/h2database/commit/956c6241868332c5b440f5d55ea8fdc1e51ae4fd
CVE-2021-42391 (Divide-by-zero in Clickhouse's Gorilla compression codec when parsing ...)
- clickhouse <not-affected> (Vulnerable code introduced later)
+ NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-42390 (Divide-by-zero in Clickhouse's DeltaDouble compression codec when pars ...)
- clickhouse <not-affected> (Vulnerable code introduced later)
+ NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-42389 (Divide-by-zero in Clickhouse's Delta compression codec when parsing a ...)
- clickhouse <not-affected> (Vulnerable code introduced later)
+ NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-42388 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec when par ...)
- clickhouse <unfixed> (bug #1008216)
NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v22.3.2.2-lts)
NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v22.3.2.2-lts)
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
+ NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-42387 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec when par ...)
- clickhouse <unfixed> (bug #1008216)
NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v22.3.2.2-lts)
NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v22.3.2.2-lts)
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
+ NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-42386 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
- busybox <unfixed> (bug #999567)
[bullseye] - busybox <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc260184f4739f938a09697cd91d3df4e1089e38
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc260184f4739f938a09697cd91d3df4e1089e38
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220324/b07b6694/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list