[Git][security-tracker-team/security-tracker][master] Add notes for CVE-2021-4261{2,3,4}/halibut

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 25 22:22:53 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
07211044 by Salvatore Bonaccorso at 2022-05-25T23:20:25+02:00
Add notes for CVE-2021-4261{2,3,4}/halibut

Between 1.2 and 1.3 upstream an errorstate to track fatal errors was
introduced.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41475,12 +41475,21 @@ CVE-2021-42615
 CVE-2021-42614 (A use after free in info_width_internal in bk_info.c in Halibut 1.2 al ...)
 	- halibut 1.3-1 (bug #898928)
 	NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-info-uaf
+	NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors:
+	NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3)
+	NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=edaf724febe2f9c890ef1cfdf24a78d5c1da2b32 (1.3)
 CVE-2021-42613 (A double free in cleanup_index in index.c in Halibut 1.2 allows an att ...)
 	- halibut 1.3-1 (bug #898928)
 	NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-winhelp-df
+	NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors:
+	NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3)
+	NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=edaf724febe2f9c890ef1cfdf24a78d5c1da2b32 (1.3)
 CVE-2021-42612 (A use after free in cleanup_index in index.c in Halibut 1.2 allows an  ...)
 	- halibut 1.3-1 (bug #898928)
 	NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-text-uaf
+	NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors:
+	NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3)
+	NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=edaf724febe2f9c890ef1cfdf24a78d5c1da2b32 (1.3)
 CVE-2021-42611
 	RESERVED
 CVE-2021-42610



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/072110442be2319b29ff63b94ec4c75261d2afe9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/072110442be2319b29ff63b94ec4c75261d2afe9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220525/24c9596f/attachment.htm>

More information about the debian-security-tracker-commits mailing list