[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2021-27419/uclibc unfixed

Neil Williams (@codehelp) codehelp at debian.org
Mon May 9 09:21:58 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
726ca53a by Neil Williams at 2022-05-09T09:21:40+01:00
CVE-2021-27419/uclibc unfixed

- - - - -
dba1e8e9 by Neil Williams at 2022-05-09T09:21:42+01:00
Missed one piwigo change

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77596,7 +77596,9 @@ CVE-2021-27421 (NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to int
 CVE-2021-27420 (GE UR firmware versions prior to version 8.1x web server task does not ...)
 	NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27419 (uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-arou ...)
-	TODO: check
+	- uclibc <unfixed> (bug #1010748)
+	NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04
+	NOTE: https://github.com/wbx-github/uclibc-ng/commit/015d5b8c1a75b551f7f0215543fac01d55abfc0f (v1.0.37)
 CVE-2021-27418 (GE UR firmware versions prior to version 8.1x supports web interface w ...)
 	NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27417 (eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable t ...)
@@ -127971,7 +127973,7 @@ CVE-2020-19215 (SQL Injection vulnerability in admin/user_perm.php in piwigo v2.
 CVE-2020-19214
 	RESERVED
 CVE-2020-19213 (SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the  ...)
-	TODO: check
+	- piwigo <removed>
 CVE-2020-19212 (SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5,  ...)
 	- piwigo <removed>
 CVE-2020-19211



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c6fb3cd00428bc5fd66caa9adfdce2f5dd7351eb...dba1e8e9d5fc0b7955fb682642f198e3f1ad788e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c6fb3cd00428bc5fd66caa9adfdce2f5dd7351eb...dba1e8e9d5fc0b7955fb682642f198e3f1ad788e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220509/37ccc037/attachment.htm>

More information about the debian-security-tracker-commits mailing list